Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mit GVU Trojaner infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2013, 01:57   #1
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Hallo,

ich habe mir leider einen GVU Trojaner eingefangen und bin beim googeln (im abgesicherten Modus) auf dieser nette Forum hier gestossen.

Ich versuche mein Problem nun mal mit Hilfe euer Checkliste zu erläutern.

1. defogger konnte ohne Probleme ausgeführt werden.

2. Inhalt der OTL.txt:
Code:
ATTFilter
OTL logfile created on: 11.01.2013 00:59:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Severin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free
8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
 
Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.23 12:42:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.12.09 13:07:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.01.04 21:28:36 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.01.06 08:27:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.01.06 08:25:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.09.22 16:34:32 | 000,457,944 | R--- | M] (cFos Software GmbH) [Auto | Stopped] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2010.05.06 10:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.11.21 07:53:12 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.22 14:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011.08.22 14:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011.08.22 14:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011.08.22 14:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011.08.22 14:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011.08.22 14:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011.08.22 14:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.03 21:13:50 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.22 16:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2010.03.18 10:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.03.18 10:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.03.18 10:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 5B D7 FF 82 EF CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledAddons: %7B6005d9b1-d115-485a-a92a-3f6453ca3fe2%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6005d9b1-d115-485a-a92a-3f6453ca3fe2}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.03 10:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 13:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 09:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.17 23:35:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E93ED55EEC68961619079B24652DD030B
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions
[2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.08 13:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions
[2010.11.02 23:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.01.08 13:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\trash
[2012.10.06 09:49:12 | 000,260,260 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi
[2013.01.08 13:41:01 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.11.25 22:03:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.12 22:20:40 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.08.30 22:35:53 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2009.06.15 19:28:18 | 000,002,164 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\bing.xml
[2011.07.20 20:14:43 | 000,001,644 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\minecraft.xml
[2010.07.21 20:27:32 | 000,002,630 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\wiki-aventurica-de.xml
[2012.12.09 13:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.09 13:07:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.09 09:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 09:15:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.09 09:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.09 09:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.09 09:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.09 09:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [HotSwap! Applet] C:\Users\Severin\Desktop\HotSwap!.EXE (KaaKoon)
O4 - HKCU..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C52EDB-5B0F-46A5-A92F-493E65AA4BB9}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Roaming\Malwarebytes
[2013.01.11 00:18:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.11 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.11 00:17:51 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Local\Programs
[2013.01.11 00:09:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe
[2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.12.20 19:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.20 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.12.12 23:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 00:55:22 | 000,000,188 | ---- | M] () -- C:\Users\Severin\defogger_reenable
[2013.01.11 00:54:08 | 000,050,477 | ---- | M] () -- C:\Users\Severin\Desktop\Defogger.exe
[2013.01.11 00:18:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe
[2013.01.11 00:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 00:02:34 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.01.10 23:37:10 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 23:35:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.10 23:33:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.10 23:32:15 | 000,001,950 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk
[2013.01.10 23:31:17 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.10 23:31:00 | 000,301,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
[2013.01.10 23:24:04 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Data Migration.lnk
[2013.01.10 23:01:03 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013.01.09 10:16:09 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 10:16:09 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 10:16:09 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 10:16:09 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 10:16:09 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 10:16:00 | 001,594,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 22:51:59 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.12.23 22:11:33 | 000,224,001 | ---- | M] () -- C:\Users\Severin\Documents\Scan0005.jpg
[2012.12.23 12:46:17 | 000,001,053 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.23 12:45:53 | 000,001,025 | ---- | M] () -- C:\Users\Severin\Desktop\Dropbox.lnk
[2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.20 20:44:38 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 22:05:06 | 000,325,451 | ---- | M] () -- C:\Users\Severin\Documents\Scan0004.jpg
[2012.12.13 22:05:06 | 000,001,463 | ---- | M] () -- C:\Users\Severin\.recently-used.xbel
[2012.12.13 22:04:31 | 000,269,808 | ---- | M] () -- C:\Users\Severin\Documents\Scan0003.jpg
 
========== Files Created - No Company Name ==========
 
[2013.01.11 00:55:22 | 000,000,188 | ---- | C] () -- C:\Users\Severin\defogger_reenable
[2013.01.11 00:53:54 | 000,050,477 | ---- | C] () -- C:\Users\Severin\Desktop\Defogger.exe
[2013.01.11 00:18:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 23:28:08 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | C] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.10 23:28:04 | 000,265,728 | ---- | C] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
[2013.01.10 23:24:04 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Data Migration.lnk
[2013.01.10 21:10:02 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012.12.23 22:11:33 | 000,224,001 | ---- | C] () -- C:\Users\Severin\Documents\Scan0005.jpg
[2012.12.13 22:05:06 | 000,001,463 | ---- | C] () -- C:\Users\Severin\.recently-used.xbel
[2012.12.13 22:02:19 | 000,325,451 | ---- | C] () -- C:\Users\Severin\Documents\Scan0004.jpg
[2012.12.13 22:02:19 | 000,269,808 | ---- | C] () -- C:\Users\Severin\Documents\Scan0003.jpg
[2012.12.12 22:00:03 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.12.12 22:00:02 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.12.12 21:59:58 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.12.12 21:59:54 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012.12.12 21:59:46 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.12.12 21:59:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.12 21:51:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.25 23:07:35 | 000,000,118 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.27 22:50:53 | 000,010,495 | ---- | C] () -- C:\Users\Severin\Severin_elster_2048.pfx
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.23 17:35:31 | 000,008,203 | ---- | C] () -- C:\Users\Severin\.heldEinstellungen4_1.xml
[2012.02.23 17:35:30 | 000,000,260 | ---- | C] () -- C:\Users\Severin\.dsa4.properties
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.22 10:51:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.22 13:37:48 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2011.08.22 12:59:58 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2011.08.22 12:57:32 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2011.08.22 12:47:18 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2011.08.22 12:47:18 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2011.08.22 12:39:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2011.08.22 12:39:24 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2011.05.21 10:19:19 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini
[2011.05.13 11:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Severin\AppData\Local\{E29A6443-6C23-49EF-A7F8-F9FF89C7FCD1}
[2010.11.20 09:20:03 | 000,036,864 | ---- | C] () -- C:\Users\Severin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.05 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\.minecraft
[2011.10.17 07:19:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Amazon
[2012.01.05 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BF3CC
[2011.07.21 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BFBC2CC
[2012.02.09 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BID
[2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Blender Foundation
[2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service GmbH
[2012.05.01 01:32:22 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\calibre
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Canneverbe Limited
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DAEMON Tools Lite
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DataDesign
[2013.01.10 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Dropbox
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\FaceGen
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\fotobuch.de AG
[2012.11.01 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\gtk-2.0
[2011.03.30 06:50:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\IrfanView
[2010.11.04 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Leadertech
[2011.02.13 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LEGO Company
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LetsTrade
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\My Games
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\MyHeritage
[2012.02.17 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia
[2011.07.16 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia Ovi Suite
[2011.05.16 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OfficeRecovery
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OpenOffice.org
[2012.12.04 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Origin
[2011.07.16 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\PC Suite
[2011.12.18 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\pdfforge
[2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Poser
[2013.01.09 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Spotify
[2013.01.10 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TeamViewer
[2010.09.24 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.11.02 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Thunderbird
[2011.11.22 07:57:02 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TrueCrypt
[2013.01.10 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TS3Client
[2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\uTorrent
[2011.07.09 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         
Inhalt der Extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2013 00:59:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Severin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free
8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
 
Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A4DBFF-F734-4594-8060-6EE2A42E0DB4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0942A38A-3AD1-4B72-99AA-611257CDFF54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A41AC16-15F8-4449-9C88-6A31CABA2DB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2239F232-7E0A-4357-8424-5AC4EEDC1C89}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{224C43CD-6187-42FC-AC0C-B4418BF22EFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{27D8A6AF-C79E-48C8-B10B-DBADCF09EFEF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{2E04EB29-5FA1-406E-BD92-CBE08A2AAA76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{396451FC-F3CF-4DE7-81FA-1365D5CA0E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EB0967B-3B8C-4346-857E-DDFFA63A26DC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{672BF6B7-DE62-4572-89AB-D60C3F7C0712}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{68AEB13D-EB02-442C-8F48-EB2EED3EA3B9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7028702C-7716-45CB-A7EE-31EB7A7120D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{731FBDFC-6298-4714-A019-EB8E06546CE9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{74A97FF9-0ADC-4934-81E4-8B9DECDD6CC6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{77A8704C-C065-4F59-B877-3E95E69ADD93}" = lport=137 | protocol=17 | dir=in | app=system | 
"{847FEC26-29CD-423D-AAE5-87063C96F4BF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{897C4D1E-A1AD-40A5-9C17-9369B7A77948}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D61ACB5-98D7-4D4A-A293-6C945EE88F4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ADA53EC7-9374-440C-AF82-37FF2C058D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BCC29598-60FD-411F-968A-90C23D82D97E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF75E53F-6FDB-4C28-88DB-EDAD84D002A9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C50B013B-4F68-49BD-867A-A678238D9B1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E152A1EA-B070-4EBC-B5F6-36CEF2A5E091}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EE41E141-EA8B-48C0-8F71-090E13C4204B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C54188E-93B5-4265-9681-7C0BDDC007FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{0EB304A5-8AF2-4D44-ADBA-0B1EAE401EFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1170758C-4F1A-44CB-994A-4A7DF308AC4B}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{11F197F0-4098-412C-82F8-6C1DFFB43B03}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{17D54610-493E-45B0-A366-48ED92AF5CE6}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe | 
"{1BABBBBB-4FD6-452D-8958-A8EB04A63F26}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{23534EAE-FDEC-4F6A-AA89-F94AE13B5620}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{241EC5D9-1133-4ADC-84A7-E6D835B28AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{298D8EDF-2CF3-4EFE-9513-E68742571B5F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{2B6F0405-D037-4B46-B6F0-2337AE7949DC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{31188CF3-83F0-42A8-950C-863417E8F1C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{31F0DB85-5FEA-4DE1-964D-9894AB4CCE05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36282200-282B-437C-891B-29F9179F1777}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe | 
"{36B093B3-9FE4-4793-9023-3C6E8BE92230}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{39BE6F2F-973C-4B8F-B401-79E4D2103101}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{3D815138-DB76-4945-8706-F6B69DA56B4C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{4490C835-9707-43A2-9106-459E54BF4D6F}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{46F50D4B-5BF1-474B-BF67-AEC46DEA3ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{4C8BF11C-0FF6-4E2E-B2D1-E547A5B6F9AA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{4D965DFD-1ED8-49FB-8D53-BA69D68FB25E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{50C85BE4-AC08-4F5D-AB08-8B45E85D06C5}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe | 
"{55E213B1-2721-4C6E-AF9E-41180B396B86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5C429030-AD5B-487E-8D24-386272768014}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{628B96F7-2B9B-4366-8C8E-00DFA7F77CEF}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe | 
"{67E13C61-FAA0-4FE4-A221-5EF04A9E08A3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{6A90A517-9866-4D15-812D-C7132A2B4383}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{71963F58-575A-4C00-B95A-F8F71EFA321B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{762CC2DF-0366-4D9B-BC6F-408078CFEB71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7E58FA76-B3D9-400C-9D09-C3990000F793}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{800043D4-6596-4FB8-8B86-F6BCD2ED7D6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{86750DEE-DB9C-49B4-889C-11D9FE47AF19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe | 
"{88C2DE66-BF1E-4412-B3EA-0ECAC5925E5B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe | 
"{919B59C0-E759-4929-B327-3CFA44D51BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{92F62159-C494-40DD-91A5-CD6CA1F3CEE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{95ACFD2C-6D10-4C89-949F-796607431469}" = protocol=6 | dir=out | app=system | 
"{97A3CB01-225C-45E1-8609-DD0C7350857D}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
"{9C4BF8B0-F419-4499-98B6-CA4225A1933C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A2208F1B-F5FE-47DA-A9CE-971ABECF43C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A28961D4-3463-4A2E-9953-B5B8349220D2}" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A2C88CE6-B2F9-4871-8EB3-4DB0C5B1E27F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{A5BB51F4-FB5C-418E-895B-23C09BA32912}" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A5F8A325-FAAE-4FF9-BE1F-BAEB7686E1CE}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe | 
"{AA670F91-DE53-46DA-9EFC-FE1B0316EA05}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
"{AB6EC94F-5FEB-4F48-ABF5-6BD50F389E98}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe | 
"{ACDDF320-93DB-4CEF-BAAC-47A619E34138}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{AE30BF6E-B417-41E9-BAE9-EFC8F0DC90D9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{AF672B31-13E1-4470-B68B-4D5332566C79}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe | 
"{B15978B9-AC94-48BD-B68F-8FD2A2D18E08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B656A016-E7F6-435F-B4AE-921303B22461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B73E5361-C73F-4F3F-B97D-11706EA14809}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{BC96C20A-DE65-460E-9670-56D66FE97133}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{BF488F68-109A-45C9-A815-F987B0A3C1CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BFF62C7B-598B-4C98-8342-54BD77F176A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C48682D9-C343-452D-ABEC-8DEF6015AFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C669DA02-E8D0-4DB9-BF94-4B0D7C7E30BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C98F5C19-3818-4AD5-8E0A-C9FBF0A7BE66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB6E6434-BE35-48D7-8E6E-6FAF7725840B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{CB9B6A9F-2859-4492-997F-691957239353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CEE2CEBE-AE74-4CF6-B858-D4A351D65966}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{CF5E8A18-B3BE-44DE-A0DF-8CCC8A7BD596}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{CFFCC50E-D707-4FB4-9ADD-7951C3964EA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D016CBDC-5607-4CE2-80A9-32C065BB6F29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{D2FB00F0-6F41-4F9E-BEC7-A18A5E3CDE70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D90DA6D8-5EE7-49AD-AED3-939B11D03130}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe | 
"{D989C2AD-26DC-466A-A91D-24C209101694}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{DAE8B786-458A-4623-921A-0FC639FE9EB7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{DBEF0E6D-0B57-49FB-B58F-B6FDC9842D22}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E7AF22DA-FFCE-4809-B6C7-C9691544B8D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{E810411B-BDBC-48E2-8CB8-03415511A328}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe | 
"{EA2BBCBF-EE4F-4919-BCE5-8E36611BA5CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{EB753A6F-8E54-49ED-ADE9-0F19B0FFD343}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EFB0E045-80C0-4E9E-8D13-FEAB29498C87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EFBB651D-791F-4F79-882F-FB4F4CF7F171}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe | 
"{F1CFA8C5-031D-4BC5-8B8C-AC79CE4D6ECF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F3B76E34-11FC-4806-A1DB-7A2C1D65FCC6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{F621C7C4-4B3C-40EE-B1E7-41F703AD2CE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{F6FCDFE5-B73A-4E6D-8C9C-04B6B999DC9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{F75C9497-6674-4521-8F8E-3A2B1837CA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FB691E44-72A7-406C-9B1B-F6A8623521E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FE8E7C92-0ADD-40A2-B9B8-F9038B7FF8C7}" = protocol=58 | dir=in | app=system | 
"TCP Query User{4C9BA945-5013-40E5-BA84-9A6BF3556C7D}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{4DDC0131-5D1E-4EF8-AD81-F638C213D097}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{51247B46-7E21-4C06-8A45-E4EC6B9A9BDE}D:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe | 
"TCP Query User{56ED6C79-2707-4C5E-A365-34DC808E83D4}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{5D22BF51-4861-4CCC-AC3F-DAB3A1E9D054}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{B66A883C-A554-4B4A-A2C3-62B4A962ED39}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"TCP Query User{BDBD4314-63B1-4E30-B2B0-4FFC4767CD24}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{BE8ADDEE-DC51-432A-ACB8-96CD7F1F7986}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{C19611A0-284E-4C2B-9F22-78B4580DEF66}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C5B5AD25-D756-4ED4-B344-D742F79438D0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{CE97DEB7-B5E5-4C3A-86C5-8D8E1993A730}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{DD226E22-7234-426D-BE7C-AF393A1F4F40}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{02DC44F8-C2E8-40FB-8701-976BF9D59CED}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{08FD3548-7667-4594-AA94-08D025BCAD62}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{2B5EEABA-4EF2-4DEE-8ECE-BABF8449542B}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{5B3DB361-B659-41E5-A31D-7430F5974E74}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{6431705D-1AF2-44B7-B44C-0ACA9254C508}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{665605D3-8578-4A5A-8E06-9F7D60017FA3}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8CE9B30B-EE61-4F11-8A87-C8EB3B9DB9AC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{983585E4-B2F4-4371-8972-9657AD067BCF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{9F76C71B-1927-4716-AB96-42081C52DAC7}D:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe | 
"UDP Query User{BDF0C3CB-D116-4E3F-B6DF-BB6401E1B7B9}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E26F545E-D569-42E4-B378-F81FBF9A56EC}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"UDP Query User{FF0D7133-65E4-4C76-87C6-1D16A3F20DBC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2B8577D-EECF-4062-BEB7-A8BE3FD679ED}" = HP Photosmart 6510 series - Grundlegende Software für das Gerät
"{B6D7EF7F-DE25-4E27-A88F-F43C7D728367}" = Project+ 2.5.1
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{D9710515-1C8F-4AF9-A61D-2E0287915B73}" = Studie zur Verbesserung von HP Photosmart 6510 series Produkten
"{E391E2FF-927F-46A6-8466-C688A2FAF1FB}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"4144-4862-0472-7103" = WorldPainter 0.6.12
"cFosSpeed" = cFosSpeed v6.02
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = Catalyst Control Center
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 2.8.0
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Hilfe
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C1AC5BDC-5441-4671-894D-70B542022652}" = calibre
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4DE3DB4-7734-47E5-8D92-B80146311406}" = Samsung Data Migration
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.35.0.0
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Photo Creations" = HP Photo Creations
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"SFBM" = SoundFont-Bank-Manager
"Steam App 203830" = The Dark Eye: Chains of Satinav
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.5.1.131
"Winload Toolbar" = Winload Toolbar
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"XMedia Recode" = XMedia Recode 3.0.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7d0ab3f03a657c8f" = BC2CC
"af8063ee51cc0619" = BF3CC
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2012 17:57:20 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5891
 
Error - 30.12.2012 04:46:11 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 03.01.2013 18:20:13 | Computer Name = Severin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cfosspeed.exe, Version: 6.2.1722.0,
 Zeitstempel: 0x4c9a0acf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0xdc4  Startzeit der fehlerhaften Anwendung: 0x01cde4944be75e8f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\cFosSpeed\cfosspeed.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: be1b0f63-55f3-11e2-b23d-002185345dc5
 
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078
 
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078
 
Error - 04.01.2013 17:30:18 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
 
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
 
Error - 08.01.2013 09:43:10 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 10.01.2013 19:52:40 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
3. Inhalt von Gmer.txt:
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-11 01:49:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AAKS-65A7B0 rev.01.03B01 596,17GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Severin\AppData\Local\Temp\kxdirfow.sys


---- Threads - GMER 2.0 ----

Thread   C:\Windows\System32\svchost.exe [1788:1912]                                                                         000007fef8b89688
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1628]                                                      000000006ffefee5
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:772]                                                       0000000077b62e25
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1840]                                                      000000006ffe8f6c
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1936]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1272]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1132]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:208]                                                       00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1980]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1216]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1020]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1432]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1504]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1184]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1488]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2028]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1484]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1796]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2000]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1292]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1608]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:552]                                                       00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1224]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1792]                                                      0000000074f827c1
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:316]                                                       00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:252]                                                       00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1144]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1968]                                                      0000000077b63e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:784]                                                       00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:284]                                                       0000000073f562ee
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1660]                                                      00000000747ac724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1516]                                                      0000000077b63e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:892]                                                       0000000070f632fb
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1376]                                                      00000000763ad864
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1492]                                                      0000000077b63e45
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1788]                                                     000007fefe3d0000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB5 0x35 0xA2 0xF2 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x71 0xAB 0xD4 0xF9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xFD 0xCB 0x2A 0x2A ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xB5 0x35 0xA2 0xF2 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x71 0xAB 0xD4 0xF9 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xFD 0xCB 0x2A 0x2A ...

---- EOF - GMER 2.0 ----
         
Das müsste erstmal alles sein. Ich hoffe ihr könnt damit etwas anfangen und mir weiterhelfen.

MfG Severin

Alt 11.01.2013, 02:00   #2
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



HI
ist nicht alles, öffne Malwarebytes, Logdateien, poste Berichte mit Funden.
__________________

__________________

Alt 11.01.2013, 08:55   #3
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Guten Morgen,

ich hab den Scan letzte Nacht noch gestartet, hier die Ergebnisse:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.13

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Severin :: SEVERIN-PC [Administrator]

11.01.2013 02:05:16
mbam-log-2013-01-11 (02-05-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 538289
Laufzeit: 57 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 18
E:\Files\Anwendungen\CryptLoad_1.1.4\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.
E:\Files\Anwendungen\cartograph_g_2011_04_20_bins\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Anwendungen\cartograph_g_2011_09_16_bins\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Collage lars und ich sonnenbrille.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Carina und Endrik\DSCF0511.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Carina und Endrik\DSCF0516.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Lars und ich 20.7\090720_184351_6.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\neu\IMAGE0005.BMP.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\neu\IMAGE0007.BMP.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Umbau\PICT2588.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Umbau\PICT2678.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Umbau\PICT3015.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Weihnachten 2008\PICT2403.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Severin\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich hoffe es war richtig, dass ich den Kram schon gelöscht habe.

