Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - Reatogo

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.01.2013, 19:04   #31
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Ja geht, was jetz? Kann ich Avira und so wieder anschalten?

Alt 22.01.2013, 19:05   #32
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



weiter hiermit:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 22.01.2013, 19:09   #33
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



19:07:36.0019 1476 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:07:36.0534 1476 ============================================================
19:07:36.0534 1476 Current date / time: 2013/01/22 19:07:36.0534
19:07:36.0534 1476 SystemInfo:
19:07:36.0534 1476
19:07:36.0534 1476 OS Version: 6.0.6002 ServicePack: 2.0
19:07:36.0534 1476 Product type: Workstation
19:07:36.0534 1476 ComputerName: PC-PC
19:07:36.0534 1476 UserName: PC
19:07:36.0534 1476 Windows directory: C:\Windows
19:07:36.0534 1476 System windows directory: C:\Windows
19:07:36.0534 1476 Processor architecture: Intel x86
19:07:36.0534 1476 Number of processors: 2
19:07:36.0534 1476 Page size: 0x1000
19:07:36.0534 1476 Boot type: Normal boot
19:07:36.0534 1476 ============================================================
19:07:38.0172 1476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:07:38.0234 1476 ============================================================
19:07:38.0234 1476 \Device\Harddisk0\DR0:
19:07:38.0250 1476 MBR partitions:
19:07:38.0265 1476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x22B02B02, BlocksNum 0x292ABBF
19:07:38.0265 1476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22B01800
19:07:38.0265 1476 ============================================================
19:07:38.0328 1476 C: <-> \Device\Harddisk0\DR0\Partition2
19:07:38.0328 1476 D: <-> \Device\Harddisk0\DR0\Partition1
19:07:38.0328 1476 ============================================================
19:07:38.0343 1476 Initialize success
19:07:38.0343 1476 ============================================================
19:07:52.0352 4136 ============================================================
19:07:52.0352 4136 Scan started
19:07:52.0352 4136 Mode: Manual; SigCheck; TDLFS;
19:07:52.0352 4136 ============================================================
19:07:54.0926 4136 ================ Scan system memory ========================
19:07:54.0926 4136 System memory - ok
19:07:54.0926 4136 ================ Scan services =============================
19:07:57.0266 4136 1394hub - ok
19:07:57.0672 4136 [ 5ABD10518DEC48B4FA5FFC03B73402E5 ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys
19:07:58.0249 4136 3xHybrid - ok
19:07:58.0389 4136 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:07:58.0467 4136 ACPI - ok
19:07:58.0592 4136 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:07:58.0639 4136 AdobeFlashPlayerUpdateSvc - ok
19:07:58.0701 4136 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:07:58.0748 4136 adp94xx - ok
19:07:58.0779 4136 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:07:58.0826 4136 adpahci - ok
19:07:58.0842 4136 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:07:58.0873 4136 adpu160m - ok
19:07:58.0967 4136 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:07:58.0998 4136 adpu320 - ok
19:07:59.0091 4136 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\Windows\system32\DRIVERS\AegisP.sys
19:07:59.0138 4136 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:07:59.0138 4136 AegisP - detected UnsignedFile.Multi.Generic (1)
19:07:59.0169 4136 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:07:59.0294 4136 AeLookupSvc - ok
19:07:59.0341 4136 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:07:59.0435 4136 AFD - ok
19:07:59.0466 4136 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:07:59.0513 4136 aic78xx - ok
19:07:59.0575 4136 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:07:59.0762 4136 ALG - ok
19:07:59.0793 4136 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
19:07:59.0825 4136 aliide - ok
19:07:59.0856 4136 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:07:59.0887 4136 amdagp - ok
19:07:59.0903 4136 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
19:07:59.0965 4136 amdide - ok
19:07:59.0996 4136 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:08:00.0183 4136 AmdK7 - ok
19:08:00.0261 4136 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:08:00.0386 4136 AmdK8 - ok
19:08:00.0620 4136 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:08:00.0729 4136 AntiVirSchedulerService - ok
19:08:00.0761 4136 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:08:00.0792 4136 AntiVirService - ok
19:08:00.0839 4136 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:08:00.0901 4136 Appinfo - ok
19:08:01.0166 4136 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:08:01.0182 4136 Apple Mobile Device - ok
19:08:01.0260 4136 [ 2C349460E40EF6B9604D774AAF367730 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
19:08:01.0338 4136 Application Updater ( UnsignedFile.Multi.Generic ) - warning
19:08:01.0338 4136 Application Updater - detected UnsignedFile.Multi.Generic (1)
19:08:01.0385 4136 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:08:01.0416 4136 arc - ok
19:08:01.0447 4136 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:08:01.0478 4136 arcsas - ok
19:08:01.0619 4136 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:08:01.0697 4136 aspnet_state - ok
19:08:01.0743 4136 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:01.0821 4136 AsyncMac - ok
19:08:01.0899 4136 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:08:01.0915 4136 atapi - ok
19:08:01.0993 4136 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:02.0071 4136 AudioEndpointBuilder - ok
19:08:02.0071 4136 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:08:02.0118 4136 Audiosrv - ok
19:08:02.0165 4136 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:08:02.0196 4136 avgntflt - ok
19:08:02.0211 4136 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:08:02.0243 4136 avipbb - ok
19:08:02.0258 4136 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:08:02.0274 4136 avkmgr - ok
19:08:02.0321 4136 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:08:02.0367 4136 Beep - ok
19:08:02.0430 4136 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:08:02.0539 4136 BFE - ok
19:08:02.0773 4136 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
19:08:02.0913 4136 BITS - ok
19:08:02.0929 4136 blbdrive - ok
19:08:03.0007 4136 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:08:03.0054 4136 Bonjour Service - ok
