Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: YouTube Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2013, 20:41   #1
Thomser22
 
YouTube Virus - Frage

YouTube Virus



Hallo zusammen,

ich hab ein Problem nämlich ich habe einen eigenen YouTube Account und habe bemerkt dass ich auf einmal Post bekommen habe wo z.B. drin stande dass ich diese bescheuerten Kommentare lassen sollte. Ich hatte keine Ahnung wovon gesprochen wurde und geschaut was für ein Kommentar ich geschrieben habe
und einen gefunden den ich gar nicht verfasst habe nämlich:

"@zmigblg Yeah this website here is just sending out 100% free White Apple iPads for today only. But you do have to be living in the U.S though but it is legit, I claimed my one a few minutes ago. Get in quick! bit.ly/XxGzfv?=pmywt"

Nun vermute ich dass das ein Virus ist der über diesen Link von anderen Usern heruntergeladen wird und das will ich nun wirklich nicht haben also bitte ich um Hilfe.

Nur als Info ich habe keine anderen Themen dazu hier oder irgentwo anders gefunden/gelesen.

Geändert von Thomser22 (14.01.2013 um 20:50 Uhr)

Alt 14.01.2013, 20:58   #2
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 15.01.2013, 15:10   #3
Thomser22
 
YouTube Virus - Beitrag

OTL.txt



Code:
ATTFilter
OTL logfile created on: 14.01.2013 21:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomser\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,75 Gb Available Physical Memory | 62,64% Memory free
11,98 Gb Paging File | 9,36 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688,11 Gb Total Space | 530,31 Gb Free Space | 77,07% Space Free | Partition Type: NTFS
Drive D: | 688,55 Gb Total Space | 688,44 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: THOMSERS-PC | User Name: Thomser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.14 21:00:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomser\Downloads\OTL.exe
PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.11 15:40:30 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 15:39:57 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.12.11 15:39:51 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 15:39:50 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.24 23:24:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.15 15:35:20 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.08.04 13:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.06.29 18:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.04 13:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.08.04 10:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.01.09 18:11:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.21 09:39:27 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.11 15:40:30 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 15:39:57 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.11 15:39:51 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.24 23:24:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.19 15:53:41 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.12.19 15:53:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.11 15:40:38 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 15:40:37 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.03 16:27:04 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.12.03 16:27:04 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB02
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C D0 96 4F 9C 87 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2252BA15-5279-4688-BC04-EA863952956A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB04
IE - HKCU\..\SearchScopes\{A97ED691-9AF2-4B26-B3B1-7E01AEC21C14}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7ec784cd-289c-488b-82b3-48f89c48eaf5&apn_sauid=677678D3-6D6A-443A-BF30-074C198AB737
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomser\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.23 22:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.06 14:21:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.23 22:38:37 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012.12.23 22:38:37 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.11.06 14:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.13.20.29_0\
CHR - Extension: Adblock Plus = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Youtube 2 Mp3 = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfdifeicmijiobaflmbcnohpplhiipka\1.0.0_0\
CHR - Extension: Apple Shooter = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmgjibklfpcjnbikkhnglgnmneoeimo\1.1.8_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Thomser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A95432-2732-46A8-8E34-1FF327EBBD83}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.08 03:26:46 | 000,438,272 | R--- | M] (Disney Interactive Studios) - E:\autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.04 12:33:59 | 000,000,076 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1810fcd2-ec65-11e1-a8ed-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1810fcd2-ec65-11e1-a8ed-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe -- [2008.05.08 03:26:46 | 000,438,272 | R--- | M] (Disney Interactive Studios)
O33 - MountPoints2\{d7897193-3d5a-11e2-a41d-d027881e4f78}\Shell - "" = AutoRun
O33 - MountPoints2\{d7897193-3d5a-11e2-a41d-d027881e4f78}\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.14 19:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.13 19:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.13 19:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.01.13 19:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.01.13 19:38:47 | 000,000,000 | ---D | C] -- C:\AMD
[2013.01.13 19:38:47 | 000,000,000 | ---D | C] -- \AMD
[2013.01.12 21:39:56 | 000,000,000 | ---D | C] -- C:\Users\Thomser\AppData\Local\Programs
[2013.01.12 21:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2013.01.12 21:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2012.12.23 22:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.23 22:38:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.23 22:38:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.23 22:38:37 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.12.23 22:38:37 | 000,000,000 | ---D | C] -- \Mozilla
[2012.12.23 22:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.20 12:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.12.20 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Thomser\Desktop\Terraria
[2012.12.19 15:55:46 | 000,000,000 | ---D | C] -- C:\Users\Thomser\AppData\Local\Risen
[2012.12.19 15:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2012.12.18 14:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.18 14:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.12.17 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Thomser\AppData\Local\Activision
[2012.12.16 16:41:01 | 000,000,000 | ---D | C] -- C:\Users\Thomser\Praat
[2012.12.16 15:20:19 | 000,000,000 | ---D | C] -- C:\Users\Thomser\Desktop\RevOps
[2012.12.16 12:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.14 20:40:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001UA.job
[2013.01.14 20:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.14 19:29:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 19:29:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 19:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.14 19:22:11 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.14 16:40:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001Core.job
[2013.01.12 21:40:12 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 21:10:57 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2013.01.12 16:48:08 | 000,000,773 | ---- | M] () -- C:\Windows\disney.ini
[2013.01.10 13:57:40 | 000,294,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 22:19:07 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.09 22:19:07 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 22:19:07 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 22:19:07 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 22:19:07 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.23 22:38:55 | 000,000,009 | ---- | M] () -- C:\END
[2012.12.23 22:38:22 | 000,001,406 | ---- | M] () -- C:\Users\Thomser\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.21 11:26:58 | 001,735,012 | ---- | M] () -- C:\Users\Thomser\Desktop\mcpatcher-2.4.4_01.exe
[2012.12.19 15:55:29 | 000,000,586 | ---- | M] () -- C:\Users\Thomser\Desktop\Risen - Verknüpfung.lnk
[2012.12.19 15:53:41 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.12.19 15:53:41 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.12.19 15:43:38 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.18 14:00:51 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.12 21:40:12 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 21:10:57 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2013.01.10 20:29:16 | 000,000,773 | ---- | C] () -- C:\Windows\disney.ini
[2013.01.02 22:52:22 | 002,151,882 | ---- | C] () -- C:\Users\Thomser\Desktop\P7130768.JPG
[2012.12.23 22:38:22 | 000,001,406 | ---- | C] () -- C:\Users\Thomser\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.21 11:26:54 | 001,735,012 | ---- | C] () -- C:\Users\Thomser\Desktop\mcpatcher-2.4.4_01.exe
[2012.12.19 15:55:29 | 000,000,586 | ---- | C] () -- C:\Users\Thomser\Desktop\Risen - Verknüpfung.lnk
[2012.12.19 15:53:41 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.12.19 15:53:41 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.12.18 14:00:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.12.16 12:04:52 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.20 22:07:24 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.20 22:07:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.25 17:01:44 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.25 17:01:11 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.25 17:00:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.08.31 22:44:29 | 000,000,009 | ---- | C] () -- \END
[2012.08.22 15:32:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.22 15:24:37 | 529,879,039 | -HS- | C] () -- \hiberfil.sys
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.01.28 16:48:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.01.28 16:39:57 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.13 06:06:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.01.13 19:38:47 | 000,000,000 | ---D | M] -- C:\AMD
[2012.08.22 15:32:58 | 000,000,000 | ---D | M] -- C:\book
[2012.11.21 14:42:59 | 000,000,000 | ---D | M] -- C:\Crash
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.31 18:12:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.12 19:35:34 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.12.08 19:28:56 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.09.15 20:21:45 | 000,000,000 | ---D | M] -- C:\Fraps
[2012.09.09 18:43:59 | 000,000,000 | ---D | M] -- C:\Games
[2012.08.22 15:26:04 | 000,000,000 | ---D | M] -- C:\Intel
[2012.12.23 22:38:37 | 000,000,000 | ---D | M] -- C:\Mozilla
[2012.08.22 16:07:46 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.16 12:04:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.13 19:42:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.13 19:43:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.31 18:12:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.31 18:12:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.14 21:04:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.13 06:06:42 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.14 14:59:51 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,764 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.31 18:30:15 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001Core.job
[2012.08.31 18:30:15 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001UA.job
[2012.11.20 20:00:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2011.05.20 04:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\LH\ahcix86s.sys
[2011.05.20 04:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
[2011.05.20 04:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID_svr\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.12.09 10:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\OEM\Preload\4K\X86\iaStor.sys
[2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\4K\X64\iaStor.sys
[2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\Autorun\DRV\Intel Storage Generic Driver\iaStor.sys
[2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a850f9740f1a3db7\iaStor.sys
[2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c102f5ecab1a70a7\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.05.12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010.05.12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010.05.12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.14 21:18:00 | 002,621,440 | -HS- | M] () -- C:\Users\Thomser\ntuser.dat
[2013.01.14 21:18:00 | 000,262,144 | -HS- | M] () -- C:\Users\Thomser\ntuser.dat.LOG1
[2012.08.31 18:12:59 | 000,000,000 | -HS- | M] () -- C:\Users\Thomser\ntuser.dat.LOG2
[2012.08.31 18:22:37 | 000,065,536 | -HS- | M] () -- C:\Users\Thomser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.31 18:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Thomser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.31 18:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Thomser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.31 18:12:59 | 000,000,020 | -HS- | M] () -- C:\Users\Thomser\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
__________________

Alt 15.01.2013, 15:12   #4
Thomser22
 
YouTube Virus - Standard

YouTube Virus



Musste zwei mal antworten weil es sonst zu lang gewesen wäre.