MfG Sören
__________________

Alt 11.01.2013, 16:20   #4
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



hi
gab es weitere ältere Logs mit Funden, dann posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 18:16   #5
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Hallo mal wieder,
nein tut mir leid, mehr habe ich nicht. Sollte irgendwo noch etwas sein?

MfG Severin


Alt 11.01.2013, 19:36   #6
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



hi
ne, muss nicht unbedingt :-)

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________
--> Mit GVU Trojaner infiziert

Alt 11.01.2013, 23:25   #7
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Nabend,

da haben wir uns vorhin knapp verpasst, schade. Aber gut, nun hab ich das Skript ausgeführt, mit folgendem Ergebnis:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
File C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\ProgramData\dsgsdgdsgdsgw.reg not found.
File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
File C:\Users\Severin\wgsdgsdgdsgsd.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Public
 
User: Severin
->Flash cache emptied: 4263846 bytes
 
Total Flash Files Cleaned = 4,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Severin
->Temp folder emptied: 328114825 bytes
->Temporary Internet Files folder emptied: 265008183 bytes
->Java cache emptied: 20089197 bytes
->FireFox cache emptied: 78139336 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1306309186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.905,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01112013_231255

Files\Folders moved on Reboot...
C:\Users\Severin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Hm, du wolltest da anscheinend mehr Dinge löschen, als er löschen konnte. Ich hab aber keine weiteren Reinigungsversuche unternommen gehabt, falls die Frage kommen sollte.

Der Neustart im normalen Modus funktionierte übrigens problemlos.

Kann man eingetlich hier irgendwo nachlesen, was OTL und die ganzen anderen Programme, die ihr so verwendet, eigentlich macht? Ich bin neugierig und würde gerne verstehen, was ich hier tue.

MfG Severin

Alt 13.01.2013, 18:28   #8
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



in den anleitungen der einzlnen programme
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.01.2013, 19:43   #9
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Nabend,

Hier das Ergebnis:

Code:
ATTFilter
19:38:33.0637 4628  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:38:33.0767 4628  ============================================================
19:38:33.0767 4628  Current date / time: 2013/01/13 19:38:33.0767
19:38:33.0767 4628  SystemInfo:
19:38:33.0767 4628  
19:38:33.0767 4628  OS Version: 6.1.7601 ServicePack: 1.0
19:38:33.0767 4628  Product type: Workstation
19:38:33.0768 4628  ComputerName: SEVERIN-PC
19:38:33.0768 4628  UserName: Severin
19:38:33.0768 4628  Windows directory: C:\Windows
19:38:33.0768 4628  System windows directory: C:\Windows
19:38:33.0768 4628  Running under WOW64
19:38:33.0768 4628  Processor architecture: Intel x64
19:38:33.0768 4628  Number of processors: 4
19:38:33.0768 4628  Page size: 0x1000
19:38:33.0768 4628  Boot type: Normal boot
19:38:33.0768 4628  ============================================================
19:38:34.0540 4628  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:34.0546 4628  ============================================================
19:38:34.0546 4628  \Device\Harddisk0\DR0:
19:38:34.0546 4628  MBR partitions:
19:38:34.0546 4628  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7800000
19:38:34.0546 4628  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0x19000000
19:38:34.0546 4628  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20800800, BlocksNum 0x2A056800
19:38:34.0546 4628  ============================================================
19:38:34.0572 4628  C: <-> \Device\Harddisk0\DR0\Partition1
19:38:34.0600 4628  D: <-> \Device\Harddisk0\DR0\Partition2
19:38:34.0634 4628  E: <-> \Device\Harddisk0\DR0\Partition3
19:38:34.0634 4628  ============================================================
19:38:34.0635 4628  Initialize success
19:38:34.0635 4628  ============================================================
19:38:59.0395 3696  ============================================================
19:38:59.0395 3696  Scan started
19:38:59.0395 3696  Mode: Manual; SigCheck; TDLFS; 
19:38:59.0395 3696  ============================================================
19:38:59.0920 3696  ================ Scan system memory ========================
19:38:59.0920 3696  System memory - ok
19:38:59.0920 3696  ================ Scan services =============================
19:39:00.0056 3696  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:39:00.0193 3696  1394ohci - ok
19:39:00.0234 3696  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:39:00.0261 3696  ACPI - ok
19:39:00.0288 3696  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:39:00.0329 3696  AcpiPmi - ok
19:39:00.0458 3696  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:00.0480 3696  AdobeARMservice - ok
19:39:00.0526 3696  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:00.0563 3696  adp94xx - ok
19:39:00.0606 3696  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:39:00.0627 3696  adpahci - ok
19:39:00.0645 3696  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:39:00.0662 3696  adpu320 - ok
19:39:00.0690 3696  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:39:00.0742 3696  AeLookupSvc - ok
19:39:00.0792 3696  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:39:00.0848 3696  AFD - ok
19:39:00.0881 3696  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:39:00.0895 3696  agp440 - ok
19:39:00.0906 3696  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:39:00.0953 3696  ALG - ok
19:39:00.0967 3696  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:39:00.0981 3696  aliide - ok
19:39:01.0013 3696  [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:01.0042 3696  AMD External Events Utility - ok
19:39:01.0056 3696  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:39:01.0070 3696  amdide - ok
19:39:01.0091 3696  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:39:01.0126 3696  AmdK8 - ok
19:39:01.0363 3696  [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:01.0661 3696  amdkmdag - ok
19:39:01.0693 3696  [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:01.0717 3696  amdkmdap - ok
19:39:01.0744 3696  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:39:01.0787 3696  AmdPPM - ok
19:39:01.0808 3696  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:39:01.0830 3696  amdsata - ok
19:39:01.0851 3696  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:01.0876 3696  amdsbs - ok
19:39:01.0894 3696  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:39:01.0907 3696  amdxata - ok
19:39:01.0940 3696  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:39:02.0008 3696  AppID - ok
19:39:02.0031 3696  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:39:02.0082 3696  AppIDSvc - ok
19:39:02.0117 3696  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:39:02.0166 3696  Appinfo - ok
19:39:02.0246 3696  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:02.0265 3696  Apple Mobile Device - ok
19:39:02.0278 3696  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:39:02.0298 3696  arc - ok
19:39:02.0311 3696  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:39:02.0330 3696  arcsas - ok
19:39:02.0448 3696  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:39:02.0469 3696  aspnet_state - ok
19:39:02.0503 3696  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:39:02.0516 3696  aswFsBlk - ok
19:39:02.0539 3696  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:39:02.0552 3696  aswMonFlt - ok
19:39:02.0592 3696  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:39:02.0604 3696  aswRdr - ok
19:39:02.0646 3696  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:39:02.0673 3696  aswSnx - ok
19:39:02.0685 3696  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:39:02.0702 3696  aswSP - ok
19:39:02.0710 3696  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:39:02.0723 3696  aswTdi - ok
19:39:02.0729 3696  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:02.0779 3696  AsyncMac - ok
19:39:02.0802 3696  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:39:02.0815 3696  atapi - ok
19:39:02.0854 3696  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:39:02.0867 3696  AtiHDAudioService - ok
19:39:03.0049 3696  [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:03.0176 3696  atikmdag - ok
19:39:03.0215 3696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:03.0292 3696  AudioEndpointBuilder - ok
19:39:03.0302 3696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:39:03.0342 3696  AudioSrv - ok
19:39:03.0426 3696  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:39:03.0440 3696  avast! Antivirus - ok
19:39:03.0479 3696  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:39:03.0515 3696  AxInstSV - ok
19:39:03.0551 3696  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:03.0588 3696  b06bdrv - ok
19:39:03.0619 3696  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:03.0665 3696  b57nd60a - ok
19:39:03.0775 3696  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:39:03.0800 3696  BBSvc - ok
19:39:03.0832 3696  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:39:03.0849 3696  BBUpdate - ok
19:39:03.0871 3696  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:39:03.0897 3696  BDESVC - ok
19:39:03.0922 3696  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:39:03.0991 3696  Beep - ok
19:39:04.0040 3696  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:39:04.0098 3696  BFE - ok
19:39:04.0121 3696  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:39:04.0198 3696  BITS - ok
19:39:04.0216 3696  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:04.0241 3696  blbdrive - ok
19:39:04.0288 3696  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:39:04.0313 3696  Bonjour Service - ok
19:39:04.0346 3696  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:39:04.0360 3696  bowser - ok
19:39:04.0404 3696  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:04.0448 3696  BrFiltLo - ok
19:39:04.0463 3696  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:04.0481 3696  BrFiltUp - ok
19:39:04.0517 3696  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:39:04.0542 3696  Browser - ok
19:39:04.0559 3696  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:39:04.0603 3696  Brserid - ok
19:39:04.0619 3696  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:04.0648 3696  BrSerWdm - ok
19:39:04.0659 3696  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:04.0693 3696  BrUsbMdm - ok
19:39:04.0709 3696  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:04.0725 3696  BrUsbSer - ok
19:39:04.0737 3696  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:04.0769 3696  BTHMODEM - ok
19:39:04.0799 3696  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:39:04.0845 3696  bthserv - ok
19:39:04.0859 3696  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:39:04.0897 3696  cdfs - ok
19:39:04.0937 3696  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:39:04.0962 3696  cdrom - ok
19:39:05.0000 3696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:39:05.0070 3696  CertPropSvc - ok
19:39:05.0134 3696  [ BBFFE2A1430FD787C11B7A2DB8987A84 ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
19:39:05.0195 3696  cFosSpeed - ok
19:39:05.0235 3696  [ D86C0A0F22E893BAFE4AECEFAC8ECA8E ] cFosSpeedS      C:\Program Files\cFosSpeed\spd.exe
19:39:05.0261 3696  cFosSpeedS - ok
19:39:05.0280 3696  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:39:05.0310 3696  circlass - ok
19:39:05.0328 3696  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:39:05.0349 3696  CLFS - ok
19:39:05.0425 3696  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:05.0446 3696  clr_optimization_v2.0.50727_32 - ok
19:39:05.0477 3696  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:05.0496 3696  clr_optimization_v2.0.50727_64 - ok
19:39:05.0574 3696  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:05.0625 3696  clr_optimization_v4.0.30319_32 - ok
19:39:05.0648 3696  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:05.0661 3696  clr_optimization_v4.0.30319_64 - ok
19:39:05.0683 3696  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:05.0710 3696  CmBatt - ok
19:39:05.0736 3696  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:39:05.0751 3696  cmdide - ok
19:39:05.0778 3696  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:39:05.0813 3696  CNG - ok
19:39:05.0824 3696  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:39:05.0839 3696  Compbatt - ok
19:39:05.0871 3696  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:39:05.0907 3696  CompositeBus - ok
19:39:05.0924 3696  COMSysApp - ok
19:39:05.0938 3696  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:05.0953 3696  crcdisk - ok
19:39:05.0997 3696  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:39:06.0017 3696  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0017 3696  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:39:06.0047 3696  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:39:06.0063 3696  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0063 3696  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:39:06.0108 3696  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:39:06.0149 3696  CryptSvc - ok
19:39:06.0190 3696  [ DF908DFC09A49F6F71A88E1EBFED97D6 ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
19:39:06.0211 3696  CT20XUT - ok
19:39:06.0224 3696  [ DF908DFC09A49F6F71A88E1EBFED97D6 ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
19:39:06.0237 3696  CT20XUT.SYS - ok
19:39:06.0270 3696  [ 8B15225C82E7F6064D4523DF494BF112 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
19:39:06.0288 3696  ctac32k - ok
19:39:06.0307 3696  [ 80298AE72BDCF141DE89CF4DD54E286A ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
19:39:06.0325 3696  ctaud2k - ok
19:39:06.0404 3696  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:39:06.0425 3696  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0425 3696  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:39:06.0461 3696  [ 76E301B0465F0F8D4AD50B1E21A429F2 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
19:39:06.0490 3696  CTEXFIFX - ok
19:39:06.0527 3696  [ 76E301B0465F0F8D4AD50B1E21A429F2 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
19:39:06.0556 3696  CTEXFIFX.SYS - ok
19:39:06.0567 3696  [ 9DD0C0D2EAABB276229B0FBADBABBCDE ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
19:39:06.0579 3696  CTHWIUT - ok
19:39:06.0583 3696  [ 9DD0C0D2EAABB276229B0FBADBABBCDE ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
19:39:06.0595 3696  CTHWIUT.SYS - ok
19:39:06.0602 3696  [ 95FE230FB90AAE0240ED6B5882659236 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
19:39:06.0612 3696  ctprxy2k - ok
19:39:06.0628 3696  [ 95DEEDAC0EB4EA39E8E52C82874ECD55 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
19:39:06.0641 3696  ctsfm2k - ok
19:39:06.0679 3696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:39:06.0783 3696  DcomLaunch - ok
19:39:06.0920 3696  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:39:06.0987 3696  defragsvc - ok
19:39:07.0027 3696  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:39:07.0083 3696  DfsC - ok
19:39:07.0120 3696  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:39:07.0160 3696  Dhcp - ok
19:39:07.0185 3696  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:39:07.0220 3696  discache - ok
19:39:07.0246 3696  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:39:07.0261 3696  Disk - ok
19:39:07.0292 3696  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:39:07.0333 3696  Dnscache - ok
19:39:07.0365 3696  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:39:07.0444 3696  dot3svc - ok
19:39:07.0489 3696  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:39:07.0530 3696  Dot4 - ok
19:39:07.0544 3696  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:39:07.0574 3696  Dot4Print - ok
19:39:07.0593 3696  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
19:39:07.0618 3696  dot4usb - ok
19:39:07.0649 3696  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:39:07.0696 3696  DPS - ok
19:39:07.0734 3696  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:39:07.0774 3696  drmkaud - ok
19:39:07.0813 3696  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:39:07.0840 3696  DXGKrnl - ok
19:39:07.0862 3696  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:39:07.0905 3696  EapHost - ok
19:39:07.0973 3696  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:39:08.0063 3696  ebdrv - ok
19:39:08.0089 3696  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:39:08.0136 3696  EFS - ok
19:39:08.0177 3696  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:39:08.0238 3696  ehRecvr - ok
19:39:08.0260 3696  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:39:08.0290 3696  ehSched - ok
19:39:08.0317 3696  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:39:08.0342 3696  elxstor - ok
19:39:08.0373 3696  [ 1125E333BB0BA07EA83C13AEDA00ECCB ] emupia          C:\Windows\system32\drivers\emupia2k.sys
19:39:08.0385 3696  emupia - ok
19:39:08.0412 3696  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:39:08.0442 3696  ErrDev - ok
19:39:08.0478 3696  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:39:08.0549 3696  EventSystem - ok
19:39:08.0563 3696  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:39:08.0612 3696  exfat - ok
19:39:08.0631 3696  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:39:08.0683 3696  fastfat - ok
19:39:08.0729 3696  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:39:08.0786 3696  Fax - ok
19:39:08.0800 3696  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:39:08.0817 3696  fdc - ok
19:39:08.0826 3696  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:39:08.0876 3696  fdPHost - ok
19:39:08.0886 3696  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:39:08.0932 3696  FDResPub - ok
19:39:08.0947 3696  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:39:08.0961 3696  FileInfo - ok
19:39:08.0970 3696  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:39:09.0031 3696  Filetrace - ok
19:39:09.0034 3696  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:09.0059 3696  flpydisk - ok
19:39:09.0087 3696  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:39:09.0104 3696  FltMgr - ok
19:39:09.0147 3696  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:39:09.0205 3696  FontCache - ok
19:39:09.0250 3696  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:09.0262 3696  FontCache3.0.0.0 - ok
19:39:09.0273 3696  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:39:09.0289 3696  FsDepends - ok
19:39:09.0317 3696  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:39:09.0337 3696  Fs_Rec - ok
19:39:09.0377 3696  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:39:09.0434 3696  fvevol - ok
19:39:09.0457 3696  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:09.0472 3696  gagp30kx - ok
19:39:09.0501 3696  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:09.0512 3696  GEARAspiWDM - ok
19:39:09.0551 3696  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:39:09.0612 3696  gpsvc - ok
19:39:09.0687 3696  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:09.0706 3696  gupdate - ok
19:39:09.0737 3696  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:09.0754 3696  gupdatem - ok