19:08:03.0085 4136 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:08:03.0179 4136 bowser - ok
19:08:03.0210 4136 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:08:03.0257 4136 BrFiltLo - ok
19:08:03.0288 4136 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:08:03.0381 4136 BrFiltUp - ok
19:08:03.0428 4136 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:08:03.0506 4136 Browser - ok
19:08:03.0522 4136 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:08:03.0615 4136 Brserid - ok
19:08:03.0647 4136 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:08:03.0740 4136 BrSerWdm - ok
19:08:03.0771 4136 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:08:03.0865 4136 BrUsbMdm - ok
19:08:03.0896 4136 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:08:04.0021 4136 BrUsbSer - ok
19:08:04.0068 4136 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:08:04.0161 4136 BTHMODEM - ok
19:08:04.0208 4136 catchme - ok
19:08:04.0239 4136 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:08:04.0302 4136 cdfs - ok
19:08:04.0349 4136 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:08:04.0411 4136 cdrom - ok
19:08:04.0458 4136 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:08:04.0505 4136 CertPropSvc - ok
19:08:05.0409 4136 [ 6B19D86AFD6157CDE6BED55CBF9F4CA2 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
19:08:05.0706 4136 CGVPNCliSrvc - ok
19:08:05.0784 4136 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:08:05.0893 4136 circlass - ok
19:08:06.0111 4136 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:08:06.0189 4136 CLFS - ok
19:08:06.0501 4136 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:06.0564 4136 clr_optimization_v2.0.50727_32 - ok
19:08:06.0611 4136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:06.0657 4136 clr_optimization_v4.0.30319_32 - ok
19:08:06.0720 4136 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:08:06.0782 4136 cmdide - ok
19:08:06.0813 4136 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:08:06.0860 4136 Compbatt - ok
19:08:06.0876 4136 COMSysApp - ok
19:08:06.0907 4136 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:08:06.0954 4136 crcdisk - ok
19:08:06.0985 4136 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:08:07.0094 4136 Crusoe - ok
19:08:07.0157 4136 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:08:07.0188 4136 CryptSvc - ok
19:08:07.0266 4136 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:08:07.0328 4136 DcomLaunch - ok
19:08:07.0344 4136 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:08:07.0422 4136 DfsC - ok
19:08:07.0531 4136 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:08:07.0703 4136 DFSR - ok
19:08:07.0859 4136 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:08:07.0937 4136 Dhcp - ok
19:08:07.0983 4136 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:08:08.0015 4136 disk - ok
19:08:08.0093 4136 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:08:08.0155 4136 Dnscache - ok
19:08:08.0171 4136 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:08:08.0233 4136 dot3svc - ok
19:08:08.0264 4136 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:08:08.0327 4136 DPS - ok
19:08:08.0373 4136 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:08:08.0467 4136 drmkaud - ok
19:08:08.0654 4136 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:08:08.0717 4136 DXGKrnl - ok
19:08:08.0779 4136 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:08:08.0873 4136 E1G60 - ok
19:08:08.0935 4136 EagleNT - ok
19:08:08.0951 4136 EagleXNt - ok
19:08:08.0966 4136 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:08:09.0013 4136 EapHost - ok
19:08:09.0060 4136 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:08:09.0091 4136 Ecache - ok
19:08:09.0263 4136 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:08:09.0341 4136 ehRecvr - ok
19:08:09.0419 4136 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:08:09.0481 4136 ehSched - ok
19:08:09.0512 4136 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:08:09.0543 4136 ehstart - ok
19:08:09.0590 4136 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:08:09.0637 4136 elxstor - ok
19:08:09.0777 4136 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:08:09.0933 4136 EMDMgmt - ok
19:08:09.0980 4136 [ 6B93B103242C3C30F850F53DBE39ED88 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
19:08:09.0996 4136 EuMusDesignVirtualAudioCableWdm - ok
19:08:10.0121 4136 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:08:10.0183 4136 EventSystem - ok
19:08:10.0277 4136 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:08:10.0355 4136 exfat - ok
19:08:10.0401 4136 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:08:10.0464 4136 fastfat - ok
19:08:10.0542 4136 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:08:10.0651 4136 fdc - ok
19:08:10.0776 4136 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:08:10.0838 4136 fdPHost - ok
19:08:10.0916 4136 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:08:11.0010 4136 FDResPub - ok
19:08:11.0072 4136 [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V C:\Windows\system32\DRIVERS\fetnd5bv.sys
19:08:11.0135 4136 FET5X86V - ok
19:08:11.0166 4136 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
19:08:11.0228 4136 FETNDIS - ok
19:08:11.0275 4136 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:08:11.0306 4136 FileInfo - ok
19:08:11.0337 4136 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:08:11.0400 4136 Filetrace - ok
19:08:11.0478 4136 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:11.0556 4136 flpydisk - ok
19:08:11.0649 4136 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:08:11.0696 4136 FltMgr - ok
19:08:11.0774 4136 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:08:11.0852 4136 FontCache - ok
19:08:12.0071 4136 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:12.0117 4136 FontCache3.0.0.0 - ok
19:08:12.0149 4136 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:08:12.0227 4136 Fs_Rec - ok
19:08:12.0258 4136 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:08:12.0305 4136 gagp30kx - ok
19:08:12.0351 4136 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:08:12.0367 4136 GEARAspiWDM - ok
19:08:12.0414 4136 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:08:12.0507 4136 gpsvc - ok
19:08:12.0570 4136 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9d1b1cd38dff8 C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:12.0585 4136 gupdate1c9d1b1cd38dff8 - ok
19:08:12.0632 4136 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:12.0648 4136 gupdatem - ok