Code:
ATTFilter
OTL Extras logfile created on: 14.01.2013 21:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomser\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,75 Gb Available Physical Memory | 62,64% Memory free
11,98 Gb Paging File | 9,36 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688,11 Gb Total Space | 530,31 Gb Free Space | 77,07% Space Free | Partition Type: NTFS
Drive D: | 688,55 Gb Total Space | 688,44 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: THOMSERS-PC | User Name: Thomser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD1FF4-E665-4607-B44D-023F668A7FB0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0FAE6C55-8C6A-4FFA-BE48-1AC9EDB837F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{17B0A6F5-2A0B-411B-AF82-EE652523EC03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24A7ED77-5F1A-4336-844E-9B65A03C490D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A0224AA-FBBF-4FBB-96CE-DBB2C71140F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3AEA7D33-B05D-4D7F-A918-B80A1155E78C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{402043AE-13F9-4B21-AEB9-359C7B0C9227}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43BDC25F-9F5C-4FCA-A0A9-D49A61395335}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4B24CF64-41A5-4F75-BBE8-7A9B599573AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4DFB8A67-669C-42B2-B9CC-ED46C6DB67F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5DDB50EF-D651-4225-8758-D407CB4B084E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{612E6309-FAB2-4002-96A2-87E8B9C5E6FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A897406-11EF-48F3-AC7C-E17BEB456AB2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{86302703-9712-4C61-9BB7-299EE146850C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AB72C694-4217-467C-AD52-C1FD1C5E1716}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2D6C33A-B57D-4184-AF4A-FDDC204BA64C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CB2F7134-C8F7-4585-987B-5BFA62BA2389}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D17390EF-EA7D-4D04-A8D8-4E4D6AB15493}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D54448A2-87ED-4013-86E1-B540CD45F808}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D68A7973-5C62-4226-94F4-D98C861D87F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DFC3A7AE-73DE-4605-9739-BA3BD7BA47C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E26B9AA3-7767-4ADA-ACFE-D5D10E3D2E31}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EC5F6FB7-5469-4F4D-9B80-D37B7C33FF4D}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A5A321-865A-4DA3-8840-23EFEF55C23A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{04DA9420-64C3-42A4-A924-9BA854EA7BFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{05D3F5E2-CAD2-46B5-B3C1-447EADFB83CF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0780B5B3-15F6-4297-B363-3EC6293F05B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{08D88FDE-E4E0-4617-A8C9-9A4A3109B178}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{09EE83CD-4DE7-4B3C-9FF7-5FABF659A03F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{0BBE7D9B-96A3-4405-998C-A9AB5AA785BC}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\planetside2.exe | 
"{0C064C92-EEE2-4059-A246-5521A57B92D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{0D215224-EA21-4217-B2DD-498D8F92CB6D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | 
"{0F7293BE-5A7C-47E6-814B-B5DC0EBDB05E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{107B40FE-CC42-4992-BF80-C0D583FE3861}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{13CF66B0-5367-4562-8DFB-B00E6849C5A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1624316A-1F83-4CA5-84F0-431A857F60A0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{16EF5BF0-F6B0-4411-9A2B-1404B13A66D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{193D1BB3-B08E-4A41-980C-C19B9B81644A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1B91F285-3CA8-46BA-B3DC-0BF8EEE45073}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1EB11E67-EB84-4F04-B014-8D7883DCA5DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{264F820F-0EDD-4E1D-8C06-3E8638CCAC02}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2BA4BCBE-6944-4B08-B501-C2ABC86B8CC6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2CFF09C4-7EE3-40B6-93B5-BF7619356C86}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2F1CD8E5-2DB8-4843-99BE-E8D50131C9BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F629FA1-1DCC-47A0-8806-5D3B60BEA993}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3176F54E-151A-41A1-87FF-BB352A4FF17E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | 
"{3726E6C2-F2BA-45C3-BF54-6CBE2C76D607}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{38F21B52-74F1-4F9B-BF46-771253F792EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{39EA8E1A-2494-4645-B59C-5862689FD88F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A415BC3-97A2-4FE3-8F96-0C9CE1A083F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A4DEC93-C459-4831-B315-CEADCB5C8D66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3BB757C1-6870-45CF-8A7B-5669A92F3500}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3D04A66D-7E25-4E3C-B8DB-B883334983A5}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe | 
"{3F3FA146-2AC3-42E9-9961-8B478342F9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{415B9F7C-FD86-4E85-8882-F10F69FC28ED}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"{473968CC-5A9E-4FE4-AAAE-28E312F9706C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{4C004D61-F91E-47C7-8729-90305338C91E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{50033B27-0E66-49DB-9493-3985069BFF5A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{50573325-8605-4500-AF1C-D63924FDC859}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B1C9CB6-705C-4F7F-86A7-62B23DB49559}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"{62D4AB6C-EC19-401F-84D3-F8FFCD8D6653}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe | 
"{62EC6FDD-A3B7-45FD-8C48-3EAE2944EBC0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{68FCA6F4-4E9C-4561-AC01-60F6BAFD42D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{6C31618A-4195-4656-A91C-348B46C5F44A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{6FF9A63C-A379-4B70-92F0-C706C486ACBF}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{70677E73-7716-486E-BE14-A9649A7EF235}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{715020B6-17A1-4554-A67C-04ADE1481A35}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe | 
"{750C6259-EA69-485E-A740-F7FB24CE2344}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe | 
"{751A9367-F9B0-4474-9AA1-362FF43A031D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{78527BD1-D317-4CB7-8271-FB89E860AB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{789CCD05-B142-44EF-885D-BD400989DF0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{79140059-7474-4233-8FEB-F6C37771FF67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C57EF34-9E0B-4F1C-9489-C6445E5BF26F}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat | 
"{7CAFA88E-56F3-400B-AE27-48A1D869E8C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{7E3AA346-8D60-45B9-BFC9-8E1E228953FE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{83AAA81D-7773-498F-B7B3-92F92039C440}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe | 
"{8773518D-4A4B-4997-9C84-7C25ACD654B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{88918003-C0D4-49D4-8760-2D0B5BAF0D30}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat | 
"{8E9F7862-F405-4ADA-8297-D8B1EEF2FAFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FD609DC-9008-4314-B8BB-CFB224D218B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | 
"{906BC870-A7E0-4D31-9B1B-3DD1DF7650FF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{93DB309A-E724-4D9F-8897-E1E192BAAEF0}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe | 
"{96B373F4-001B-42CF-B443-303443CD30B0}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe | 
"{9A4A348C-DB84-48FE-B635-88F695B8F309}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D3856F6-9E4D-4365-8905-CEF1A539B392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D7EB6EA-BCE0-42B7-9694-9844FF077321}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9E7FEE5C-CC13-4706-9B6B-70BEEBE35A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A7A13E7B-DA0C-4EEC-A497-E747C2DBDA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9FD7BF2-D9DA-47E2-A002-D3F849BFA1FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AA24D71A-1C56-450A-BBA1-83F47030E900}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{AA8A824B-8D78-4DCA-A4CC-46539BCC2F7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AAF50B9E-5160-4B5E-9DCC-B999F1B84BCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6F6D811-180A-49C2-826C-C2F22AC1CADD}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\planetside2.exe | 
"{BB39E74A-8760-4668-AF1F-F464722BE146}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C5727D63-4ACD-40F8-92AB-0DA024347219}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C65DB24A-8A12-4924-84F2-F4C806A4CBF5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{C838AEE0-8018-4E8E-A64C-FD99DF95373E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C8994CD6-5C2A-47DA-941E-C8A6E44E90E5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{CBC7EDE3-6940-4CF0-B006-4B0A22818CBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CC7FDFFB-BA82-4B03-AA0D-66986D93CF54}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{CE1FBBE2-E694-4BA9-B954-9A33895699D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D29994E0-FB83-4516-85C2-5E9F32366288}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D4B64943-C1D1-4288-85C3-C4DFD8DB9752}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{D8631E03-3B5E-4F6D-AAA7-CBB69E25F6DF}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | 
"{DA1C1D9D-7A40-4A89-86BA-C12BA25F63EF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DE6084A7-1B20-4854-BD12-7BC4FC15F589}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{DEE1869B-60F4-40C7-8BF5-20F3E85E2886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{E3CE51F8-92DB-45AC-9522-9037B1EBC9A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{EB946D88-0415-40BD-B944-90CD78A531D1}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe | 
"{EBD04DF2-DB3F-402B-8D3B-571ABE951435}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat | 
"{ECDAB54D-4F9C-4579-91D2-3A9BC7B47406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{EFC1DA6E-C70E-42F1-949A-D824DDBAECBB}" = protocol=6 | dir=out | app=system | 
"{F07BF350-4387-4E3A-B539-CAC1B85B6BDC}" = protocol=58 | dir=in | app=system | 
"{F3009A76-C942-4054-9ED1-3987B1562432}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat | 
"TCP Query User{0A92F018-F124-4FF5-A74B-716942E229DA}C:\users\thomser\desktop\revops\blackopsmp.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat | 
"TCP Query User{1992D378-36C0-4BBF-8E74-6C0D67976E34}C:\users\thomser\desktop\revops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe | 
"TCP Query User{2AFD5C35-2343-4AA6-B901-D7C7970FB06D}C:\users\thomser\desktop\mw2mp\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\mw2mp\iw4mp.dat | 
"TCP Query User{2FF0E2B4-1DB0-4FAA-9D3A-8E86E373DE96}C:\users\thomser\desktop\revops\blackops.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe | 
"TCP Query User{4CDA5B6D-4CD1-461E-AF98-DB4B8B5411A0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{4DFB7A81-E196-4957-93C5-C00F438E6DDE}C:\users\thomser\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\thomser\appdata\local\iw4m\iw4m.dat | 
"TCP Query User{4F4F7714-8DDB-4D89-AD11-408CFEAE67F7}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{5E659F88-9370-41D6-A111-79C3477808AB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{84DD76E6-3556-402C-8D06-81741A11001C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{8C5B1D1C-D97D-4116-9B32-3DCC85EF85E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{8F5EC826-7667-4DD1-BC32-268BB340E576}C:\users\thomser\desktop\aiw-client\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe | 
"TCP Query User{90871137-A163-4981-816C-7F63DC1E8288}C:\users\thomser\desktop\aiw-client\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.dat | 
"TCP Query User{9A2108EB-E539-4B50-835F-25FBEE61148B}C:\users\thomser\desktop\gta - san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\gta - san andreas\gta_sa.exe | 
"TCP Query User{BA0C33A4-1CF4-4E47-88EA-B7560798F435}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{BA97B185-B87B-4751-ACC8-688092D55BF5}C:\users\thomser\desktop\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe | 
"TCP Query User{CA7C4D24-643C-4E89-B75D-E7EA44A22B7E}C:\users\thomser\desktop\revops\blackops.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat | 
"TCP Query User{E28585F8-BBFF-49F0-9EC4-5412B16A184C}C:\program files (x86)\sony\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\planetside2.exe | 
"TCP Query User{E7E345E6-AB9B-4A4E-B4C8-2A0EA3C944A5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{07C5F426-9477-4573-8C38-813E2DCE3696}C:\users\thomser\desktop\revops\blackops.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe | 
"UDP Query User{0EA7B609-8400-4A1B-AE6A-A6532BDCE7ED}C:\users\thomser\desktop\aiw-client\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe | 
"UDP Query User{3CC714AA-8D1F-46D9-ADEC-6BBFCB0785CC}C:\users\thomser\desktop\aiw-client\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.dat | 
"UDP Query User{3E1EEA13-679E-4004-B702-214B643FF22D}C:\users\thomser\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\thomser\appdata\local\iw4m\iw4m.dat | 
"UDP Query User{4D556E7D-66AC-416A-B0E2-D0508911981F}C:\users\thomser\desktop\mw2mp\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\mw2mp\iw4mp.dat | 
"UDP Query User{52CD05E3-6E39-4D7A-B449-DCE6A5737BD6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{58F9D57C-4CC2-4061-AD8A-A8EE05E79B03}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{60F818B3-9713-4658-A78D-DDF3C7E4EBD4}C:\users\thomser\desktop\revops\blackopsmp.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat | 
"UDP Query User{93F2CA7F-45B6-45E8-8E7F-878C27FE17DA}C:\users\thomser\desktop\revops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe | 
"UDP Query User{96AFF7EA-FCB6-44DB-8D1B-16810F9E6F8D}C:\users\thomser\desktop\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe | 
"UDP Query User{9C12F404-DCA9-42D4-9B0A-F5C52C5EF476}C:\users\thomser\desktop\revops\blackops.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat | 
"UDP Query User{A3383DBB-4884-4F76-BE09-E3B82A3FA628}C:\users\thomser\desktop\gta - san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\gta - san andreas\gta_sa.exe | 
"UDP Query User{A7C2DD9C-27F0-4A08-B15E-89533B4441F0}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{AAF19DAB-D837-4119-9769-C7B3704B5B29}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{CDA9AA5F-2F39-4D79-89D6-4B59B82083B2}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{F1515F29-02B7-4C24-915A-0AA4C6A583E8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{F1A0DA60-5261-418E-8582-3C08A218B278}C:\program files (x86)\sony\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\planetside2.exe | 
"UDP Query User{F9F60DAF-0941-4193-8E9F-70CE43C0E449}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{14381C99-F5EB-0DDF-A9D1-B6048D4E9913}" = AMD Drag and Drop Transcoding
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23A94419-A21F-EB9D-6975-F32D79BC411F}" = AMD AVIVO64 Codecs
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.2.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.112.08260
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29399c23-7940-49a2-a4ce-0717fa2e653a}" = Nero 9 Essentials
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E884B5-B9B6-4432-B209-3A3EF41C7A01}" = Camtasia Studio 8
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broken Sword 2.5_is1" = Broken Sword 2.5
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"Sauerbraten" = Sauerbraten
"Steam App 113400" = APB Reloaded
"Steam App 22230" = Rock of Ages
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
"TmNationsForever_is1" = TmNationsForever
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"Google Chrome" = Google Chrome
"SOE-" = gamelauncher-ps2-live
"SOE-C:/Program Files (x86)/Sony" = gamelauncher-ps2-psg (x86)-Sony
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"SOE-C:/Users/Thomser/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"soe-PlanetSide 2 PSG" = PlanetSide 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2012 11:55:51 | Computer Name = Thomsers-PC | Source = Application Hang | ID = 1002
Description = Programm BlackOpsMP.dat, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1300    Startzeit:
 01cde76b2bbf6c4c    Endzeit: 22    Anwendungspfad: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat

Berichts-ID:
   
 
Error - 31.12.2012 13:58:21 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
 Zeitstempel: 0x4e4991e9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74c8c9f1  ID des fehlerhaften
 Prozesses: 0x122c  Startzeit der fehlerhaften Anwendung: 0x01cde78058ca42b3  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: a95f3a9c-5373-11e2-90b4-d027881e4f78
 
Error - 31.12.2012 14:22:50 | Computer Name = Thomsers-PC | Source = Application Hang | ID = 1002
Description = Programm BlackOpsMP.dat, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1318    Startzeit:
 01cde7806f1c3dae    Endzeit: 30    Anwendungspfad: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat

Berichts-ID:
   
 
Error - 31.12.2012 16:46:44 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
 Zeitstempel: 0x4e4991e9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74c8c9f1  ID des fehlerhaften
 Prozesses: 0xaa4  Startzeit der fehlerhaften Anwendung: 0x01cde797d5748168  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: 2f254d85-538b-11e2-90b4-d027881e4f78
 
Error - 31.12.2012 16:46:49 | Computer Name = Thomsers-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 31.12.2012 16:46:49 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.exe, Version: 1.0.0.0,
 Zeitstempel: 0x50d3c7b2  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17135,
 Zeitstempel: 0x506dbfdc  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x17e8  Startzeit der fehlerhaften Anwendung: 0x01cde797f45c2eb0  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.exe  Pfad des 
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 32429ec2-538b-11e2-90b4-d027881e4f78
 
Error - 31.12.2012 17:10:21 | Computer Name = Thomsers-PC | Source = Application Hang | ID = 1002
Description = Programm BlackOpsMP.dat, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 153c    Startzeit:
 01cde797f4914937    Endzeit: 160    Anwendungspfad: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat

Berichts-ID:
   
 
Error - 31.12.2012 17:37:23 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
 Zeitstempel: 0x4e4991e9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74c8c9f1  ID des fehlerhaften
 Prozesses: 0x1558  Startzeit der fehlerhaften Anwendung: 0x01cde79ef6b58b15  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: 428ebdef-5392-11e2-90b4-d027881e4f78
 
Error - 01.01.2013 06:29:35 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
 Zeitstempel: 0x4e4991e9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7532c9f1  ID des fehlerhaften
 Prozesses: 0x14dc  Startzeit der fehlerhaften Anwendung: 0x01cde80ad1e7a91b  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: 22f79f31-53fe-11e2-9423-d027881e4f78
 
Error - 01.01.2013 16:45:24 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
 Zeitstempel: 0x4e4991e9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7469c9f1  ID des fehlerhaften
 Prozesses: 0x1668  Startzeit der fehlerhaften Anwendung: 0x01cde85fcc338ac7  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: 2a4fd180-5454-11e2-a6bc-d027881e4f78
 
[ System Events ]
Error - 13.12.2012 09:07:09 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.12.2012 11:07:09 | Computer Name = Thomsers-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 18.12.2012 09:00:54 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.12.2012 09:00:54 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 18.12.2012 09:00:54 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 21.12.2012 04:40:22 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 21.12.2012 04:40:22 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.12.2012 17:33:53 | Computer Name = Thomsers-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 27.12.2012 16:14:09 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AMD External Events Utility erreicht.
 