19:39:09.0790 3696  [ FB82CE21D7B134DE2D270DB9DA646818 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
19:39:09.0820 3696  ha20x2k - ok
19:39:09.0852 3696  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:39:09.0864 3696  hamachi - ok
19:39:09.0956 3696  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:39:10.0007 3696  Hamachi2Svc - ok
19:39:10.0023 3696  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:39:10.0053 3696  hcw85cir - ok
19:39:10.0102 3696  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:10.0133 3696  HdAudAddService - ok
19:39:10.0159 3696  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:39:10.0190 3696  HDAudBus - ok
19:39:10.0206 3696  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:10.0231 3696  HidBatt - ok
19:39:10.0248 3696  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:39:10.0279 3696  HidBth - ok
19:39:10.0293 3696  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:39:10.0322 3696  HidIr - ok
19:39:10.0341 3696  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:39:10.0390 3696  hidserv - ok
19:39:10.0436 3696  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:39:10.0458 3696  HidUsb - ok
19:39:10.0485 3696  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:39:10.0532 3696  hkmsvc - ok
19:39:10.0558 3696  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:10.0592 3696  HomeGroupListener - ok
19:39:10.0623 3696  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:10.0651 3696  HomeGroupProvider - ok
19:39:10.0685 3696  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:39:10.0701 3696  HpSAMD - ok
19:39:10.0746 3696  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:39:10.0812 3696  HTTP - ok
19:39:10.0841 3696  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:39:10.0854 3696  hwpolicy - ok
19:39:10.0877 3696  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:39:10.0894 3696  i8042prt - ok
19:39:10.0920 3696  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:39:10.0944 3696  iaStorV - ok
19:39:10.0985 3696  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:11.0029 3696  idsvc - ok
19:39:11.0057 3696  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:39:11.0077 3696  iirsp - ok
19:39:11.0106 3696  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:39:11.0168 3696  IKEEXT - ok
19:39:11.0185 3696  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:39:11.0199 3696  intelide - ok
19:39:11.0218 3696  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:39:11.0232 3696  intelppm - ok
19:39:11.0266 3696  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:39:11.0316 3696  IPBusEnum - ok
19:39:11.0343 3696  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:11.0394 3696  IpFilterDriver - ok
19:39:11.0432 3696  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:39:11.0463 3696  iphlpsvc - ok
19:39:11.0490 3696  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:39:11.0525 3696  IPMIDRV - ok
19:39:11.0547 3696  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:39:11.0596 3696  IPNAT - ok
19:39:11.0662 3696  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:39:11.0700 3696  iPod Service - ok
19:39:11.0724 3696  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:39:11.0754 3696  IRENUM - ok
19:39:11.0768 3696  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:39:11.0782 3696  isapnp - ok
19:39:11.0796 3696  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:39:11.0815 3696  iScsiPrt - ok
19:39:11.0835 3696  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:11.0850 3696  kbdclass - ok
19:39:11.0882 3696  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:11.0907 3696  kbdhid - ok
19:39:11.0922 3696  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:39:11.0937 3696  KeyIso - ok
19:39:11.0978 3696  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:39:11.0994 3696  KSecDD - ok
19:39:12.0027 3696  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:39:12.0043 3696  KSecPkg - ok
19:39:12.0055 3696  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:39:12.0096 3696  ksthunk - ok
19:39:12.0127 3696  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:39:12.0206 3696  KtmRm - ok
19:39:12.0243 3696  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:39:12.0293 3696  LanmanServer - ok
19:39:12.0327 3696  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:12.0371 3696  LanmanWorkstation - ok
19:39:12.0466 3696  [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:39:12.0493 3696  LBTServ - ok
19:39:12.0542 3696  [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:39:12.0558 3696  LHidFilt - ok
19:39:12.0579 3696  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:39:12.0635 3696  lltdio - ok
19:39:12.0662 3696  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:39:12.0713 3696  lltdsvc - ok
19:39:12.0726 3696  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:39:12.0763 3696  lmhosts - ok
19:39:12.0767 3696  [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:39:12.0777 3696  LMouFilt - ok
19:39:12.0795 3696  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:12.0810 3696  LSI_FC - ok
19:39:12.0826 3696  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:12.0842 3696  LSI_SAS - ok
19:39:12.0856 3696  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:12.0871 3696  LSI_SAS2 - ok
19:39:12.0887 3696  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:12.0903 3696  LSI_SCSI - ok
19:39:12.0924 3696  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:39:12.0973 3696  luafv - ok
19:39:12.0995 3696  [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
19:39:13.0006 3696  LUsbFilt - ok
19:39:13.0032 3696  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:39:13.0059 3696  Mcx2Svc - ok
19:39:13.0071 3696  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:39:13.0086 3696  megasas - ok
19:39:13.0097 3696  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:13.0115 3696  MegaSR - ok
19:39:13.0141 3696  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:39:13.0191 3696  MMCSS - ok
19:39:13.0207 3696  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:39:13.0252 3696  Modem - ok
19:39:13.0281 3696  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:39:13.0310 3696  monitor - ok
19:39:13.0331 3696  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:39:13.0345 3696  mouclass - ok
19:39:13.0360 3696  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:39:13.0404 3696  mouhid - ok
19:39:13.0437 3696  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:39:13.0452 3696  mountmgr - ok
19:39:13.0500 3696  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:13.0521 3696  MozillaMaintenance - ok
19:39:13.0545 3696  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:39:13.0561 3696  mpio - ok
19:39:13.0573 3696  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:39:13.0609 3696  mpsdrv - ok
19:39:13.0647 3696  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:39:13.0730 3696  MpsSvc - ok
19:39:13.0765 3696  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:39:13.0795 3696  MRxDAV - ok
19:39:13.0822 3696  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:13.0847 3696  mrxsmb - ok
19:39:13.0872 3696  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:13.0899 3696  mrxsmb10 - ok
19:39:13.0925 3696  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:13.0963 3696  mrxsmb20 - ok
19:39:13.0985 3696  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:39:13.0999 3696  msahci - ok
19:39:14.0013 3696  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:39:14.0028 3696  msdsm - ok
19:39:14.0040 3696  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:39:14.0066 3696  MSDTC - ok
19:39:14.0102 3696  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:39:14.0137 3696  Msfs - ok
19:39:14.0142 3696  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:39:14.0184 3696  mshidkmdf - ok
19:39:14.0212 3696  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:39:14.0226 3696  msisadrv - ok
19:39:14.0256 3696  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:39:14.0306 3696  MSiSCSI - ok
19:39:14.0310 3696  msiserver - ok
19:39:14.0325 3696  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:39:14.0367 3696  MSKSSRV - ok
19:39:14.0418 3696  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:14.0470 3696  MSPCLOCK - ok
19:39:14.0482 3696  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:39:14.0527 3696  MSPQM - ok
19:39:14.0557 3696  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:39:14.0576 3696  MsRPC - ok
19:39:14.0592 3696  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:39:14.0605 3696  mssmbios - ok
19:39:14.0608 3696  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:39:14.0657 3696  MSTEE - ok
19:39:14.0670 3696  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:14.0692 3696  MTConfig - ok
19:39:14.0711 3696  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:39:14.0725 3696  Mup - ok
19:39:14.0754 3696  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:39:14.0811 3696  napagent - ok
19:39:14.0835 3696  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:39:14.0866 3696  NativeWifiP - ok
19:39:14.0913 3696  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:39:14.0959 3696  NDIS - ok
19:39:14.0974 3696  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:15.0010 3696  NdisCap - ok
19:39:15.0033 3696  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:15.0077 3696  NdisTapi - ok
19:39:15.0116 3696  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:15.0158 3696  Ndisuio - ok
19:39:15.0182 3696  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:15.0226 3696  NdisWan - ok
19:39:15.0252 3696  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:39:15.0306 3696  NDProxy - ok
19:39:15.0373 3696  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:39:15.0403 3696  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:15.0403 3696  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:15.0415 3696  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:39:15.0469 3696  NetBIOS - ok
19:39:15.0505 3696  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:39:15.0548 3696  NetBT - ok
19:39:15.0563 3696  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:39:15.0579 3696  Netlogon - ok
19:39:15.0605 3696  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:39:15.0656 3696  Netman - ok
19:39:15.0683 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0695 3696  NetMsmqActivator - ok
19:39:15.0717 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0728 3696  NetPipeActivator - ok
19:39:15.0741 3696  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:39:15.0805 3696  netprofm - ok
19:39:15.0810 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0821 3696  NetTcpActivator - ok
19:39:15.0825 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0837 3696  NetTcpPortSharing - ok
19:39:15.0859 3696  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:15.0874 3696  nfrd960 - ok
19:39:15.0901 3696  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:39:15.0937 3696  NlaSvc - ok
19:39:15.0988 3696  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
19:39:16.0036 3696  nmwcd - ok
19:39:16.0069 3696  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
19:39:16.0122 3696  nmwcdc - ok
19:39:16.0143 3696  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:39:16.0178 3696  Npfs - ok
19:39:16.0198 3696  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:39:16.0256 3696  nsi - ok
19:39:16.0271 3696  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:39:16.0320 3696  nsiproxy - ok
19:39:16.0400 3696  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:39:16.0473 3696  Ntfs - ok
19:39:16.0487 3696  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:39:16.0522 3696  Null - ok
19:39:16.0559 3696  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:39:16.0575 3696  nvraid - ok
19:39:16.0599 3696  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:39:16.0615 3696  nvstor - ok
19:39:16.0637 3696  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:39:16.0653 3696  nv_agp - ok
19:39:16.0679 3696  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:39:16.0702 3696  ohci1394 - ok
19:39:16.0718 3696  [ FA78441F605C39545810F33A08528AEA ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
19:39:16.0730 3696  ossrv - ok
19:39:16.0740 3696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:39:16.0771 3696  p2pimsvc - ok
19:39:16.0790 3696  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:39:16.0822 3696  p2psvc - ok
19:39:16.0847 3696  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:39:16.0862 3696  Parport - ok
19:39:16.0894 3696  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:39:16.0909 3696  partmgr - ok
19:39:16.0924 3696  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:39:16.0956 3696  PcaSvc - ok
19:39:16.0994 3696  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:39:17.0095 3696  pccsmcfd - ok
19:39:17.0155 3696  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:39:17.0189 3696  pci - ok
19:39:17.0236 3696  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:39:17.0257 3696  pciide - ok
19:39:17.0278 3696  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:17.0297 3696  pcmcia - ok
19:39:17.0315 3696  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:39:17.0330 3696  pcw - ok
19:39:17.0344 3696  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:39:17.0414 3696  PEAUTH - ok
19:39:17.0489 3696  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:39:17.0521 3696  PerfHost - ok
19:39:17.0578 3696  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:39:17.0657 3696  pla - ok
19:39:17.0683 3696  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:39:17.0715 3696  PlugPlay - ok
19:39:17.0747 3696  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:39:17.0755 3696  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:17.0755 3696  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:17.0766 3696  PnkBstrA - ok
19:39:17.0787 3696  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:39:17.0823 3696  PNRPAutoReg - ok
19:39:17.0841 3696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:39:17.0860 3696  PNRPsvc - ok
19:39:17.0892 3696  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:39:17.0945 3696  PolicyAgent - ok
19:39:17.0973 3696  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:39:18.0027 3696  Power - ok
19:39:18.0054 3696  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:39:18.0090 3696  PptpMiniport - ok
19:39:18.0115 3696  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:39:18.0144 3696  Processor - ok
19:39:18.0169 3696  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:39:18.0189 3696  ProfSvc - ok
19:39:18.0196 3696  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:18.0213 3696  ProtectedStorage - ok
19:39:18.0244 3696  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:39:18.0289 3696  Psched - ok
19:39:18.0329 3696  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:39:18.0380 3696  ql2300 - ok
19:39:18.0411 3696  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:18.0428 3696  ql40xx - ok
19:39:18.0453 3696  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:39:18.0488 3696  QWAVE - ok
19:39:18.0505 3696  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:39:18.0524 3696  QWAVEdrv - ok
19:39:18.0539 3696  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:39:18.0599 3696  RasAcd - ok
19:39:18.0627 3696  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:18.0662 3696  RasAgileVpn - ok
19:39:18.0673 3696  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:39:18.0712 3696  RasAuto - ok
19:39:18.0742 3696  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:18.0805 3696  Rasl2tp - ok
19:39:18.0836 3696  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:39:18.0878 3696  RasMan - ok
19:39:18.0894 3696  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:18.0936 3696  RasPppoe - ok
19:39:18.0950 3696  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:39:18.0992 3696  RasSstp - ok
19:39:19.0022 3696  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:39:19.0067 3696  rdbss - ok
19:39:19.0080 3696  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:19.0110 3696  rdpbus - ok
19:39:19.0118 3696  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:19.0155 3696  RDPCDD - ok
19:39:19.0165 3696  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:39:19.0213 3696  RDPENCDD - ok
19:39:19.0226 3696  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:39:19.0261 3696  RDPREFMP - ok
19:39:19.0305 3696  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:39:19.0334 3696  RdpVideoMiniport - ok
19:39:19.0379 3696  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:39:19.0430 3696  RDPWD - ok
19:39:19.0465 3696  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:39:19.0489 3696  rdyboost - ok
19:39:19.0510 3696  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:39:19.0558 3696  RemoteAccess - ok
19:39:19.0587 3696  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:39:19.0639 3696  RemoteRegistry - ok