19:08:12.0679 4136 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:08:12.0710 4136 gusvc - ok
19:08:12.0757 4136 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:08:12.0835 4136 HdAudAddService - ok
19:08:12.0929 4136 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:13.0007 4136 HDAudBus - ok
19:08:13.0038 4136 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:08:13.0100 4136 HidBth - ok
19:08:13.0163 4136 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:08:13.0303 4136 HidIr - ok
19:08:13.0381 4136 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
19:08:13.0443 4136 hidserv - ok
19:08:13.0475 4136 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:08:13.0537 4136 HidUsb - ok
19:08:13.0599 4136 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:08:13.0771 4136 hkmsvc - ok
19:08:13.0802 4136 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:08:13.0849 4136 HpCISSs - ok
19:08:13.0896 4136 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:08:14.0005 4136 HTTP - ok
19:08:14.0021 4136 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:08:14.0036 4136 i2omp - ok
19:08:14.0083 4136 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:14.0130 4136 i8042prt - ok
19:08:14.0161 4136 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:08:14.0192 4136 iaStorV - ok
19:08:14.0255 4136 [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
19:08:14.0301 4136 ICQ Service - ok
19:08:14.0473 4136 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:08:14.0520 4136 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0520 4136 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:08:14.0598 4136 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:14.0691 4136 idsvc - ok
19:08:14.0723 4136 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:08:14.0754 4136 iirsp - ok
19:08:14.0941 4136 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:08:15.0035 4136 IKEEXT - ok
19:08:15.0737 4136 [ 5D854CBAC8B7B4B964406F9808C95FAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:08:15.0893 4136 IntcAzAudAddService - ok
19:08:15.0924 4136 [ E5EA1C17DA5065032E346591FF64F3AF ] intelide C:\Windows\system32\drivers\intelide.sys
19:08:15.0939 4136 intelide - ok
19:08:15.0986 4136 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:08:16.0033 4136 intelppm - ok
19:08:16.0064 4136 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:08:16.0142 4136 IPBusEnum - ok
19:08:16.0173 4136 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:16.0251 4136 IpFilterDriver - ok
19:08:16.0376 4136 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:08:16.0423 4136 iphlpsvc - ok
19:08:16.0439 4136 IpInIp - ok
19:08:16.0470 4136 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:08:16.0563 4136 IPMIDRV - ok
19:08:16.0595 4136 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:08:16.0657 4136 IPNAT - ok
19:08:16.0735 4136 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:08:16.0766 4136 iPod Service - ok
19:08:16.0813 4136 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:08:16.0875 4136 IRENUM - ok
19:08:16.0922 4136 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:08:16.0969 4136 isapnp - ok
19:08:17.0016 4136 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:08:17.0031 4136 iScsiPrt - ok
19:08:17.0047 4136 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:08:17.0063 4136 iteatapi - ok
19:08:17.0094 4136 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:08:17.0109 4136 iteraid - ok
19:08:17.0141 4136 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:17.0172 4136 kbdclass - ok
19:08:17.0187 4136 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:17.0234 4136 kbdhid - ok
19:08:17.0250 4136 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:08:17.0297 4136 KeyIso - ok
19:08:17.0343 4136 [ D8DF201E64B455DE473FEFD4A7A7AF0C ] KMWDFilter C:\Windows\System32\Drivers\KMWDFilter.SYS
19:08:17.0406 4136 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0406 4136 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
19:08:17.0437 4136 [ 393B6C708B318C457317A32A1F45C545 ] KMWDSERVICE C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe
19:08:17.0468 4136 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0468 4136 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
19:08:17.0499 4136 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:08:17.0546 4136 KSecDD - ok
19:08:17.0718 4136 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:08:17.0827 4136 KtmRm - ok
19:08:17.0843 4136 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
19:08:17.0889 4136 LanmanServer - ok
19:08:17.0936 4136 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:08:17.0967 4136 LanmanWorkstation - ok
19:08:18.0030 4136 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:08:18.0077 4136 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0077 4136 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:08:18.0108 4136 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:08:18.0155 4136 lltdio - ok
19:08:18.0264 4136 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:08:18.0342 4136 lltdsvc - ok
19:08:18.0373 4136 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:08:18.0482 4136 lmhosts - ok
19:08:18.0513 4136 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:08:18.0560 4136 LSI_FC - ok
19:08:18.0591 4136 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:08:18.0623 4136 LSI_SAS - ok
19:08:18.0654 4136 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:08:18.0669 4136 LSI_SCSI - ok
19:08:18.0701 4136 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:08:18.0763 4136 luafv - ok
19:08:18.0841 4136 [ AB694FA24E02246F9DDCDD729D6B9278 ] lxdnCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
19:08:18.0888 4136 lxdnCATSCustConnectService - ok
19:08:18.0919 4136 lxdn_device - ok
19:08:19.0059 4136 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
19:08:19.0122 4136 McComponentHostService - ok
19:08:19.0184 4136 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:08:19.0247 4136 Mcx2Svc - ok
19:08:19.0278 4136 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:08:19.0293 4136 megasas - ok
19:08:19.0371 4136 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:08:19.0434 4136 MMCSS - ok
19:08:19.0496 4136 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:08:19.0559 4136 Modem - ok
19:08:19.0590 4136 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:08:19.0637 4136 monitor - ok
19:08:19.0668 4136 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:08:19.0683 4136 mouclass - ok
19:08:19.0699 4136 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:08:19.0730 4136 mouhid - ok