Error - 27.12.2012 16:14:09 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         

Alt 15.01.2013, 20:12   #5
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



warum hat das system keine windows updates gesehen? sp1 fehlt zb.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 21:28   #6
Thomser22
 
YouTube Virus - Standard

YouTube Virus



Code:
ATTFilter
21:25:37.0014 5480  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:25:37.0300 5480  ============================================================
21:25:37.0300 5480  Current date / time: 2013/01/15 21:25:37.0300
21:25:37.0300 5480  SystemInfo:
21:25:37.0300 5480  
21:25:37.0300 5480  OS Version: 6.1.7600 ServicePack: 0.0
21:25:37.0300 5480  Product type: Workstation
21:25:37.0300 5480  ComputerName: THOMSERS-PC
21:25:37.0301 5480  UserName: Thomser
21:25:37.0301 5480  Windows directory: C:\Windows
21:25:37.0301 5480  System windows directory: C:\Windows
21:25:37.0301 5480  Running under WOW64
21:25:37.0301 5480  Processor architecture: Intel x64
21:25:37.0301 5480  Number of processors: 4
21:25:37.0301 5480  Page size: 0x1000
21:25:37.0301 5480  Boot type: Normal boot
21:25:37.0301 5480  ============================================================
21:25:37.0664 5480  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:25:37.0676 5480  ============================================================
21:25:37.0676 5480  \Device\Harddisk0\DR0:
21:25:37.0677 5480  MBR partitions:
21:25:37.0677 5480  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2904800, BlocksNum 0x32000
21:25:37.0677 5480  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2936800, BlocksNum 0x56037000
21:25:37.0677 5480  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5896D800, BlocksNum 0x56119800
21:25:37.0677 5480  ============================================================
21:25:37.0696 5480  C: <-> \Device\Harddisk0\DR0\Partition2
21:25:37.0725 5480  D: <-> \Device\Harddisk0\DR0\Partition3
21:25:37.0725 5480  ============================================================
21:25:37.0725 5480  Initialize success
21:25:37.0725 5480  ============================================================
21:25:48.0923 4652  ============================================================
21:25:48.0923 4652  Scan started
21:25:48.0923 4652  Mode: Manual; SigCheck; TDLFS; 
21:25:48.0923 4652  ============================================================
21:25:49.0117 4652  ================ Scan system memory ========================
21:25:49.0117 4652  System memory - ok
21:25:49.0118 4652  ================ Scan services =============================
21:25:49.0285 4652  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
21:25:49.0343 4652  1394ohci - ok
21:25:49.0368 4652  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
21:25:49.0381 4652  ACPI - ok
21:25:49.0397 4652  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
21:25:49.0410 4652  AcpiPmi - ok
21:25:49.0520 4652  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:49.0548 4652  AdobeFlashPlayerUpdateSvc - ok
21:25:49.0570 4652  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:49.0587 4652  adp94xx - ok
21:25:49.0594 4652  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:25:49.0608 4652  adpahci - ok
21:25:49.0622 4652  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:25:49.0633 4652  adpu320 - ok
21:25:49.0653 4652  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:25:49.0686 4652  AeLookupSvc - ok
21:25:49.0742 4652  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
21:25:49.0756 4652  AFD - ok
21:25:49.0769 4652  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
21:25:49.0779 4652  agp440 - ok
21:25:49.0805 4652  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:25:49.0817 4652  ALG - ok
21:25:49.0833 4652  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
21:25:49.0844 4652  aliide - ok
21:25:49.0878 4652  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:25:49.0911 4652  AMD External Events Utility - ok
21:25:49.0932 4652  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
21:25:49.0943 4652  amdide - ok
21:25:49.0964 4652  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:25:49.0977 4652  AmdK8 - ok
21:25:50.0196 4652  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:25:50.0292 4652  amdkmdag - ok
21:25:50.0333 4652  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:25:50.0363 4652  amdkmdap - ok
21:25:50.0389 4652  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:25:50.0401 4652  AmdPPM - ok
21:25:50.0430 4652  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:25:50.0442 4652  amdsata - ok
21:25:50.0463 4652  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:50.0476 4652  amdsbs - ok
21:25:50.0492 4652  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:25:50.0503 4652  amdxata - ok
21:25:50.0596 4652  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:25:50.0615 4652  AntiVirSchedulerService - ok
21:25:50.0631 4652  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:25:50.0643 4652  AntiVirService - ok
21:25:50.0672 4652  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:25:50.0693 4652  AntiVirWebService - ok
21:25:50.0715 4652  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
21:25:50.0739 4652  AppID - ok
21:25:50.0793 4652  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:25:50.0849 4652  AppIDSvc - ok
21:25:50.0881 4652  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
21:25:50.0892 4652  Appinfo - ok
21:25:50.0943 4652  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:25:50.0960 4652  Apple Mobile Device - ok
21:25:50.0979 4652  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:25:50.0998 4652  arc - ok
21:25:51.0016 4652  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:25:51.0036 4652  arcsas - ok
21:25:51.0046 4652  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:51.0078 4652  AsyncMac - ok
21:25:51.0143 4652  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
21:25:51.0163 4652  atapi - ok
21:25:51.0196 4652  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:25:51.0212 4652  AtiHDAudioService - ok
21:25:51.0277 4652  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
21:25:51.0302 4652  atksgt - ok
21:25:51.0343 4652  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:51.0388 4652  AudioEndpointBuilder - ok
21:25:51.0402 4652  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:25:51.0438 4652  AudioSrv - ok
21:25:51.0480 4652  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:25:51.0499 4652  avgntflt - ok
21:25:51.0517 4652  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:25:51.0535 4652  avipbb - ok
21:25:51.0552 4652  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:25:51.0566 4652  avkmgr - ok
21:25:51.0584 4652  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:25:51.0612 4652  AxInstSV - ok
21:25:51.0648 4652  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:25:51.0673 4652  b06bdrv - ok
21:25:51.0700 4652  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:51.0712 4652  b57nd60a - ok
21:25:51.0737 4652  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:25:51.0749 4652  BDESVC - ok
21:25:51.0758 4652  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:25:51.0788 4652  Beep - ok
21:25:51.0840 4652  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
21:25:51.0897 4652  BFE - ok
21:25:51.0923 4652  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
21:25:51.0963 4652  BITS - ok
21:25:51.0974 4652  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:51.0986 4652  blbdrive - ok
21:25:52.0050 4652  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:25:52.0074 4652  Bonjour Service - ok
21:25:52.0097 4652  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:25:52.0112 4652  bowser - ok
21:25:52.0128 4652  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:52.0145 4652  BrFiltLo - ok
21:25:52.0161 4652  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:52.0179 4652  BrFiltUp - ok
21:25:52.0211 4652  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
21:25:52.0224 4652  Browser - ok
21:25:52.0236 4652  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:25:52.0252 4652  Brserid - ok
21:25:52.0265 4652  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:52.0280 4652  BrSerWdm - ok
21:25:52.0288 4652  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:52.0302 4652  BrUsbMdm - ok
21:25:52.0317 4652  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:52.0328 4652  BrUsbSer - ok
21:25:52.0332 4652  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:52.0348 4652  BTHMODEM - ok
21:25:52.0387 4652  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:25:52.0429 4652  bthserv - ok
21:25:52.0434 4652  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:25:52.0471 4652  cdfs - ok
21:25:52.0493 4652  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:25:52.0505 4652  cdrom - ok
21:25:52.0516 4652  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:25:52.0548 4652  CertPropSvc - ok
21:25:52.0563 4652  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:25:52.0576 4652  circlass - ok
21:25:52.0603 4652  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:25:52.0617 4652  CLFS - ok
21:25:52.0679 4652  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:52.0698 4652  clr_optimization_v2.0.50727_32 - ok
21:25:52.0749 4652  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:25:52.0765 4652  clr_optimization_v2.0.50727_64 - ok
21:25:52.0815 4652  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:52.0833 4652  clr_optimization_v4.0.30319_32 - ok
21:25:52.0847 4652  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:25:52.0864 4652  clr_optimization_v4.0.30319_64 - ok
21:25:52.0895 4652  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:52.0907 4652  CmBatt - ok
21:25:52.0918 4652  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
21:25:52.0930 4652  cmdide - ok
21:25:52.0969 4652  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:25:52.0992 4652  CNG - ok
21:25:53.0010 4652  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:25:53.0019 4652  Compbatt - ok
21:25:53.0040 4652  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:25:53.0054 4652  CompositeBus - ok
21:25:53.0063 4652  COMSysApp - ok
21:25:53.0076 4652  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:53.0086 4652  crcdisk - ok
21:25:53.0130 4652  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:25:53.0142 4652  CryptSvc - ok
21:25:53.0171 4652  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:25:53.0210 4652  DcomLaunch - ok
21:25:53.0239 4652  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:25:53.0275 4652  defragsvc - ok
21:25:53.0304 4652  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:25:53.0315 4652  DfsC - ok
21:25:53.0326 4652  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:25:53.0344 4652  Dhcp - ok
21:25:53.0361 4652  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:25:53.0393 4652  discache - ok
21:25:53.0424 4652  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:25:53.0434 4652  Disk - ok
21:25:53.0470 4652  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:25:53.0483 4652  Dnscache - ok
21:25:53.0495 4652  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
21:25:53.0536 4652  dot3svc - ok
21:25:53.0557 4652  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
21:25:53.0591 4652  DPS - ok
21:25:53.0640 4652  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:25:53.0667 4652  drmkaud - ok
21:25:53.0698 4652  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:25:53.0733 4652  DXGKrnl - ok
21:25:53.0752 4652  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
21:25:53.0766 4652  E1G60 - ok
21:25:53.0779 4652  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:25:53.0816 4652  EapHost - ok
21:25:53.0892 4652  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:25:53.0952 4652  ebdrv - ok
21:25:53.0971 4652  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