19:39:19.0661 3696  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:39:19.0712 3696  RpcEptMapper - ok
19:39:19.0733 3696  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:39:19.0765 3696  RpcLocator - ok
19:39:19.0802 3696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:39:19.0843 3696  RpcSs - ok
19:39:19.0866 3696  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:39:19.0924 3696  rspndr - ok
19:39:19.0961 3696  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:19.0987 3696  RTL8167 - ok
19:39:19.0997 3696  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:39:20.0013 3696  SamSs - ok
19:39:20.0036 3696  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:39:20.0052 3696  sbp2port - ok
19:39:20.0064 3696  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:39:20.0113 3696  SCardSvr - ok
19:39:20.0136 3696  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:39:20.0190 3696  scfilter - ok
19:39:20.0236 3696  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:39:20.0301 3696  Schedule - ok
19:39:20.0333 3696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:39:20.0367 3696  SCPolicySvc - ok
19:39:20.0429 3696  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:39:20.0463 3696  SDRSVC - ok
19:39:20.0481 3696  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:39:20.0524 3696  secdrv - ok
19:39:20.0552 3696  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:39:20.0600 3696  seclogon - ok
19:39:20.0610 3696  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:39:20.0648 3696  SENS - ok
19:39:20.0655 3696  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:39:20.0685 3696  SensrSvc - ok
19:39:20.0699 3696  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:39:20.0716 3696  Serenum - ok
19:39:20.0729 3696  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:39:20.0759 3696  Serial - ok
19:39:20.0779 3696  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:39:20.0796 3696  sermouse - ok
19:39:20.0857 3696  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:39:20.0898 3696  ServiceLayer - ok
19:39:20.0935 3696  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:39:20.0973 3696  SessionEnv - ok
19:39:21.0002 3696  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:39:21.0032 3696  sffdisk - ok
19:39:21.0046 3696  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:39:21.0070 3696  sffp_mmc - ok
19:39:21.0073 3696  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:39:21.0097 3696  sffp_sd - ok
19:39:21.0114 3696  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:21.0130 3696  sfloppy - ok
19:39:21.0153 3696  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:39:21.0203 3696  SharedAccess - ok
19:39:21.0231 3696  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:21.0291 3696  ShellHWDetection - ok
19:39:21.0311 3696  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:21.0326 3696  SiSRaid2 - ok
19:39:21.0338 3696  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:21.0353 3696  SiSRaid4 - ok
19:39:21.0396 3696  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:39:21.0434 3696  Smb - ok
19:39:21.0460 3696  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:39:21.0478 3696  SNMPTRAP - ok
19:39:21.0499 3696  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:39:21.0513 3696  spldr - ok
19:39:21.0550 3696  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:39:21.0605 3696  Spooler - ok
19:39:21.0686 3696  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:39:21.0818 3696  sppsvc - ok
19:39:21.0839 3696  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:39:21.0890 3696  sppuinotify - ok
19:39:21.0951 3696  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:39:21.0988 3696  sptd - ok
19:39:22.0021 3696  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:39:22.0053 3696  srv - ok
19:39:22.0088 3696  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:39:22.0107 3696  srv2 - ok
19:39:22.0123 3696  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:39:22.0146 3696  srvnet - ok
19:39:22.0171 3696  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:39:22.0224 3696  SSDPSRV - ok
19:39:22.0243 3696  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:39:22.0283 3696  SstpSvc - ok
19:39:22.0329 3696  Steam Client Service - ok
19:39:22.0354 3696  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:39:22.0375 3696  stexstor - ok
19:39:22.0420 3696  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:39:22.0458 3696  StillCam - ok
19:39:22.0506 3696  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:39:22.0563 3696  stisvc - ok
19:39:22.0588 3696  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:39:22.0608 3696  swenum - ok
19:39:22.0641 3696  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:39:22.0709 3696  swprv - ok
19:39:22.0759 3696  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:39:22.0829 3696  SysMain - ok
19:39:22.0856 3696  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:22.0893 3696  TabletInputService - ok
19:39:22.0934 3696  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
19:39:22.0950 3696  taphss - ok
19:39:22.0982 3696  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:39:23.0055 3696  TapiSrv - ok
19:39:23.0067 3696  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:39:23.0117 3696  TBS - ok
19:39:23.0172 3696  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:39:23.0245 3696  Tcpip - ok
19:39:23.0283 3696  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:39:23.0321 3696  TCPIP6 - ok
19:39:23.0338 3696  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:39:23.0371 3696  tcpipreg - ok
19:39:23.0406 3696  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:39:23.0439 3696  TDPIPE - ok
19:39:23.0470 3696  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:39:23.0499 3696  TDTCP - ok
19:39:23.0532 3696  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:39:23.0584 3696  tdx - ok
19:39:23.0704 3696  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:39:23.0774 3696  TeamViewer8 - ok
19:39:23.0819 3696  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:39:23.0836 3696  teamviewervpn - ok
19:39:23.0861 3696  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:39:23.0876 3696  TermDD - ok
19:39:23.0913 3696  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:39:23.0966 3696  TermService - ok
19:39:23.0988 3696  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:39:24.0020 3696  Themes - ok
19:39:24.0041 3696  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:39:24.0077 3696  THREADORDER - ok
19:39:24.0092 3696  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:39:24.0144 3696  TrkWks - ok
19:39:24.0183 3696  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
19:39:24.0198 3696  truecrypt - ok
19:39:24.0246 3696  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:24.0310 3696  TrustedInstaller - ok
19:39:24.0343 3696  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:24.0387 3696  tssecsrv - ok
19:39:24.0440 3696  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:39:24.0471 3696  TsUsbFlt - ok
19:39:24.0510 3696  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:39:24.0557 3696  tunnel - ok
19:39:24.0581 3696  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:39:24.0597 3696  uagp35 - ok
19:39:24.0623 3696  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:39:24.0675 3696  udfs - ok
19:39:24.0703 3696  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:39:24.0722 3696  UI0Detect - ok
19:39:24.0733 3696  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:39:24.0749 3696  uliagpkx - ok
19:39:24.0776 3696  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:39:24.0802 3696  umbus - ok
19:39:24.0813 3696  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:39:24.0829 3696  UmPass - ok
19:39:24.0847 3696  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:39:24.0910 3696  upnphost - ok
19:39:24.0942 3696  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:39:24.0970 3696  upperdev - ok
19:39:24.0996 3696  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:25.0028 3696  usbccgp - ok
19:39:25.0065 3696  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:39:25.0103 3696  usbcir - ok
19:39:25.0128 3696  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:39:25.0150 3696  usbehci - ok
19:39:25.0187 3696  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:39:25.0225 3696  usbhub - ok
19:39:25.0239 3696  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:39:25.0257 3696  usbohci - ok
19:39:25.0271 3696  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:39:25.0290 3696  usbprint - ok
19:39:25.0333 3696  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:39:25.0354 3696  usbser - ok
19:39:25.0417 3696  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:39:25.0456 3696  UsbserFilt - ok
19:39:25.0475 3696  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:25.0501 3696  USBSTOR - ok
19:39:25.0522 3696  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:25.0538 3696  usbuhci - ok
19:39:25.0558 3696  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:39:25.0596 3696  UxSms - ok
19:39:25.0604 3696  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:39:25.0621 3696  VaultSvc - ok
19:39:25.0658 3696  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:39:25.0672 3696  vdrvroot - ok
19:39:25.0715 3696  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:39:25.0768 3696  vds - ok
19:39:25.0786 3696  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:25.0805 3696  vga - ok
19:39:25.0815 3696  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:39:25.0856 3696  VgaSave - ok
19:39:25.0888 3696  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:39:25.0907 3696  vhdmp - ok
19:39:25.0920 3696  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:39:25.0935 3696  viaide - ok
19:39:25.0946 3696  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:39:25.0960 3696  volmgr - ok
19:39:25.0988 3696  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:39:26.0008 3696  volmgrx - ok
19:39:26.0019 3696  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:39:26.0038 3696  volsnap - ok
19:39:26.0072 3696  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
19:39:26.0088 3696  vpcbus - ok
19:39:26.0122 3696  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:39:26.0159 3696  vpcnfltr - ok
19:39:26.0177 3696  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
19:39:26.0210 3696  vpcusb - ok
19:39:26.0253 3696  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
19:39:26.0276 3696  vpcvmm - ok
19:39:26.0310 3696  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:39:26.0328 3696  vsmraid - ok
19:39:26.0401 3696  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:39:26.0485 3696  VSS - ok
19:39:26.0511 3696  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:39:26.0538 3696  vwifibus - ok
19:39:26.0562 3696  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:39:26.0626 3696  W32Time - ok
19:39:26.0640 3696  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:39:26.0665 3696  WacomPen - ok
19:39:26.0705 3696  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:39:26.0750 3696  WANARP - ok
19:39:26.0758 3696  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:39:26.0793 3696  Wanarpv6 - ok
19:39:26.0832 3696  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:39:26.0878 3696  wbengine - ok
19:39:26.0894 3696  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:39:26.0920 3696  WbioSrvc - ok
19:39:26.0954 3696  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:39:26.0997 3696  wcncsvc - ok
19:39:27.0013 3696  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:27.0031 3696  WcsPlugInService - ok
19:39:27.0048 3696  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:39:27.0062 3696  Wd - ok
19:39:27.0104 3696  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:39:27.0148 3696  Wdf01000 - ok
19:39:27.0159 3696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:39:27.0194 3696  WdiServiceHost - ok
19:39:27.0197 3696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:39:27.0220 3696  WdiSystemHost - ok
19:39:27.0249 3696  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:39:27.0280 3696  WebClient - ok
19:39:27.0311 3696  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:39:27.0354 3696  Wecsvc - ok
19:39:27.0372 3696  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:39:27.0446 3696  wercplsupport - ok
19:39:27.0459 3696  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:39:27.0511 3696  WerSvc - ok
19:39:27.0536 3696  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:27.0571 3696  WfpLwf - ok
19:39:27.0582 3696  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:39:27.0597 3696  WIMMount - ok
19:39:27.0604 3696  WinDefend - ok
19:39:27.0641 3696  [ E32EEC5A7F8D3B57C9C18A93B67137E8 ] Windows7FirewallService C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
19:39:27.0662 3696  Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
19:39:27.0662 3696  Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
19:39:27.0664 3696  WinHttpAutoProxySvc - ok
19:39:27.0719 3696  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:39:27.0759 3696  Winmgmt - ok
19:39:27.0831 3696  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:39:27.0911 3696  WinRM - ok
19:39:27.0965 3696  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:27.0985 3696  WinUsb - ok
19:39:28.0021 3696  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:39:28.0082 3696  Wlansvc - ok
19:39:28.0108 3696  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:39:28.0124 3696  WmiAcpi - ok
19:39:28.0138 3696  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:39:28.0164 3696  wmiApSrv - ok
19:39:28.0193 3696  WMPNetworkSvc - ok
19:39:28.0200 3696  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:39:28.0218 3696  WPCSvc - ok
19:39:28.0244 3696  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:39:28.0265 3696  WPDBusEnum - ok
19:39:28.0287 3696  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:39:28.0330 3696  ws2ifsl - ok
19:39:28.0348 3696  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:39:28.0384 3696  wscsvc - ok
19:39:28.0411 3696  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:39:28.0439 3696  WSDPrintDevice - ok
19:39:28.0443 3696  WSearch - ok
19:39:28.0508 3696  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:39:28.0607 3696  wuauserv - ok
19:39:28.0633 3696  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:39:28.0659 3696  WudfPf - ok
19:39:28.0685 3696  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:28.0715 3696  WUDFRd - ok
19:39:28.0740 3696  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:39:28.0772 3696  wudfsvc - ok
19:39:28.0787 3696  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:39:28.0826 3696  WwanSvc - ok
19:39:28.0839 3696  ================ Scan global ===============================
19:39:28.0859 3696  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:39:28.0891 3696  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:39:28.0913 3696  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:39:28.0944 3696  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:39:28.0969 3696  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:39:28.0985 3696  [Global] - ok
19:39:28.0985 3696  ================ Scan MBR ==================================
19:39:28.0990 3696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:39:29.0253 3696  \Device\Harddisk0\DR0 - ok
19:39:29.0254 3696  ================ Scan VBR ==================================
19:39:29.0257 3696  [ 2B2FCCCB3093449100FF0F5F590D4AF3 ] \Device\Harddisk0\DR0\Partition1
19:39:29.0258 3696  \Device\Harddisk0\DR0\Partition1 - ok
19:39:29.0294 3696  [ BF78523CFA1A5DA6AD35E18E01259135 ] \Device\Harddisk0\DR0\Partition2
19:39:29.0296 3696  \Device\Harddisk0\DR0\Partition2 - ok
19:39:29.0314 3696  [ 521A615D93809E1EA86DF87CEFB8C5AA ] \Device\Harddisk0\DR0\Partition3
19:39:29.0316 3696  \Device\Harddisk0\DR0\Partition3 - ok
19:39:29.0316 3696  ============================================================
19:39:29.0316 3696  Scan finished
19:39:29.0316 3696  ============================================================
19:39:29.0327 5904  Detected object count: 6
19:39:29.0327 5904  Actual detected object count: 6
19:39:51.0066 5904  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0066 5904  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:39:51.0068 5904  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0068 5904  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:39:51.0069 5904  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0069 5904  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:39:51.0071 5904  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0071 5904  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:39:51.0073 5904  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0073 5904  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:39:51.0074 5904  Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0074 5904  Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Bin in ca. ner halben Stunde wieder hier, falls es noch weitergehen sollte.