19:08:19.0824 4136 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:08:19.0871 4136 MountMgr - ok
19:08:19.0949 4136 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:08:19.0964 4136 MozillaMaintenance - ok
19:08:20.0027 4136 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:08:20.0058 4136 mpio - ok
19:08:20.0105 4136 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:08:20.0136 4136 mpsdrv - ok
19:08:20.0323 4136 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:08:20.0417 4136 MpsSvc - ok
19:08:20.0463 4136 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:08:20.0510 4136 Mraid35x - ok
19:08:20.0557 4136 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:08:20.0604 4136 MRxDAV - ok
19:08:20.0666 4136 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:20.0729 4136 mrxsmb - ok
19:08:20.0791 4136 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:20.0838 4136 mrxsmb10 - ok
19:08:20.0853 4136 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:20.0916 4136 mrxsmb20 - ok
19:08:20.0947 4136 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
19:08:20.0978 4136 msahci - ok
19:08:21.0072 4136 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:08:21.0134 4136 msdsm - ok
19:08:21.0165 4136 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:08:21.0275 4136 MSDTC - ok
19:08:21.0353 4136 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:08:21.0415 4136 Msfs - ok
19:08:21.0477 4136 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:08:21.0509 4136 msisadrv - ok
19:08:21.0618 4136 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:08:21.0727 4136 MSiSCSI - ok
19:08:21.0727 4136 msiserver - ok
19:08:21.0774 4136 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:08:21.0836 4136 MSKSSRV - ok
19:08:21.0883 4136 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:21.0945 4136 MSPCLOCK - ok
19:08:21.0977 4136 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:08:22.0023 4136 MSPQM - ok
19:08:22.0164 4136 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:08:22.0226 4136 MsRPC - ok
19:08:22.0257 4136 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:22.0273 4136 mssmbios - ok
19:08:22.0304 4136 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:08:22.0367 4136 MSTEE - ok
19:08:22.0413 4136 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:08:22.0460 4136 Mup - ok
19:08:22.0538 4136 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:08:22.0601 4136 napagent - ok
19:08:22.0663 4136 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:08:22.0710 4136 NativeWifiP - ok
19:08:22.0757 4136 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:08:22.0803 4136 NDIS - ok
19:08:22.0881 4136 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:22.0944 4136 NdisTapi - ok
19:08:22.0975 4136 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:23.0022 4136 Ndisuio - ok
19:08:23.0115 4136 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:23.0193 4136 NdisWan - ok
19:08:23.0287 4136 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:08:23.0365 4136 NDProxy - ok
19:08:23.0396 4136 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:08:23.0474 4136 NetBIOS - ok
19:08:23.0537 4136 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:08:23.0630 4136 netbt - ok
19:08:23.0661 4136 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:08:23.0677 4136 Netlogon - ok
19:08:23.0724 4136 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:08:23.0864 4136 Netman - ok
19:08:23.0911 4136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:08:23.0973 4136 NetMsmqActivator - ok
19:08:24.0005 4136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:08:24.0020 4136 NetPipeActivator - ok
19:08:24.0051 4136 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:08:24.0114 4136 netprofm - ok
19:08:24.0145 4136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:08:24.0161 4136 NetTcpActivator - ok
19:08:24.0176 4136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:08:24.0192 4136 NetTcpPortSharing - ok
19:08:24.0285 4136 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:08:24.0332 4136 nfrd960 - ok
19:08:24.0379 4136 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:08:24.0457 4136 NlaSvc - ok
19:08:24.0519 4136 NMIndexingService - ok
19:08:24.0551 4136 Norton PC Checkup Application Launcher - ok
19:08:24.0582 4136 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:08:24.0660 4136 Npfs - ok
19:08:24.0691 4136 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:08:24.0785 4136 nsi - ok
19:08:24.0816 4136 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:08:24.0909 4136 nsiproxy - ok
19:08:25.0143 4136 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:08:25.0284 4136 Ntfs - ok
19:08:25.0331 4136 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:08:25.0409 4136 ntrigdigi - ok
19:08:25.0440 4136 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:08:25.0487 4136 Null - ok
19:08:25.0986 4136 [ 2D47C87CD0290E3989639554F0C01444 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:26.0625 4136 nvlddmkm - ok
19:08:26.0657 4136 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:08:26.0719 4136 nvraid - ok
19:08:26.0750 4136 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:08:26.0766 4136 nvstor - ok
19:08:26.0797 4136 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:08:26.0844 4136 nv_agp - ok
19:08:26.0859 4136 NwlnkFlt - ok
19:08:26.0859 4136 NwlnkFwd - ok
19:08:26.0906 4136 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:08:27.0000 4136 ohci1394 - ok
19:08:27.0156 4136 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:08:27.0265 4136 p2pimsvc - ok
19:08:27.0281 4136 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:08:27.0312 4136 p2psvc - ok
19:08:27.0343 4136 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:08:27.0374 4136 Parport - ok
19:08:27.0405 4136 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:08:27.0437 4136 partmgr - ok
19:08:27.0452 4136 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:08:27.0499 4136 Parvdm - ok
19:08:27.0530 4136 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:08:27.0624 4136 PcaSvc - ok
19:08:27.0639 4136 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:08:27.0671 4136 pci - ok
19:08:27.0702 4136 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
19:08:27.0749 4136 pciide - ok
19:08:27.0780 4136 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:08:27.0811 4136 pcmcia - ok
19:08:27.0842 4136 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:08:28.0029 4136 PEAUTH - ok
19:08:28.0638 4136 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:08:28.0919 4136 pla - ok