21:25:53.0982 4652  EFS - ok
21:25:54.0033 4652  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:25:54.0067 4652  ehRecvr - ok
21:25:54.0094 4652  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:25:54.0116 4652  ehSched - ok
21:25:54.0147 4652  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:25:54.0174 4652  elxstor - ok
21:25:54.0182 4652  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
21:25:54.0193 4652  ErrDev - ok
21:25:54.0224 4652  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:25:54.0259 4652  EventSystem - ok
21:25:54.0266 4652  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:25:54.0298 4652  exfat - ok
21:25:54.0313 4652  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:25:54.0345 4652  fastfat - ok
21:25:54.0374 4652  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
21:25:54.0390 4652  Fax - ok
21:25:54.0404 4652  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:25:54.0416 4652  fdc - ok
21:25:54.0432 4652  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:25:54.0463 4652  fdPHost - ok
21:25:54.0473 4652  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:25:54.0502 4652  FDResPub - ok
21:25:54.0519 4652  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:25:54.0527 4652  FileInfo - ok
21:25:54.0539 4652  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:25:54.0567 4652  Filetrace - ok
21:25:54.0581 4652  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:54.0590 4652  flpydisk - ok
21:25:54.0595 4652  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:25:54.0606 4652  FltMgr - ok
21:25:54.0634 4652  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
21:25:54.0652 4652  FontCache - ok
21:25:54.0683 4652  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:25:54.0690 4652  FontCache3.0.0.0 - ok
21:25:54.0706 4652  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:25:54.0715 4652  FsDepends - ok
21:25:54.0744 4652  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:25:54.0753 4652  Fs_Rec - ok
21:25:54.0788 4652  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:25:54.0802 4652  fvevol - ok
21:25:54.0819 4652  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:54.0830 4652  gagp30kx - ok
21:25:54.0856 4652  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:54.0864 4652  GEARAspiWDM - ok
21:25:54.0900 4652  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
21:25:54.0908 4652  ggflt - ok
21:25:54.0916 4652  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
21:25:54.0925 4652  ggsemc - ok
21:25:54.0970 4652  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
21:25:54.0996 4652  gpsvc - ok
21:25:55.0061 4652  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:25:55.0077 4652  GREGService - ok
21:25:55.0102 4652  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
21:25:55.0119 4652  hamachi - ok
21:25:55.0236 4652  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:25:55.0276 4652  Hamachi2Svc - ok
21:25:55.0286 4652  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:25:55.0297 4652  hcw85cir - ok
21:25:55.0327 4652  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:55.0343 4652  HdAudAddService - ok
21:25:55.0352 4652  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:55.0366 4652  HDAudBus - ok
21:25:55.0383 4652  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:55.0394 4652  HidBatt - ok
21:25:55.0405 4652  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:25:55.0421 4652  HidBth - ok
21:25:55.0432 4652  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:25:55.0445 4652  HidIr - ok
21:25:55.0476 4652  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:25:55.0509 4652  hidserv - ok
21:25:55.0537 4652  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:25:55.0547 4652  HidUsb - ok
21:25:55.0564 4652  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:25:55.0602 4652  hkmsvc - ok
21:25:55.0624 4652  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:55.0636 4652  HomeGroupListener - ok
21:25:55.0662 4652  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:55.0675 4652  HomeGroupProvider - ok
21:25:55.0678 4652  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
21:25:55.0688 4652  HpSAMD - ok
21:25:55.0713 4652  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:25:55.0750 4652  HTTP - ok
21:25:55.0767 4652  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:25:55.0776 4652  hwpolicy - ok
21:25:55.0798 4652  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:55.0809 4652  i8042prt - ok
21:25:55.0832 4652  [ BF5442DC14608D18949DC83DE37E667A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:25:55.0848 4652  iaStor - ok
21:25:55.0881 4652  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:25:55.0911 4652  iaStorV - ok
21:25:55.0968 4652  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:25:55.0992 4652  idsvc - ok
21:25:56.0002 4652  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:25:56.0011 4652  iirsp - ok
21:25:56.0048 4652  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
21:25:56.0088 4652  IKEEXT - ok
21:25:56.0162 4652  [ 6FECEB88CBB6E761E9194F5711F02102 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:25:56.0211 4652  IntcAzAudAddService - ok
21:25:56.0228 4652  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
21:25:56.0238 4652  intelide - ok
21:25:56.0251 4652  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:25:56.0261 4652  intelppm - ok
21:25:56.0279 4652  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:25:56.0314 4652  IPBusEnum - ok
21:25:56.0331 4652  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:56.0367 4652  IpFilterDriver - ok
21:25:56.0394 4652  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:25:56.0433 4652  iphlpsvc - ok
21:25:56.0436 4652  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:25:56.0446 4652  IPMIDRV - ok
21:25:56.0461 4652  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:25:56.0491 4652  IPNAT - ok
21:25:56.0532 4652  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:25:56.0547 4652  iPod Service - ok
21:25:56.0568 4652  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:25:56.0582 4652  IRENUM - ok
21:25:56.0595 4652  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
21:25:56.0605 4652  isapnp - ok
21:25:56.0616 4652  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:25:56.0629 4652  iScsiPrt - ok
21:25:56.0631 4652  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:56.0641 4652  kbdclass - ok
21:25:56.0658 4652  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:56.0667 4652  kbdhid - ok
21:25:56.0683 4652  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
21:25:56.0693 4652  KeyIso - ok
21:25:56.0712 4652  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:25:56.0722 4652  KSecDD - ok
21:25:56.0740 4652  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:25:56.0751 4652  KSecPkg - ok
21:25:56.0762 4652  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:25:56.0794 4652  ksthunk - ok
21:25:56.0819 4652  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:25:56.0851 4652  KtmRm - ok
21:25:56.0882 4652  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:25:56.0895 4652  LanmanServer - ok
21:25:56.0913 4652  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:56.0949 4652  LanmanWorkstation - ok
21:25:56.0992 4652  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
21:25:57.0010 4652  lirsgt - ok
21:25:57.0026 4652  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:25:57.0063 4652  lltdio - ok
21:25:57.0081 4652  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:25:57.0113 4652  lltdsvc - ok
21:25:57.0146 4652  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:25:57.0177 4652  lmhosts - ok
21:25:57.0206 4652  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:57.0216 4652  LSI_FC - ok
21:25:57.0229 4652  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:57.0239 4652  LSI_SAS - ok
21:25:57.0243 4652  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:57.0252 4652  LSI_SAS2 - ok
21:25:57.0255 4652  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:57.0265 4652  LSI_SCSI - ok
21:25:57.0269 4652  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:25:57.0298 4652  luafv - ok
21:25:57.0420 4652  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
21:25:57.0490 4652  LVUVC64 - ok
21:25:57.0537 4652  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:25:57.0553 4652  MBAMProtector - ok
21:25:57.0599 4652  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:25:57.0622 4652  MBAMScheduler - ok
21:25:57.0655 4652  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:57.0676 4652  MBAMService - ok
21:25:57.0689 4652  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:25:57.0701 4652  Mcx2Svc - ok
21:25:57.0709 4652  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:25:57.0718 4652  megasas - ok
21:25:57.0739 4652  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:57.0752 4652  MegaSR - ok
21:25:57.0790 4652  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:25:57.0823 4652  MMCSS - ok
21:25:57.0835 4652  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:25:57.0865 4652  Modem - ok
21:25:57.0880 4652  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:25:57.0893 4652  monitor - ok
21:25:57.0905 4652  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:25:57.0915 4652  mouclass - ok
21:25:57.0927 4652  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:25:57.0937 4652  mouhid - ok
21:25:57.0940 4652  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:25:57.0950 4652  mountmgr - ok
21:25:58.0007 4652  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:25:58.0027 4652  MozillaMaintenance - ok
21:25:58.0041 4652  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
21:25:58.0056 4652  mpio - ok
21:25:58.0060 4652  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:25:58.0101 4652  mpsdrv - ok
21:25:58.0131 4652  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:25:58.0175 4652  MpsSvc - ok
21:25:58.0191 4652  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:25:58.0206 4652  MRxDAV - ok
21:25:58.0229 4652  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:58.0240 4652  mrxsmb - ok
21:25:58.0266 4652  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:58.0279 4652  mrxsmb10 - ok
21:25:58.0311 4652  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:58.0323 4652  mrxsmb20 - ok
21:25:58.0337 4652  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
21:25:58.0347 4652  msahci - ok
21:25:58.0364 4652  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
21:25:58.0377 4652  msdsm - ok
21:25:58.0423 4652  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:25:58.0438 4652  MSDTC - ok
21:25:58.0456 4652  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:25:58.0494 4652  Msfs - ok
21:25:58.0511 4652  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:25:58.0543 4652  mshidkmdf - ok
21:25:58.0564 4652  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
21:25:58.0573 4652  msisadrv - ok
21:25:58.0623 4652  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:25:58.0685 4652  MSiSCSI - ok
21:25:58.0688 4652  msiserver - ok
21:25:58.0729 4652  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:25:58.0758 4652  MSKSSRV - ok
21:25:58.0772 4652  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:58.0801 4652  MSPCLOCK - ok
21:25:58.0804 4652  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:25:58.0833 4652  MSPQM - ok
21:25:58.0855 4652  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:25:58.0868 4652  MsRPC - ok
21:25:58.0879 4652  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:58.0889 4652  mssmbios - ok
21:25:58.0891 4652  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:25:58.0921 4652  MSTEE - ok
21:25:58.0936 4652  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:58.0946 4652  MTConfig - ok
21:25:58.0949 4652  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:25:58.0959 4652  Mup - ok