Alt 13.01.2013, 21:10   #10
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.01.2013, 22:49   #11
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Kaum hört man auf seine Mails alle 5 min zu checken und guckt TV, kommt ne Antwort *g*

Ok, hier mein Combofix Log:

Code:
ATTFilter
ComboFix 13-01-13.01 - Severin 13.01.2013  22:21:14.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2332 [GMT 1:00]
ausgeführt von:: c:\users\Severin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-13 bis 2013-01-13  ))))))))))))))))))))))))))))))
.
.
2013-01-13 21:30 . 2013-01-13 21:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 22:26 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C752FA1-CB07-43B7-A192-7114628FE9A1}\mpengine.dll
2013-01-11 22:12 . 2013-01-11 22:12	--------	d-----w-	C:\_OTL
2013-01-10 23:18 . 2013-01-10 23:18	--------	d-----w-	c:\users\Severin\AppData\Roaming\Malwarebytes
2013-01-10 23:18 . 2013-01-10 23:18	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-10 23:18 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-10 23:18 . 2013-01-10 23:18	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-10 23:17 . 2013-01-10 23:17	--------	d-----w-	c:\users\Severin\AppData\Local\Programs
2013-01-10 22:24 . 2013-01-10 22:24	--------	d-----w-	c:\program files (x86)\Samsung
2013-01-10 21:03 . 2013-01-11 23:21	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-09 08:32 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 08:32 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 08:32 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 08:32 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-09 08:32 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-09 08:32 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-09 08:32 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 08:32 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 08:31 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-09 08:31 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-21 13:16 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 13:16 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 13:16 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 13:16 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 18:56 . 2012-12-20 18:56	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 09:07 . 2010-11-03 17:35	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-20 19:45 . 2010-11-04 17:24	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-20 19:45 . 2010-11-04 07:26	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-20 19:44 . 2010-11-04 07:26	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-13 07:20 . 2012-04-14 19:40	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 07:20 . 2011-06-13 08:45	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 07:06 . 2012-12-12 20:52	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 20:52	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 20:52	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 20:52	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 20:52	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 20:52	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 20:52	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 20:52	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 20:52	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 20:52	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 20:52	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 20:52	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 20:52	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 20:52	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 20:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 20:52	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 20:52	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:52	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:52	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:52	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:52	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:52	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 20:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:19	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 20:19	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 20:19	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2010-11-02 22:38	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-05-13 05:52	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-11-02 22:38	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-11-02 22:38	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-11-02 22:38	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-11-02 22:38	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-11-02 22:38	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-01-14 07:07	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-12-12 20:50	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-12 20:50	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-12 20:50	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45	2355224	----a-w-	c:\program files (x86)\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HotSwap! Applet"="c:\users\Severin\Desktop\HotSwap!.EXE" [2009-01-10 103936]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-12-06 1354736]
"Spotify Web Helper"="c:\users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-04 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"Windows7FirewallControl"="c:\program files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-04-09 753664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-22 25600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-5-5 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-22 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-22 94808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-03 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-22 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-22 94808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29257555
*NewlyCreated* - 73943673
*Deregistered* - 29257555
*Deregistered* - 73943673
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 21:25]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 21:25]
.
2013-01-13 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2010-09-22 1245912]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3078376766-442276371-979753471-1001\Software\SecuROM\License information*]
"datasecu"=hex:fc,3d,7c,44,2a,f5,dd,08,7e,74,b0,3f,7a,d0,b9,2d,df,45,bc,f0,af,
   ca,ae,d7,2c,b3,84,b3,6d,7d,50,26,d5,e4,16,cf,09,27,a0,b4,eb,da,b8,84,a4,67,\
"rkeysecu"=hex:ea,54,87,05,f9,c9,85,3d,fe,ed,bf,d8,93,40,ca,e8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13  22:43:33
ComboFix-quarantined-files.txt  2013-01-13 21:43
.
Vor Suchlauf: 9 Verzeichnis(se), 13.393.481.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 13.240.115.200 Bytes frei
.
- - End Of File - - B48286F69BF3309BFCD72686960C3966
         

Alt 14.01.2013, 20:29   #12
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 23:31   #13
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Oha, das war stellenweise gar nicht so einfach. Bei den Creative und HP Geschichten (Sounkarte und Drucker) bin ich mir nicht sicher, was ich davon wirklich nutze und was nicht. Ausserdem weiß ich grade nicht mehr für was ich Microsoft .NET installiert hatte. Acrobat, CD Burner und Java scheint in alt und neu dabei zu sein.
Gut und bei manchen Spielen kann man sich über "notwendig" auch streiten. *g*

Hier ist nun erstmal die Liste:

Code:
ATTFilter
7-Zip 4.65 (x64 edition)	Igor Pavlov				03.11.2010	3,98MB	4.65.00.0			notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated		13.02.2011		10.0.22.87			notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated		13.12.2012	6,00MB	11.5.502.135			notwendig (aber einer von beiden reicht wohl)
Adobe Reader X (10.1.5) - Deutsch	Adobe Systems Incorporated	09.01.2013	122MB	10.1.5				notwendig
Amazon MP3-Downloader 1.0.9						17.10.2011						notwendig
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.		11.07.2012	26,2MB	8.0.877.0			notwendig
Apple Application Support	Apple Inc.				30.07.2012	61,0MB	2.1.9				unnötig
Apple Mobile Device Support	Apple Inc.				30.07.2012	24,9MB	5.2.0.6				unnötig
Apple Software Update	Apple Inc.					14.10.2011	2,38MB	2.1.3.127			unnötig
avast! Free Antivirus	AVAST Software					03.11.2012		7.0.1474.0			notwendig
Battlefield 3™	Electronic Arts						03.11.2011		1.4.0.0				notwendig
Battlefield: Bad Company™ 2	Electronic Arts				04.11.2010	5,73GB	1.0.0.0				notwendig
Battlelog Web Plugins	EA Digital Illusions CE AB			22.11.2012		2.1.2				notwendig
BC2CC	i3D.net								26.02.2011		2.3.1.0				notwendig
BF3CC	i3D								05.01.2012		0.3.0.25			notwendig
Bing Bar	Microsoft Corporation					27.08.2012	464KB	7.1.391.0			unnötig
Bonjour	Apple Inc.							14.10.2011	2,04MB	3.0.0.10			unnötig
Bulk Image Downloader v4.35.0.0	Antibody Software			09.02.2012	13,6MB					unnötig
Burnout(TM) Paradise The Ultimate Box	Electronic Arts			16.11.2011	3,38GB	1.1.0.0				notwendig
calibre	Kovid Goyal							01.05.2012	126MB	0.8.49				unnötig
CCleaner	Piriform						19.12.2012		3.26				notwendig
CDBurnerXP	CDBurnerXP						12.12.2010	15,7MB	4.3.8.2474			notwendig
CDBurnerXP	CDBurnerXP						23.12.2012	16,9MB	4.5.0.3685			notwendig (aber einer von beiden reicht wohl)
cFosSpeed v6.02	cFos Software GmbH, Bonn				02.11.2010		6.02				notwendig
Creative ALchemy	Creative Technology Limited			06.01.2011		1.41				notwendig
Creative Audio Control Panel	Creative Technology Limited		11.11.2011		2.00				notwendig
Creative Konsole Starter	Creative Technology Limited		06.01.2011						notwendig
Creative MediaSource 5	Creative Technology Limited			06.01.2011		5.26				notwendig
Creative Software AutoUpdate	Creative Technology Limited		11.11.2011		1.40				notwendig
Creative Sound Blaster Properties x64 Edition				11.11.2011						notwendig	
Creative WaveStudio 7	Creative Technology Limited			06.01.2011		7.12				notwendig
Driver Sweeper Version 2.8.0	Phyxion.net				05.01.2011	14,0MB	2.8.0				unnötig
Dropbox	Dropbox, Inc.							23.12.2012		1.6.10				notwendig
Envisioneer Express 5.0	Cadsoft Corporation				07.07.2012	331MB	5.0				unnötig
ESN Sonar	ESN Social Software AB					08.11.2012		0.70.0				unbekannt
GIMP 2.6.8								03.11.2010						notwendig
Google Earth	Google							22.11.2011	92,7MB	6.1.0.5001			unnötig
Google SketchUp 8	Google, Inc.					06.07.2012	71,9MB	3.0.14358			unnötig
GPL Ghostscript	Artifex Software Inc.					23.12.2011		9.04				notwendig
HP Photo Creations	HP Photo Creations				22.12.2011	40,0MB	1.0.0.5192			notwendig
HP Photosmart 6510 series - Grundlegende Software für das Gerät	Hewlett-Packard Co.	22.12.2011	164MB	24.0.342.0	notwendig
HP Photosmart 6510 series Hilfe	Hewlett Packard				22.12.2011	8,71MB	140.0.2.2			notwendig
HP Product Detection	HP						08.05.2012	1,86MB	11.14.0001			notwendig
HP Update	Hewlett-Packard						20.12.2011	3,98MB	5.003.001.001			notwendig
IrfanView (remove only)	Irfan Skiljan					03.11.2010	1,50MB	4.27				notwendig
iTunes	Apple Inc.							30.07.2012	182MB	10.6.3.25			notwendig
IZArc 4.1.2	Ivan Zahariev						21.11.2010	13,3MB	4.1.2				unnötig
Java 7 Update 7 (64-bit)	Oracle					02.09.2012	127MB	7.0.70				notwendig
Java 7 Update 9	Oracle							03.09.2012	128MB	7.0.90				unnötig
Java(TM) 6 Update 24 (64-bit)	Oracle					25.04.2011	90,7MB	6.0.240				unnötig
JavaFX 2.1.1	Oracle Corporation					09.07.2012	20,8MB	2.1.1				unbekannt
JDownloader	AppWork UG (haftungsbeschränkt)				06.11.2010						unnötig
LEGO Digital Designer	LEGO A/S					13.02.2011						unnötig
Logitech SetPoint 6.15	Logitech					04.11.2010	39,0MB	6.15.25				notwendig
LogMeIn Hamachi	LogMeIn, Inc.						20.12.2012		2.1.0.294			notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	11.01.2013	18,4MB	1.70.0.1100		notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.11.2010	38,8MB	4.0.30319			notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.11.2010	2,93MB	4.0.30319	notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation		20.11.2010	51,9MB	4.0.30319			notwendig
Microsoft Silverlight	Microsoft Corporation				14.05.2012	80,3MB	4.1.10329.0			notwendig
Microsoft SQL Server Compact 4.0 x64 DEU	Microsoft Corporation	17.04.2012	20,4MB	4.0.8482.1			unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	09.07.2011	300KB	8.0.61001			unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	02.11.2010	2,52MB	9.0.21022	unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	04.11.2010	786KB	9.0.30729	unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	09.07.2011	788KB	9.0.30729.6161	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	25.07.2012	1,46MB	9.0.30411	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	30.09.2011	238KB	9.0.30729	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	02.11.2010	596KB	9.0.30729.4148	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	09.07.2011	600KB	9.0.30729.6161	unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	30.09.2011	13,8MB	10.0.40219	unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	30.09.2011	15,0MB	10.0.40219	unbekannt
Minutor	Sean Kasun							01.04.2012	253KB	1.6.0				notwendig
MozBackup 1.4.9	Pavel Cvrcek						02.11.2010						notwendig
Mozilla Firefox 18.0 (x86 de)	Mozilla					11.01.2013	43,4MB	18.0				notwendig
Mozilla Maintenance Service	Mozilla					12.01.2013	330KB	17.0.2				notwendig
Mozilla Thunderbird 17.0.2 (x86 de)	Mozilla				12.01.2013	43,3MB	17.0.2				notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation			17.07.2011	1,27MB	4.20.9870.0			unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation			17.07.2011	1,33MB	4.20.9876.0			unbekannt
Nokia Connectivity Cable Driver	Nokia					17.02.2012	3,94MB	7.1.69.0			notwendig
Nokia Suite	Nokia							20.03.2012		3.3.89.0			notwendig
OpenAL									02.11.2010						unbekannt
OpenOffice.org 3.4	OpenOffice.org					25.07.2012	346MB	3.4.9590			notwendig
Origin	Electronic Arts, Inc.						08.03.2012		8.5.0.4554			notwendig
PC Connectivity Solution	Nokia					17.02.2012	20,8MB	11.5.29.0			notwendig
PDFCreator	Frank Heindörfer, Philip Chinery			18.12.2011		1.2.3				notwendig
Project+ 2.5.1	PHOENIX CONTACT GmbH & Co. KG				25.11.2012	237MB	2.5.158.1			unnötig
PunkBuster Services	Even Balance, Inc.				03.11.2011		0.991				notwendig
QuickPar 0.9	Peter B. Clements					21.11.2010		0.9				unnötig
Recuva	Piriform							10.12.2010		1.38				unnötig
Samsung Data Migration	Samsung						10.01.2013		0.9.1.23			notwendig
Sid Meier's Civilization 4	Firaxis Games				03.11.2010		1.74				notwendig
Sid Meier's Civilization 4 - Beyond the Sword	Firaxis Games		03.11.2010		3.19				notwendig
SoundFont-Bank-Manager	Creative Technology Limited			03.11.2010		3.21				unbekannt
Spotify	Spotify AB							05.01.2013		0.8.5.1333.g822e0de8		notwendig
Steam	Valve Corporation						22.06.2012	37,4MB	1.0.0.0				notwendig
Studie zur Verbesserung von HP Photosmart 6510 series Produkten	Hewlett-Packard Co.	22.12.2011	8,28MB	24.0.342.0	unnötig
Sweet Home 3D version 3.5	eTeks					07.07.2012	99,5MB					notwendig
TeamSpeak 3 Client	TeamSpeak Systems GmbH				04.11.2010						notwendig
TeamViewer 8	TeamViewer						10.01.2013		8.0.16642			notwendig
The Dark Eye: Chains of Satinav						22.06.2012						notwendig
TrueCrypt	TrueCrypt Foundation					21.11.2011		7.1				notwendig
Unity Web Player (All users)	Unity Technologies ApS			13.02.2011	12,0MB					unbekannt
VLC media player 2.0.4	VideoLAN					25.11.2012		2.0.4				notwendig
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	17.02.2012		08/22/2008 7.0.0.0		notwendig
Windows7FirewallControl (i386) 	3.5.1.131	Sphinx Software		02.11.2010		3.5.1.131			notwendig
Winload Toolbar								14.01.2011						unbekannt
WinRAR									03.11.2010						notwendig
WISO Mein Geld 2011 Professional	Buhl Data Service GmbH		03.11.2010						notwendig
WISO Steuer-Sparbuch 2011	Buhl Data Service GmbH			21.05.2011		18.00.6928			notwendig
WISO Steuer-Sparbuch 2012	Buhl Data Service GmbH			05.05.2012		19.03.7334			notwendig
WorldPainter 0.6.12	pepsoft.org	05.04.2012			0.6.12							notwendig
XMedia Recode 3.0.0.5	Sebastian Dörfler				08.07.2011		3.0.0.5				notwendig
         