19:08:28.0950 4136 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:08:29.0028 4136 PlugPlay - ok
19:08:29.0075 4136 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:08:29.0106 4136 PNRPAutoReg - ok
19:08:29.0309 4136 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:08:29.0371 4136 PNRPsvc - ok
19:08:29.0402 4136 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:08:29.0527 4136 PolicyAgent - ok
19:08:29.0558 4136 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:08:29.0636 4136 PptpMiniport - ok
19:08:29.0667 4136 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:08:29.0761 4136 Processor - ok
19:08:29.0870 4136 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:08:29.0917 4136 ProfSvc - ok
19:08:29.0933 4136 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:08:29.0948 4136 ProtectedStorage - ok
19:08:30.0026 4136 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:08:30.0120 4136 PSched - ok
19:08:30.0167 4136 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:08:30.0260 4136 ql2300 - ok
19:08:30.0338 4136 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:08:30.0369 4136 ql40xx - ok
19:08:30.0463 4136 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:08:30.0510 4136 QWAVE - ok
19:08:30.0588 4136 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:08:30.0666 4136 QWAVEdrv - ok
19:08:30.0993 4136 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:08:31.0305 4136 R300 - ok
19:08:31.0352 4136 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:08:31.0430 4136 RasAcd - ok
19:08:31.0493 4136 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:08:31.0586 4136 RasAuto - ok
19:08:31.0664 4136 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:31.0758 4136 Rasl2tp - ok
19:08:31.0914 4136 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:08:32.0039 4136 RasMan - ok
19:08:32.0117 4136 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:32.0195 4136 RasPppoe - ok
19:08:32.0241 4136 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:08:32.0304 4136 RasSstp - ok
19:08:32.0444 4136 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:08:32.0538 4136 rdbss - ok
19:08:32.0600 4136 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:32.0694 4136 RDPCDD - ok
19:08:32.0819 4136 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:08:32.0959 4136 rdpdr - ok
19:08:33.0006 4136 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:08:33.0084 4136 RDPENCDD - ok
19:08:33.0209 4136 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:08:33.0287 4136 RDPWD - ok
19:08:33.0333 4136 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:08:33.0396 4136 RemoteAccess - ok
19:08:33.0427 4136 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:08:33.0489 4136 RemoteRegistry - ok
19:08:33.0567 4136 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:08:33.0614 4136 RpcLocator - ok
19:08:33.0942 4136 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:08:34.0035 4136 RpcSs - ok
19:08:34.0113 4136 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:08:34.0207 4136 rspndr - ok
19:08:34.0269 4136 [ ABDC839BD1C53F9C17449B10221CB942 ] RT73 C:\Windows\system32\DRIVERS\rt73.sys
19:08:34.0347 4136 RT73 - ok
19:08:34.0472 4136 [ B095D0F2511C6B22BC03F32BBD3EEEAB ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
19:08:34.0550 4136 RTL8187B - ok
19:08:34.0581 4136 [ F96D7A73E4F31509FBB97D128C88E308 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
19:08:34.0644 4136 RtlProt ( UnsignedFile.Multi.Generic ) - warning
19:08:34.0644 4136 RtlProt - detected UnsignedFile.Multi.Generic (1)
19:08:34.0675 4136 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:08:34.0691 4136 SamSs - ok
19:08:34.0769 4136 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:08:34.0815 4136 sbp2port - ok
19:08:34.0909 4136 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:08:35.0018 4136 SCardSvr - ok
19:08:35.0065 4136 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:08:35.0159 4136 Schedule - ok
19:08:35.0237 4136 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:08:35.0252 4136 SCPolicySvc - ok
19:08:35.0299 4136 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:08:35.0346 4136 SDRSVC - ok
19:08:35.0424 4136 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:08:35.0517 4136 secdrv - ok
19:08:35.0627 4136 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:08:35.0673 4136 seclogon - ok
19:08:35.0705 4136 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:08:35.0767 4136 SENS - ok
19:08:35.0845 4136 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:08:35.0907 4136 Serenum - ok
19:08:35.0939 4136 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:08:35.0985 4136 Serial - ok
19:08:36.0001 4136 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:08:36.0032 4136 sermouse - ok
19:08:36.0141 4136 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:08:36.0204 4136 SessionEnv - ok
19:08:36.0282 4136 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:08:36.0391 4136 sffdisk - ok
19:08:36.0422 4136 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:08:36.0516 4136 sffp_mmc - ok
19:08:36.0531 4136 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:08:36.0594 4136 sffp_sd - ok
19:08:36.0625 4136 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:08:36.0781 4136 sfloppy - ok
19:08:36.0937 4136 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:08:36.0999 4136 SharedAccess - ok
19:08:37.0124 4136 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:37.0187 4136 ShellHWDetection - ok
19:08:37.0249 4136 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:08:37.0327 4136 SiSRaid2 - ok
19:08:37.0358 4136 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:08:37.0405 4136 SiSRaid4 - ok
19:08:37.0421 4136 SjyPkt - ok
19:08:37.0499 4136 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:08:37.0655 4136 SkypeUpdate - ok
19:08:38.0045 4136 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:08:38.0325 4136 slsvc - ok
19:08:38.0419 4136 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:08:38.0497 4136 SLUINotify - ok
19:08:38.0575 4136 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:08:38.0669 4136 Smb - ok
19:08:38.0715 4136 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:08:38.0778 4136 SNMPTRAP - ok
19:08:38.0825 4136 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:08:38.0871 4136 spldr - ok
19:08:38.0918 4136 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:08:38.0965 4136 Spooler - ok
19:08:38.0996 4136 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:08:39.0074 4136 srv - ok
19:08:39.0090 4136 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:08:39.0183 4136 srv2 - ok