21:25:58.0972 4652  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:25:58.0979 4652  mwlPSDFilter - ok
21:25:58.0994 4652  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:25:59.0002 4652  mwlPSDNServ - ok
21:25:59.0014 4652  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:25:59.0022 4652  mwlPSDVDisk - ok
21:25:59.0067 4652  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
21:25:59.0089 4652  MWLService - ok
21:25:59.0113 4652  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
21:25:59.0163 4652  napagent - ok
21:25:59.0183 4652  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:25:59.0206 4652  NativeWifiP - ok
21:25:59.0248 4652  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:25:59.0275 4652  NDIS - ok
21:25:59.0287 4652  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:59.0317 4652  NdisCap - ok
21:25:59.0325 4652  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:59.0356 4652  NdisTapi - ok
21:25:59.0370 4652  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:59.0400 4652  Ndisuio - ok
21:25:59.0409 4652  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:59.0441 4652  NdisWan - ok
21:25:59.0467 4652  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:25:59.0496 4652  NDProxy - ok
21:25:59.0617 4652  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:25:59.0657 4652  Nero BackItUp Scheduler 4.0 - ok
21:25:59.0674 4652  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:25:59.0713 4652  NetBIOS - ok
21:25:59.0718 4652  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:25:59.0748 4652  NetBT - ok
21:25:59.0754 4652  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
21:25:59.0765 4652  Netlogon - ok
21:25:59.0807 4652  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:25:59.0868 4652  Netman - ok
21:25:59.0892 4652  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:25:59.0927 4652  netprofm - ok
21:25:59.0948 4652  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:59.0956 4652  NetTcpPortSharing - ok
21:25:59.0985 4652  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:59.0995 4652  nfrd960 - ok
21:26:00.0010 4652  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:26:00.0048 4652  NlaSvc - ok
21:26:00.0144 4652  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:26:00.0217 4652  NOBU - ok
21:26:00.0220 4652  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:26:00.0250 4652  Npfs - ok
21:26:00.0259 4652  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:26:00.0289 4652  nsi - ok
21:26:00.0304 4652  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:26:00.0331 4652  nsiproxy - ok
21:26:00.0377 4652  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:26:00.0407 4652  Ntfs - ok
21:26:00.0419 4652  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:26:00.0447 4652  Null - ok
21:26:00.0484 4652  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:26:00.0493 4652  nvraid - ok
21:26:00.0508 4652  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:26:00.0519 4652  nvstor - ok
21:26:00.0544 4652  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
21:26:00.0554 4652  nv_agp - ok
21:26:00.0564 4652  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:26:00.0576 4652  ohci1394 - ok
21:26:00.0605 4652  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:26:00.0620 4652  p2pimsvc - ok
21:26:00.0647 4652  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:26:00.0663 4652  p2psvc - ok
21:26:00.0685 4652  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:26:00.0698 4652  Parport - ok
21:26:00.0715 4652  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:26:00.0727 4652  partmgr - ok
21:26:00.0739 4652  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:26:00.0758 4652  PcaSvc - ok
21:26:00.0800 4652  PCDSRVC{5368CD8C-7868C3EA-06020200}_0 - ok
21:26:00.0803 4652  PCDSRVC{B368CD8C-FA3611C4-06020200}_0 - ok
21:26:00.0824 4652  PCDSRVC{E368CD8C-4733001A-06020200}_0 - ok
21:26:00.0843 4652  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
21:26:00.0856 4652  pci - ok
21:26:00.0868 4652  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
21:26:00.0877 4652  pciide - ok
21:26:00.0888 4652  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:00.0900 4652  pcmcia - ok
21:26:00.0912 4652  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:26:00.0922 4652  pcw - ok
21:26:00.0940 4652  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:26:00.0975 4652  PEAUTH - ok
21:26:01.0033 4652  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:26:01.0057 4652  PerfHost - ok
21:26:01.0109 4652  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
21:26:01.0164 4652  pla - ok
21:26:01.0221 4652  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:26:01.0250 4652  PlugPlay - ok
21:26:01.0278 4652  PnkBstrA - ok
21:26:01.0296 4652  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:26:01.0310 4652  PNRPAutoReg - ok
21:26:01.0325 4652  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:26:01.0343 4652  PNRPsvc - ok
21:26:01.0375 4652  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:26:01.0425 4652  PolicyAgent - ok
21:26:01.0451 4652  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:26:01.0486 4652  Power - ok
21:26:01.0516 4652  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:26:01.0547 4652  PptpMiniport - ok
21:26:01.0562 4652  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:26:01.0573 4652  Processor - ok
21:26:01.0591 4652  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
21:26:01.0604 4652  ProfSvc - ok
21:26:01.0614 4652  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:26:01.0624 4652  ProtectedStorage - ok
21:26:01.0633 4652  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:26:01.0665 4652  Psched - ok
21:26:01.0710 4652  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:26:01.0754 4652  ql2300 - ok
21:26:01.0762 4652  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:01.0773 4652  ql40xx - ok
21:26:01.0799 4652  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:26:01.0817 4652  QWAVE - ok
21:26:01.0830 4652  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:26:01.0846 4652  QWAVEdrv - ok
21:26:01.0856 4652  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:26:01.0890 4652  RasAcd - ok
21:26:01.0911 4652  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:01.0942 4652  RasAgileVpn - ok
21:26:01.0953 4652  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:26:01.0986 4652  RasAuto - ok
21:26:01.0989 4652  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:02.0020 4652  Rasl2tp - ok
21:26:02.0037 4652  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
21:26:02.0070 4652  RasMan - ok
21:26:02.0073 4652  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:02.0103 4652  RasPppoe - ok
21:26:02.0117 4652  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:26:02.0145 4652  RasSstp - ok
21:26:02.0164 4652  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:26:02.0194 4652  rdbss - ok
21:26:02.0196 4652  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:02.0207 4652  rdpbus - ok
21:26:02.0219 4652  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:02.0247 4652  RDPCDD - ok
21:26:02.0261 4652  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:26:02.0289 4652  RDPENCDD - ok
21:26:02.0294 4652  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:26:02.0322 4652  RDPREFMP - ok
21:26:02.0350 4652  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:26:02.0363 4652  RDPWD - ok
21:26:02.0415 4652  [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:26:02.0440 4652  rdyboost - ok
21:26:02.0473 4652  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:26:02.0515 4652  RemoteAccess - ok
21:26:02.0527 4652  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:26:02.0559 4652  RemoteRegistry - ok
21:26:02.0599 4652  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
21:26:02.0615 4652  RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:26:02.0615 4652  RichVideo - detected UnsignedFile.Multi.Generic (1)
21:26:02.0626 4652  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:26:02.0677 4652  RpcEptMapper - ok
21:26:02.0693 4652  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:26:02.0706 4652  RpcLocator - ok
21:26:02.0746 4652  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
21:26:02.0821 4652  RpcSs - ok
21:26:02.0837 4652  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:26:02.0879 4652  rspndr - ok
21:26:02.0906 4652  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:26:02.0920 4652  RTL8167 - ok
21:26:02.0934 4652  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
21:26:02.0947 4652  SamSs - ok
21:26:02.0961 4652  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
21:26:02.0975 4652  sbp2port - ok
21:26:02.0991 4652  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:26:03.0034 4652  SCardSvr - ok
21:26:03.0048 4652  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:26:03.0078 4652  scfilter - ok
21:26:03.0123 4652  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
21:26:03.0152 4652  Schedule - ok
21:26:03.0171 4652  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:26:03.0207 4652  SCPolicySvc - ok
21:26:03.0224 4652  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:26:03.0235 4652  SDRSVC - ok
21:26:03.0254 4652  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:26:03.0287 4652  secdrv - ok
21:26:03.0292 4652  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
21:26:03.0325 4652  seclogon - ok
21:26:03.0334 4652  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:26:03.0365 4652  SENS - ok
21:26:03.0368 4652  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:26:03.0378 4652  SensrSvc - ok
21:26:03.0392 4652  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:26:03.0402 4652  Serenum - ok
21:26:03.0428 4652  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:26:03.0438 4652  Serial - ok
21:26:03.0468 4652  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:26:03.0479 4652  sermouse - ok
21:26:03.0494 4652  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
21:26:03.0525 4652  SessionEnv - ok
21:26:03.0549 4652  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
21:26:03.0559 4652  sffdisk - ok
21:26:03.0562 4652  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:26:03.0571 4652  sffp_mmc - ok
21:26:03.0577 4652  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
21:26:03.0588 4652  sffp_sd - ok
21:26:03.0603 4652  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:03.0613 4652  sfloppy - ok
21:26:03.0639 4652  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:26:03.0676 4652  SharedAccess - ok
21:26:03.0728 4652  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:26:03.0760 4652  ShellHWDetection - ok
21:26:03.0784 4652  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:03.0795 4652  SiSRaid2 - ok
21:26:03.0812 4652  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:03.0823 4652  SiSRaid4 - ok
21:26:03.0873 4652  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:26:03.0892 4652  SkypeUpdate - ok
21:26:03.0901 4652  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:26:03.0958 4652  Smb - ok
21:26:03.0969 4652  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:26:03.0982 4652  SNMPTRAP - ok
21:26:04.0065 4652  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:26:04.0082 4652  Sony PC Companion - ok
21:26:04.0103 4652  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:26:04.0117 4652  spldr - ok
21:26:04.0150 4652  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
21:26:04.0173 4652  Spooler - ok
21:26:04.0251 4652  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:26:04.0296 4652  sppsvc - ok
21:26:04.0306 4652  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:26:04.0338 4652  sppuinotify - ok
21:26:04.0364 4652  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:26:04.0376 4652  srv - ok