Alt 15.01.2013, 20:51   #14
markusg
/// Malware-holic
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bing
Bulk
calibre
Envisioneer
ESN
Google : beide
IZArc
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
LEGO
Project+
QuickPar
Recuva
Studie
Unity
Winload

Öffne CCleaner, analysieren starten, PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:41   #15
Severin80
 
Mit GVU Trojaner infiziert - Standard

Mit GVU Trojaner infiziert



Nabend,

hier das Ergebnis von AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 15/01/2013 um 22:38:18 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Severin - SEVERIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Severin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Severin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\prefs.js

Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2319825.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.CurrentServerDate", "14-1-2011");
Gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 14 2011 21:20:47 GMT+0100");
Gefunden : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 14 2011 21:20:51 GMT+0100");
Gefunden : user_pref("CT2319825.FirstServerDate", "14-1-2011");
Gefunden : user_pref("CT2319825.FirstTime", true);
Gefunden : user_pref("CT2319825.FirstTimeFF3", true);
Gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2319825.Initialize", true);
Gefunden : user_pref("CT2319825.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2319825.InstalledDate", "Fri Jan 14 2011 21:20:45 GMT+0100");
Gefunden : user_pref("CT2319825.InvalidateCache", false);
Gefunden : user_pref("CT2319825.IsGrouping", false);
Gefunden : user_pref("CT2319825.IsMulticommunity", false);
Gefunden : user_pref("CT2319825.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2319825.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Fri Jan 14 2011 21:20:54 GMT+0100");
Gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2319825.LastLogin_2.5.8.6", "Fri Jan 14 2011 21:20:46 GMT+0100");
Gefunden : user_pref("CT2319825.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2319825.Locale", "de");
Gefunden : user_pref("CT2319825.LoginCache", 4);
Gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2319825.RadioIsPodcast", false);
Gefunden : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 14 2011 21:20:47 GMT+0100");
Gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gefunden : user_pref("CT2319825.RadioMediaID", "11949532");
Gefunden : user_pref("CT2319825.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gefunden : user_pref("CT2319825.RadioStationName", "1Live");
Gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gefunden : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Fri Jan 14 2011 21:20:46 GMT+0100");
Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Fri Jan 14 2011 21:20:44 GMT+0100");
Gefunden : user_pref("CT2319825.SettingsLastUpdate", "1295011672");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Fri Jan 14 2011 21:20:44 GMT+0100");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2319825.Uninstall", true);
Gefunden : user_pref("CT2319825.UserID", "UN90558805066316415");
Gefunden : user_pref("CT2319825.WeatherNetwork", "");
Gefunden : user_pref("CT2319825.WeatherPollDate", "Fri Jan 14 2011 21:20:51 GMT+0100");
Gefunden : user_pref("CT2319825.WeatherUnit", "C");
Gefunden : user_pref("CT2319825.alertChannelId", "715912");
Gefunden : user_pref("CT2319825.backendstorage.id", "33303134393832");
Gefunden : user_pref("CT2319825.clientLogIsEnabled", true);
Gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2319825.myStuffEnabled", true);
Gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.myheritage.com/?orig=ds&q=[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 14 2011 21:20:47 GMT+0100");

*************************

AdwCleaner[R1].txt - [7746 octets] - [15/01/2013 22:38:18]

########## EOF - C:\AdwCleaner[R1].txt - [7806 octets] ##########
         
Sollte ich eigentlich auch alles was der CCleaner gefunden hat löschen. Sah ja nur noch nach Resten aus. Ich habs aber erstmal nicht gemacht, weil du das nicht geschrieben hattest.
Mal so interessehalber, wieviele Schritte kommen eigentlich?

MfG Severin

Antwort

Themen zu Mit GVU Trojaner infiziert
7-zip, antivirus, bingbar, bonjour, checkliste, downloader, exploit.drop.gs, exploit.drop.gsa, extension.mismatch, fehler, firefox, flash player, home, hotspot, install.exe, jdownloader, launch, logfile, mozilla, netzwerk, ntdll.dll, problem, pup.netcat, realtek, recuva, registry, richtlinie, security, sketchup, software, spotify web helper, svchost.exe, teamspeak, trojan.agent.cn, trojan.ransom.sugen, trojaner, windows, winload toolbar



Ähnliche Themen: Mit GVU Trojaner infiziert


  1. GVU Trojaner infiziert
    Log-Analyse und Auswertung - 25.06.2013 (4)
  2. Infiziert mit GVU-Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (23)
  3. Mit Guv Trojaner infiziert
    Log-Analyse und Auswertung - 22.01.2013 (3)
  4. GVU Trojaner infiziert
    Log-Analyse und Auswertung - 09.01.2013 (7)
  5. PC mit GUV Trojaner infiziert
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  6. Pc mit GVU-Trojaner 2.07 infiziert!
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (7)
  7. mit GVU-Trojaner infiziert :-(
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (12)
  8. Pc mit GVU Trojaner Infiziert
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  9. BKA Trojaner und GEMA Trojaner haben mein System infiziert!
    Log-Analyse und Auswertung - 23.03.2012 (4)
  10. mit 50€ Trojaner infiziert
    Log-Analyse und Auswertung - 21.01.2012 (3)
  11. System infiziert. USB-Stick und Datensicherung auch infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  12. PC von Trojaner infiziert?
    Log-Analyse und Auswertung - 05.04.2010 (1)
  13. Mit Trojaner (Worm.KoobFace) über Facebook infiziert/Trojaner verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)
  14. Trojaner infiziert
    Log-Analyse und Auswertung - 23.05.2009 (2)
  15. von trojaner infiziert
    Log-Analyse und Auswertung - 13.04.2009 (8)
  16. Bin von Trojaner Infiziert!
    Mülltonne - 29.12.2008 (1)
  17. Trojaner infiziert
    Log-Analyse und Auswertung - 03.10.2007 (6)

Zum Thema Mit GVU Trojaner infiziert - Hallo, ich habe mir leider einen GVU Trojaner eingefangen und bin beim googeln (im abgesicherten Modus) auf dieser nette Forum hier gestossen. Ich versuche mein Problem nun mal mit Hilfe - Mit GVU Trojaner infiziert...
Archiv
Du betrachtest: Mit GVU Trojaner infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.