19:08:39.0199 4136 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:08:39.0261 4136 srvnet - ok
19:08:39.0293 4136 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:08:39.0371 4136 SSDPSRV - ok
19:08:39.0402 4136 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:08:39.0449 4136 ssmdrv - ok
19:08:39.0495 4136 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:08:39.0558 4136 SstpSvc - ok
19:08:39.0620 4136 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:08:39.0698 4136 stisvc - ok
19:08:39.0729 4136 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:08:39.0776 4136 swenum - ok
19:08:39.0823 4136 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:08:39.0932 4136 swprv - ok
19:08:39.0979 4136 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:08:39.0995 4136 Symc8xx - ok
19:08:40.0026 4136 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:08:40.0073 4136 Sym_hi - ok
19:08:40.0104 4136 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:08:40.0166 4136 Sym_u3 - ok
19:08:40.0213 4136 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:08:40.0275 4136 SysMain - ok
19:08:40.0322 4136 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:40.0369 4136 TabletInputService - ok
19:08:40.0416 4136 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:08:40.0494 4136 TapiSrv - ok
19:08:40.0525 4136 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:08:40.0587 4136 TBS - ok
19:08:40.0634 4136 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:08:40.0743 4136 Tcpip - ok
19:08:40.0775 4136 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:08:40.0853 4136 Tcpip6 - ok
19:08:40.0884 4136 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:08:40.0931 4136 tcpipreg - ok
19:08:40.0977 4136 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:08:41.0040 4136 TDPIPE - ok
19:08:41.0071 4136 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:08:41.0133 4136 TDTCP - ok
19:08:41.0165 4136 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:08:41.0211 4136 tdx - ok
19:08:41.0274 4136 [ D827A50CEC8A16180EEC4F1951B7A842 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
19:08:41.0305 4136 TeamViewer5 - ok
19:08:41.0321 4136 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:08:41.0352 4136 TermDD - ok
19:08:41.0367 4136 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:08:41.0461 4136 TermService - ok
19:08:41.0492 4136 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:08:41.0508 4136 Themes - ok
19:08:41.0523 4136 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:08:41.0555 4136 THREADORDER - ok
19:08:41.0586 4136 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:08:41.0679 4136 TrkWks - ok
19:08:41.0726 4136 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:41.0789 4136 TrustedInstaller - ok
19:08:41.0835 4136 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:41.0898 4136 tssecsrv - ok
19:08:41.0945 4136 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:08:41.0976 4136 tunmp - ok
19:08:42.0007 4136 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:08:42.0023 4136 tunnel - ok
19:08:42.0054 4136 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:08:42.0085 4136 uagp35 - ok
19:08:42.0116 4136 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:08:42.0225 4136 udfs - ok
19:08:42.0272 4136 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:08:42.0319 4136 UI0Detect - ok
19:08:42.0350 4136 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:08:42.0413 4136 uliagpkx - ok
19:08:42.0444 4136 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:08:42.0522 4136 uliahci - ok
19:08:42.0553 4136 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:08:42.0584 4136 UlSata - ok
19:08:42.0600 4136 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:08:42.0631 4136 ulsata2 - ok
19:08:42.0662 4136 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:08:42.0725 4136 umbus - ok
19:08:42.0787 4136 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:08:42.0849 4136 upnphost - ok
19:08:42.0881 4136 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:08:42.0927 4136 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:08:42.0927 4136 USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:08:42.0974 4136 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:08:43.0037 4136 usbaudio - ok
19:08:43.0099 4136 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:43.0177 4136 usbccgp - ok
19:08:43.0224 4136 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:08:43.0333 4136 usbcir - ok
19:08:43.0364 4136 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:08:43.0427 4136 usbehci - ok
19:08:43.0473 4136 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:08:43.0520 4136 usbhub - ok
19:08:43.0551 4136 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:08:43.0645 4136 usbohci - ok
19:08:43.0661 4136 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:08:43.0723 4136 usbprint - ok
19:08:43.0754 4136 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:08:43.0801 4136 usbscan - ok
19:08:43.0848 4136 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:43.0879 4136 USBSTOR - ok
19:08:43.0895 4136 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:08:43.0957 4136 usbuhci - ok
19:08:43.0988 4136 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:08:44.0051 4136 UxSms - ok
19:08:44.0097 4136 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:08:44.0175 4136 vds - ok
19:08:44.0222 4136 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:44.0347 4136 vga - ok
19:08:44.0378 4136 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:08:44.0425 4136 VgaSave - ok
19:08:44.0441 4136 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:08:44.0472 4136 viaagp - ok
19:08:44.0503 4136 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:08:44.0565 4136 ViaC7 - ok
19:08:44.0612 4136 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:08:44.0628 4136 viaide - ok
19:08:44.0643 4136 [ AA3E6722843540B9C8EC5257E3D4B675 ] ViBus C:\Windows\system32\DRIVERS\ViBus.sys
19:08:44.0675 4136 ViBus - ok
19:08:44.0675 4136 videX32 - ok
19:08:44.0706 4136 [ A1B7CFFE5F09B825FBA506C4DE9FDAC7 ] ViPrt C:\Windows\system32\DRIVERS\ViPrt.sys
19:08:44.0737 4136 ViPrt - ok
19:08:44.0768 4136 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:08:44.0784 4136 volmgr - ok
19:08:44.0815 4136 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:08:44.0862 4136 volmgrx - ok
19:08:44.0893 4136 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:08:44.0955 4136 volsnap - ok
19:08:44.0987 4136 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:08:45.0033 4136 vsmraid - ok