21:26:04.0389 4652  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:26:04.0401 4652  srv2 - ok
21:26:04.0414 4652  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:26:04.0426 4652  srvnet - ok
21:26:04.0444 4652  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:26:04.0480 4652  SSDPSRV - ok
21:26:04.0493 4652  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:26:04.0527 4652  SstpSvc - ok
21:26:04.0542 4652  Steam Client Service - ok
21:26:04.0557 4652  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:26:04.0566 4652  stexstor - ok
21:26:04.0593 4652  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
21:26:04.0613 4652  stisvc - ok
21:26:04.0623 4652  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:26:04.0632 4652  swenum - ok
21:26:04.0660 4652  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:26:04.0694 4652  swprv - ok
21:26:04.0736 4652  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
21:26:04.0768 4652  SysMain - ok
21:26:04.0778 4652  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:26:04.0794 4652  TabletInputService - ok
21:26:04.0809 4652  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:26:04.0842 4652  TapiSrv - ok
21:26:04.0855 4652  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:26:04.0884 4652  TBS - ok
21:26:04.0937 4652  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:26:04.0972 4652  Tcpip - ok
21:26:05.0010 4652  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:26:05.0047 4652  TCPIP6 - ok
21:26:05.0055 4652  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:26:05.0091 4652  tcpipreg - ok
21:26:05.0099 4652  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:26:05.0108 4652  TDPIPE - ok
21:26:05.0128 4652  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:26:05.0137 4652  TDTCP - ok
21:26:05.0158 4652  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:26:05.0188 4652  tdx - ok
21:26:05.0285 4652  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:26:05.0340 4652  TeamViewer7 - ok
21:26:05.0344 4652  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:26:05.0353 4652  TermDD - ok
21:26:05.0376 4652  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
21:26:05.0415 4652  TermService - ok
21:26:05.0430 4652  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:26:05.0444 4652  Themes - ok
21:26:05.0458 4652  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:26:05.0489 4652  THREADORDER - ok
21:26:05.0503 4652  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:26:05.0534 4652  TrkWks - ok
21:26:05.0582 4652  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:26:05.0594 4652  TrustedInstaller - ok
21:26:05.0606 4652  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:05.0638 4652  tssecsrv - ok
21:26:05.0660 4652  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:26:05.0691 4652  tunnel - ok
21:26:05.0708 4652  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:26:05.0717 4652  uagp35 - ok
21:26:05.0741 4652  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:26:05.0776 4652  udfs - ok
21:26:05.0795 4652  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:26:05.0807 4652  UI0Detect - ok
21:26:05.0829 4652  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
21:26:05.0838 4652  uliagpkx - ok
21:26:05.0862 4652  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:26:05.0873 4652  umbus - ok
21:26:05.0885 4652  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:26:05.0896 4652  UmPass - ok
21:26:05.0945 4652  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:26:05.0973 4652  UMVPFSrv - ok
21:26:06.0020 4652  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:26:06.0041 4652  Updater Service - ok
21:26:06.0062 4652  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:26:06.0110 4652  upnphost - ok
21:26:06.0145 4652  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:26:06.0154 4652  USBAAPL64 - ok
21:26:06.0207 4652  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:26:06.0233 4652  usbaudio - ok
21:26:06.0252 4652  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:06.0266 4652  usbccgp - ok
21:26:06.0281 4652  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
21:26:06.0299 4652  usbcir - ok
21:26:06.0315 4652  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:26:06.0328 4652  usbehci - ok
21:26:06.0355 4652  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:26:06.0371 4652  usbhub - ok
21:26:06.0390 4652  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:26:06.0403 4652  usbohci - ok
21:26:06.0423 4652  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:26:06.0442 4652  usbprint - ok
21:26:06.0487 4652  [ B5E6C4F280EBF0B16F74A5B415F2E0DF ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
21:26:06.0498 4652  USBS3S4Detection - ok
21:26:06.0513 4652  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:06.0528 4652  USBSTOR - ok
21:26:06.0545 4652  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:26:06.0559 4652  usbuhci - ok
21:26:06.0588 4652  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:26:06.0603 4652  usbvideo - ok
21:26:06.0626 4652  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:26:06.0673 4652  UxSms - ok
21:26:06.0690 4652  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
21:26:06.0701 4652  VaultSvc - ok
21:26:06.0721 4652  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
21:26:06.0731 4652  vdrvroot - ok
21:26:06.0750 4652  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
21:26:06.0768 4652  vds - ok
21:26:06.0790 4652  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:06.0806 4652  vga - ok
21:26:06.0820 4652  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:26:06.0859 4652  VgaSave - ok
21:26:06.0878 4652  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
21:26:06.0889 4652  vhdmp - ok
21:26:06.0903 4652  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
21:26:06.0912 4652  viaide - ok
21:26:06.0928 4652  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
21:26:06.0938 4652  volmgr - ok
21:26:06.0944 4652  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:26:06.0959 4652  volmgrx - ok
21:26:06.0985 4652  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:26:06.0999 4652  volsnap - ok
21:26:07.0028 4652  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:26:07.0040 4652  vsmraid - ok
21:26:07.0082 4652  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
21:26:07.0112 4652  VSS - ok
21:26:07.0126 4652  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:26:07.0141 4652  vwifibus - ok
21:26:07.0154 4652  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:26:07.0188 4652  W32Time - ok
21:26:07.0204 4652  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:26:07.0215 4652  WacomPen - ok
21:26:07.0229 4652  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:26:07.0261 4652  WANARP - ok
21:26:07.0264 4652  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:26:07.0295 4652  Wanarpv6 - ok
21:26:07.0326 4652  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
21:26:07.0349 4652  wbengine - ok
21:26:07.0363 4652  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:26:07.0379 4652  WbioSrvc - ok
21:26:07.0410 4652  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:26:07.0424 4652  wcncsvc - ok
21:26:07.0436 4652  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:26:07.0449 4652  WcsPlugInService - ok
21:26:07.0452 4652  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:26:07.0461 4652  Wd - ok
21:26:07.0495 4652  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:26:07.0515 4652  Wdf01000 - ok
21:26:07.0530 4652  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:26:07.0546 4652  WdiServiceHost - ok
21:26:07.0549 4652  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:26:07.0565 4652  WdiSystemHost - ok
21:26:07.0580 4652  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
21:26:07.0592 4652  WebClient - ok
21:26:07.0608 4652  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:26:07.0640 4652  Wecsvc - ok
21:26:07.0652 4652  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:26:07.0681 4652  wercplsupport - ok
21:26:07.0705 4652  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:26:07.0737 4652  WerSvc - ok
21:26:07.0751 4652  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:07.0783 4652  WfpLwf - ok
21:26:07.0789 4652  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:26:07.0798 4652  WIMMount - ok
21:26:07.0827 4652  WinDefend - ok
21:26:07.0830 4652  WinHttpAutoProxySvc - ok
21:26:07.0868 4652  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:26:07.0904 4652  Winmgmt - ok
21:26:07.0948 4652  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:26:08.0024 4652  WinRM - ok
21:26:08.0081 4652  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:26:08.0104 4652  WinUsb - ok
21:26:08.0131 4652  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:26:08.0155 4652  Wlansvc - ok
21:26:08.0186 4652  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:26:08.0193 4652  wlcrasvc - ok
21:26:08.0334 4652  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:26:08.0412 4652  wlidsvc - ok
21:26:08.0437 4652  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:26:08.0457 4652  WmiAcpi - ok
21:26:08.0481 4652  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:26:08.0506 4652  wmiApSrv - ok
21:26:08.0555 4652  WMPNetworkSvc - ok
21:26:08.0568 4652  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:26:08.0589 4652  WPCSvc - ok
21:26:08.0601 4652  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:26:08.0614 4652  WPDBusEnum - ok
21:26:08.0635 4652  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:26:08.0669 4652  ws2ifsl - ok
21:26:08.0689 4652  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:26:08.0702 4652  wscsvc - ok
21:26:08.0705 4652  WSearch - ok
21:26:08.0770 4652  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:26:08.0808 4652  wuauserv - ok
21:26:08.0840 4652  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:26:08.0858 4652  WudfPf - ok
21:26:08.0891 4652  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:08.0903 4652  WUDFRd - ok
21:26:08.0935 4652  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:26:08.0949 4652  wudfsvc - ok
21:26:08.0962 4652  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:26:08.0983 4652  WwanSvc - ok
21:26:09.0000 4652  ================ Scan global ===============================
21:26:09.0014 4652  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:26:09.0044 4652  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
21:26:09.0051 4652  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
21:26:09.0065 4652  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:26:09.0091 4652  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:26:09.0094 4652  [Global] - ok
21:26:09.0095 4652  ================ Scan MBR ==================================
21:26:09.0104 4652  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:26:09.0366 4652  \Device\Harddisk0\DR0 - ok
21:26:09.0367 4652  ================ Scan VBR ==================================
21:26:09.0370 4652  [ 0C178D43B4E9FA915F5B7F7F8312BA2F ] \Device\Harddisk0\DR0\Partition1
21:26:09.0372 4652  \Device\Harddisk0\DR0\Partition1 - ok
21:26:09.0387 4652  [ 4EB4C883CA7BBA6C05EDAB1CB53B335A ] \Device\Harddisk0\DR0\Partition2
21:26:09.0390 4652  \Device\Harddisk0\DR0\Partition2 - ok
21:26:09.0407 4652  [ AC987A840BE4F9706C4914DE7BB5B200 ] \Device\Harddisk0\DR0\Partition3
21:26:09.0411 4652  \Device\Harddisk0\DR0\Partition3 - ok
21:26:09.0411 4652  ============================================================
21:26:09.0411 4652  Scan finished
21:26:09.0412 4652  ============================================================
21:26:09.0423 2568  Detected object count: 1
21:26:09.0423 2568  Actual detected object count: 1
21:26:13.0835 2568  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:13.0836 2568  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:27:07.0829 1432  Deinitialize success
         
Eine frage welche verdächtigen Mails? Die auf YouTube?

Alt 15.01.2013, 21:34   #7
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



hi
das ist meine Signatur, wir sammeln spam zur analyse, wenn du sowas bekommst, gerne her damit.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:01   #8
Thomser22
 
YouTube Virus - Standard

YouTube Virus



Code:
ATTFilter
ComboFix 13-01-15.02 - Thomser 15.01.2013  21:45:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.6135.4773 [GMT 1:00]
ausgeführt von:: c:\users\Thomser\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-15 bis 2013-01-15  ))))))))))))))))))))))))))))))
.
.
2013-01-13 18:43 . 2013-01-13 18:43	--------	d-----w-	c:\programdata\ATI
2013-01-13 18:42 . 2013-01-13 18:42	--------	d-----w-	c:\program files (x86)\AMD APP
2013-01-13 18:38 . 2013-01-13 18:38	--------	d-----w-	C:\AMD
2013-01-12 20:39 . 2013-01-12 20:39	--------	d-----w-	c:\users\Thomser\AppData\Local\Programs
2013-01-12 20:11 . 2013-01-12 20:11	--------	d-----w-	c:\users\Thomser\AppData\Roaming\Gyazo
2013-01-12 20:10 . 2013-01-12 20:10	--------	d-----w-	c:\program files (x86)\Gyazo
2013-01-09 13:16 . 2012-11-09 05:34	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 13:16 . 2012-11-09 04:49	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-12-27 20:11 . 2012-12-27 20:11	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-12-23 21:38 . 2012-12-23 21:38	--------	d-----w-	c:\users\Thomser\AppData\Roaming\TuneUp Software
2012-12-23 21:38 . 2012-12-23 21:38	--------	d-----w-	c:\programdata\TuneUp Software
2012-12-23 21:38 . 2012-12-23 21:38	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-23 21:38 . 2012-12-23 21:38	--------	d--h--w-	c:\programdata\Common Files
2012-12-23 21:38 . 2012-12-23 21:38	--------	d-----w-	C:\Mozilla
2012-12-23 21:38 . 2012-12-23 21:38	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-21 11:27 . 2012-12-16 16:52	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 11:27 . 2012-12-16 14:25	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 11:27 . 2012-12-16 14:40	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 11:27 . 2012-12-16 14:25	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 11:44 . 2012-12-20 11:44	--------	d-----w-	c:\program files (x86)\Microsoft XNA
2012-12-20 11:08 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-20 11:08 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\SysWow64\D3DX9_43.dll
2012-12-19 14:55 . 2012-12-19 14:56	--------	d-----w-	c:\users\Thomser\AppData\Local\Risen
2012-12-19 14:53 . 2012-12-19 14:53	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2012-12-19 14:53 . 2012-12-19 14:53	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2012-12-19 14:53 . 2012-12-19 14:53	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-12-19 14:48 . 2012-12-19 14:48	--------	d-----w-	c:\program files (x86)\Deep Silver
2012-12-18 13:00 . 2012-12-18 13:00	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-12-17 15:59 . 2012-12-17 15:59	--------	d-----w-	c:\users\Thomser\AppData\Local\Activision
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:11 . 2012-11-20 19:00	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 17:11 . 2012-11-20 19:00	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-10-05 18:32	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-11 14:40 . 2012-10-16 12:18	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 14:40 . 2012-10-16 12:18	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-03 15:27 . 2012-12-03 15:27	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-12-03 15:27 . 2012-12-03 15:27	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2012-12-03 15:27 . 2012-12-03 15:27	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-11-30 04:56 . 2013-01-09 13:15	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-25 11:05 . 2012-11-20 21:09	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-11-25 11:05 . 2012-11-20 21:07	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-11-25 10:39 . 2012-11-20 21:07	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-11-24 22:24 . 2012-11-20 21:07	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-09 05:34 . 2012-12-12 15:17	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-12 15:17	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:27 . 2012-12-12 15:17	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-12 15:17	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-20 20:56	1521952	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-31 896912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-29 124136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Thomser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-03 14448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 PCDSRVC{5368CD8C-7868C3EA-06020200}_0;PCDSRVC{5368CD8C-7868C3EA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\2reivtudvrk_\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{B368CD8C-FA3611C4-06020200}_0;PCDSRVC{B368CD8C-FA3611C4-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\bimr.x1bgcrb\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{E368CD8C-4733001A-06020200}_0;PCDSRVC{E368CD8C-4733001A-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\eefckdgcxzg2\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-11 565024]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 60747576
*NewlyCreated* - 99704048
*Deregistered* - 60747576
*Deregistered* - 99704048
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 17:11]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001Core.job
- c:\users\Thomser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:30]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001UA.job
- c:\users\Thomser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Thomser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Thomser\AppData\Roaming\Mozilla\Firefox\Profiles\4rb8edhf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7ec784cd-289c-488b-82b3-48f89c48eaf5&apn_ptnrs=%5EAGS&apn_sauid=677678D3-6D6A-443A-BF30-074C198AB737&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2012-12-23 22:38; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-MTA:SA 1.3 - c:\users\Thomser\Desktop\GtaSa\GTA - San Andreas\Uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1 - c:\games\World_of_Tanks\unins000.exe
AddRemove-SOE- - c:\users\Public\Sony Online Entertainment\Installed Games\Uninstaller.exe
AddRemove-PlanetSide 2 PSG - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{5368CD8C-7868C3EA-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\2reivtudvrk_\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{B368CD8C-FA3611C4-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\bimr.x1bgcrb\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{E368CD8C-4733001A-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\eefckdgcxzg2\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-15  21:56:49
ComboFix-quarantined-files.txt  2013-01-15 20:56
.
Vor Suchlauf: 13 Verzeichnis(se), 569.258.151.936 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 569.156.866.048 Bytes frei
.
- - End Of File - - 0856026918F0C4BE61DAE0BED922EFAF
         
Das ist die Log Datei. Aber du hast von einem Neustart geredet allerdings hatte ich keinen Neustart ich zwar ein Weile gewartet aber nichts ist nach dem erstellen der Log Datei passiert...

Alt 15.01.2013, 22:04   #9
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



frage:
sind deine Passwörter zu erraten, oder sind es zufällige Buchstaben und Zahlenkombis?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:06   #10
Thomser22
 
YouTube Virus - Standard

YouTube Virus



Nun ja das ist unterschiedlich bei manchen sachen hab ich ein passwort dass man eigentlich nicht so leicht erraten sollte aber bei anderen sachen hab ich ein einfach zusammengestelltes passwort

Alt 15.01.2013, 22:07   #11
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



wir sprechen von youtube :-)
oder gabs noch probleme mit anderen accs?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:09   #12
Thomser22
 
YouTube Virus - Standard

YouTube Virus



Achso bei YouTube hab ich ein Passwort dass man nicht so leicht herraus findet und mit anderen Accounts hatte ich eig noch nie Probleme...

Alt 15.01.2013, 22:15   #13
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:20   #14
Thomser22
 
YouTube Virus - Standard

YouTube Virus



uh... das kann jetzt ein paar stunden dauern

Alt 15.01.2013, 22:21   #15
markusg
/// Malware-holic
 
YouTube Virus - Standard

YouTube Virus



lass einfach laufen und meld dich, wenns so weit ist
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu YouTube Virus
100%, account, ahnung, andere, anderen, apple, auf einmal, fakelink, free, gefunde, hallo zusammen, kommentare, legit, link, problem, quick, sending, this, usern, vermute, virus, website, white, wirklich, youtube, zusammen



Ähnliche Themen: YouTube Virus


  1. Problem mit Free Youtube Converter-Vermutlich Virus
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (14)
  2. Roll Around Virus nach YouTube-Converter
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (15)
  3. Virus oder Trojaner? Webseitenaufrufe sehr langsam-Sound defekt-Youtube Videos funkt. nicht-nicht gewöhnlich
    Plagegeister aller Art und deren Bekämpfung - 29.01.2015 (11)
  4. Youtube.com -> Weiterleitung auf http://www.youtube.com/java.html
    Plagegeister aller Art und deren Bekämpfung - 22.10.2014 (1)
  5. MSE meldet während Youtube-Besuch Virus DOS/Dexo
    Log-Analyse und Auswertung - 20.09.2014 (5)
  6. Fehlermeldung bei Youtube und Facebook Virus ?oder anderes Problem?
    Alles rund um Windows - 02.07.2014 (4)
  7. Virus Meldung bei Youtube?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (3)
  8. Click to Continue by Youtube Lyrics - Virus?
    Log-Analyse und Auswertung - 03.12.2013 (12)
  9. Youtube XSS
    Diskussionsforum - 29.09.2013 (5)
  10. Bei Youtube anwahl Virus Meldung
    Plagegeister aller Art und deren Bekämpfung - 28.09.2013 (5)
  11. Youtube: Seitenladefehler
    Alles rund um Windows - 01.06.2012 (3)
  12. Seitenladefehler beim Aufrufen von Youtube, nur bei Youtube !
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (2)
  13. Seitenladefehler bei Youtube
    Plagegeister aller Art und deren Bekämpfung - 21.10.2011 (1)
  14. Youtube - Seitenladefahler
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (26)
  15. Habe ein Virus über gefälschte YouTube Internetseite bekommen !
    Plagegeister aller Art und deren Bekämpfung - 07.05.2009 (8)
  16. youtube downloader
    Diskussionsforum - 10.08.2008 (8)
  17. Youtube Hijack?
    Log-Analyse und Auswertung - 24.10.2007 (4)

Zum Thema YouTube Virus - Hallo zusammen, ich hab ein Problem nämlich ich habe einen eigenen YouTube Account und habe bemerkt dass ich auf einmal Post bekommen habe wo z.B. drin stande dass ich diese - YouTube Virus...
Archiv
Du betrachtest: YouTube Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.