19:08:45.0096 4136 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:08:45.0267 4136 VSS - ok
19:08:45.0314 4136 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:08:45.0392 4136 W32Time - ok
19:08:45.0423 4136 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:08:45.0501 4136 WacomPen - ok
19:08:45.0548 4136 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:08:45.0595 4136 Wanarp - ok
19:08:45.0595 4136 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:08:45.0626 4136 Wanarpv6 - ok
19:08:45.0657 4136 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:08:45.0704 4136 wcncsvc - ok
19:08:45.0735 4136 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:45.0798 4136 WcsPlugInService - ok
19:08:45.0829 4136 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:08:45.0860 4136 Wd - ok
19:08:45.0891 4136 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:08:45.0969 4136 Wdf01000 - ok
19:08:46.0001 4136 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:08:46.0094 4136 WdiServiceHost - ok
19:08:46.0094 4136 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:08:46.0125 4136 WdiSystemHost - ok
19:08:46.0157 4136 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:08:46.0235 4136 WebClient - ok
19:08:46.0250 4136 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:08:46.0297 4136 Wecsvc - ok
19:08:46.0344 4136 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:08:46.0391 4136 wercplsupport - ok
19:08:46.0437 4136 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:08:46.0484 4136 WerSvc - ok
19:08:46.0531 4136 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:08:46.0593 4136 WinDefend - ok
19:08:46.0609 4136 WinHttpAutoProxySvc - ok
19:08:46.0671 4136 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:08:46.0734 4136 Winmgmt - ok
19:08:46.0781 4136 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:08:46.0905 4136 WinRM - ok
19:08:46.0952 4136 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:08:47.0015 4136 Wlansvc - ok
19:08:47.0124 4136 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:08:47.0327 4136 wlidsvc - ok
19:08:47.0358 4136 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:08:47.0467 4136 WmiAcpi - ok
19:08:47.0498 4136 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:08:47.0545 4136 wmiApSrv - ok
19:08:47.0592 4136 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:08:47.0685 4136 WMPNetworkSvc - ok
19:08:47.0701 4136 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:08:47.0763 4136 WPCSvc - ok
19:08:47.0810 4136 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:08:47.0888 4136 WPDBusEnum - ok
19:08:47.0904 4136 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:08:47.0966 4136 WpdUsb - ok
19:08:48.0044 4136 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:08:48.0122 4136 WPFFontCache_v0400 - ok
19:08:48.0169 4136 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:08:48.0247 4136 ws2ifsl - ok
19:08:48.0294 4136 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
19:08:48.0341 4136 wscsvc - ok
19:08:48.0341 4136 WSearch - ok
19:08:48.0434 4136 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:08:48.0606 4136 wuauserv - ok
19:08:48.0653 4136 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:48.0699 4136 WUDFRd - ok
19:08:48.0746 4136 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:08:48.0809 4136 wudfsvc - ok
19:08:48.0855 4136 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
19:08:48.0871 4136 X10Hid - ok
19:08:48.0918 4136 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:08:48.0933 4136 x10nets ( UnsignedFile.Multi.Generic ) - warning
19:08:48.0933 4136 x10nets - detected UnsignedFile.Multi.Generic (1)
19:08:48.0996 4136 ================ Scan global ===============================
19:08:49.0011 4136 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:08:49.0089 4136 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:08:49.0136 4136 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:08:49.0167 4136 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:08:49.0183 4136 [Global] - ok
19:08:49.0183 4136 ================ Scan MBR ==================================
19:08:49.0214 4136 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:08:49.0729 4136 \Device\Harddisk0\DR0 - ok
19:08:49.0729 4136 ================ Scan VBR ==================================
19:08:49.0729 4136 [ 09B0CA45889E6814B0F783DF4BB637DD ] \Device\Harddisk0\DR0\Partition1
19:08:49.0729 4136 \Device\Harddisk0\DR0\Partition1 - ok
19:08:49.0745 4136 [ 1E130BC7A60E7B6F686326FC092F78DB ] \Device\Harddisk0\DR0\Partition2
19:08:49.0745 4136 \Device\Harddisk0\DR0\Partition2 - ok
19:08:49.0745 4136 ============================================================
19:08:49.0745 4136 Scan finished
19:08:49.0745 4136 ============================================================
19:08:49.0760 4292 Detected object count: 9
19:08:49.0760 4292 Actual detected object count: 9
19:08:54.0596 4292 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0596 4292 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0596 4292 Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0596 4292 Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0596 4292 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0596 4292 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0596 4292 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0596 4292 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0612 4292 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0612 4292 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0612 4292 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0612 4292 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0612 4292 RtlProt ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0612 4292 RtlProt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0612 4292 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0612 4292 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:54.0612 4292 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:54.0612 4292 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________

Alt 22.01.2013, 19:28   #34
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 22:30   #35
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.22.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
PC :: PC-PC [Administrator]

22.01.2013 19:31:40
mbam-log-2013-01-22 (19-31-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 452940
Laufzeit: 2 Stunde(n), 47 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3939fd7e-1f2efc7c (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01212013_193705\C_Users\PC\wgsdgsdgdsgsd.exe (Trojan.FakeMS.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01222013_180557\C_Users\PC\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Alt 23.01.2013, 12:26   #36
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



sehr gut.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> GVU Trojaner - Reatogo

Alt 23.01.2013, 13:47   #37
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



4Story 3.4 18.08.2010 1,86GB notwendig
7-Zip 4.65 16.02.2010 3,13MB notwendig
Adobe AIR Adobe Systems Incorporated 28.01.2012 37,5MB 3.1.0.4880 notwendig
Adobe Community Help Adobe Systems Incorporated. 31.01.2012 5,69MB 3.4.980 unbekannt
Adobe Download Assistant Adobe Systems Incorporated 28.01.2012 2,89MB 1.0.6 unbekannt
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.01.2013 11.5.502.146 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.01.2013 11.5.502.146 notwendig
Adobe Reader 9.4.2 - Deutsch Adobe Systems Incorporated 19.03.2011 164MB 9.4.2 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 02.10.2010 11.5.8.612 unbekannt
Adobe Shockwave Player 11.6 Adobe Systems, Inc 25.11.2011 33,3MB 11.6.3.633 unbekannt
Allgemeine Runtime Files (x86) Sereby Corporation 25.11.2011 1.0.3.2 unnötig
Apple Application Support Apple Inc. 11.01.2013 65,0MB 2.3.2 unnötig
Apple Mobile Device Support Apple Inc. 11.01.2013 24,5MB 6.0.1.3 unnötig
Apple Software Update Apple Inc. 21.07.2011 2,38MB 2.1.3.127 unnötig
Ask Toolbar Ask.com 18.07.2009 1,19MB 4.1.0.5 unnötig
Avira Free Antivirus Avira 11.12.2012 97,5MB 13.0.0.2890 notwendig
Babylon toolbar on IE 08.12.2011 1,73MB unnötig
BitTorrent BitTorrent, Inc 18.07.2009 732KB unnötig
Bonjour Apple Inc. 11.01.2013 749KB 3.0.0.10 unbekannt
Borland Delphi 6 Borland Software Corporation 07.09.2010 122MB 6.0 notwendig
CCleaner Piriform 19.12.2012 5,08MB 3.26 notwendig
ConvertHelper 2.2 DownloadHelper 30.06.2011 29,4MB unnötig
CVE-2012-4969 24.09.2012 unbekannt
CyberGhost VPN CyberGhost S.R.L. 19.01.2012 59,7MB unbekannt
Derive 5 17.11.2011 notwendig
DHTML Editing Component Microsoft Corporation 20.06.2007 462KB 6.02.0001 unbekannt
DivX-Setup DivX, LLC 15.12.2011 3,50MB 2.6.1.3 unnötig
Driver Detective PC Drivers HeadQuarters 20.07.2011 10,0MB 8.0.1 unnötig
Driver Whiz Driver Whiz 15.09.2012 10,6MB 8.1 unnötig
DS-Timer Version 1.0.0.0 Niondir 07.07.2011 3,58MB 1.6.1.0 unnötig
Eligium Frogster Online Gaming GmbH 19.05.2012 3,73GB 1.0.0 unnötig
Empire Earth 10.10.2010 5,93MB unnötig
FILSHtray FILSH Media GmbH 17.05.2012 15,3MB 0.12 unnötig
Formelrechner Cornelsen Verlag 03.11.2010 16,6MB 1.00.0000 unnötig
Game Booster 3 IObit 23.12.2011 13,5MB 3.1 unnötig
GMX MailCheck für Internet Explorer 1&1 Mail & Media GmbH 02.12.2012 2,23MB 1.9.0.1 unnötig
GMX Softwareaktualisierung 1&1 Mail & Media GmbH 22.10.2012 1,54MB 2.0.4.2 unnötig
GMX Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 02.01.2012 2,38MB 1.7.0.0 unnötig
Google Chrome Google Inc. 20.07.2010 218MB 24.0.1312.52 unnötig
Google Toolbar for Internet Explorer Google Inc. 17.12.2012 7,75MB 7.4.3607.2246 unnötig
Google Updater Google Inc. 05.10.2011 3,59MB 2.4.2432.1652 unnötig
Guitar Explorer 1.0 24.09.2010 2,71MB notwendig
Guitar Pro 5.2 Arobas Music 24.03.2010 49,6MB notwendig
HyperCam 3 Solveig Multimedia 20.03.2010 11,4MB 3.0.1003.12 notwendig
ICQ Toolbar ICQ 06.05.2009 3.0.0 unnötig
ICQ7.5 ICQ 01.03.2012 66,9MB 7.5 unnötig
Icy Tower v1.3.1 Free Lunch Design 30.05.2009 3,27MB unnötig
Iminent Iminent 23.12.2010 9,99MB 3.47.0 unbekannt
IMinent Toolbar IMinent 04.09.2010 3,37MB 3.26.0 unbekannt
IObit Toolbar v6.6 Spigot, Inc. 04.12.2012 20,3MB 6.6 unbekannt
iPhone-Konfigurationsprogramm Apple Inc. 15.09.2009 22,4MB 2.1.0.163 unbekannt
iTunes Apple Inc. 11.01.2013 187MB 11.0.1.12 notwendig
Java 7 Update 9 Oracle 03.09.2012 128MB 7.0.90 notwendig
Java(TM) 6 Update 31 Oracle 09.03.2012 95,1MB 6.0.310 notwendig
JLC's Internet TV 12.06.2012 148KB unbekannt
K-Lite Codec Pack 4.8.0 (Full) 06.05.2009 35,9MB 4.8.0 unbekannt
Kalydo Player 04.00.00 Eximion B.V. 29.08.2011 5,47MB 04.00.00 unbekannt
Landwirtschafts Simulator 2011 GIANTS Software 17.05.2011 772MB 1.0 unnötig
League of Legends Riot Games 12.08.2012 4,24GB 1.3 notwendig
Lernwerkstatt 5 21.03.2009 1,71MB unnötig
LetsTrade Komponenten 06.03.2009 10,1MB unbekannt
Lexmark 2600 Series Lexmark International, Inc. 14.03.2009 145MBun unnötig
Lexmark Fax-Lösungen 14.03.2009 23,6MB unnötig
Lexmark Symbolleiste 14.03.2009 3,08MB 3.0.25.0 unnötig
Lexmark Tools for Office 14.03.2009 312KB 1.24.0.0 unnötig
LOLReplay League Replays | Home 31.12.2012 2,91MB 0.8.0.1 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 22.01.2013 12,2MB 1.70.0.1100 notwendig
McAfee Security Scan Plus McAfee, Inc. 13.11.2012 9,39MB 3.0.285.6 unnötig
MCE Software Encoder 1.1 CyberLink Corporation 06.03.2009 1,30MB 1.1.0.1509 unbekannt
MEDION Fotos auf CD Sued 6.0.2.0 (D) MAGIX AG 22.06.2007 634MB 6.0.2.0 unnötig
Mein Geld Professional Buhl Data Service GmbH 20.06.2007 137MB 8.00.0007 unnötig
Microsoft .NET Framework 1.1 11.08.2012 unbekannt
Microsoft .NET Framework 1.1 German Language Pack Microsoft 25.11.2011 3,01MB 1.1.4322 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 02.10.2010 2,05MB 3.2.30729 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 31.10.2009 36,9MB unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 07.08.2009 36,9MB unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 19.04.2012 38,0MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 19.04.2012 7,50MB 4.0.30319 unbekannt
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 07.05.2011 31,3MB 3.5.88.0 unbekannt
Microsoft Games for Windows Marketplace Microsoft Corporation 07.05.2011 6,03MB 3.5.50.0 unbekannt
Microsoft Office PowerPoint Viewer 2003 Microsoft Corporation 11.05.2010 496KB 11.0.8305.0 unnötig
Microsoft Silverlight Microsoft Corporation 11.08.2012 40,6MB 4.1.10329.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 251KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 294KB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30.07.2009 199KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 592KB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.05.2009 590KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.11.2009 589KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 594KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.11.2011 11,1MB 10.0.40219 unbekannt
Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 02.09.2010 99,6MB unbekannt
Microsoft Works Microsoft Corporation 11.12.2009 288MB 08.05.0822 unbekannt
MobileMe Control Panel Apple Inc. 24.04.2011 11,2MB 3.1.5.0 unbekannt
Moorhuhn WE AYCS 13.02.2012 14,0MB unnötig
Mozilla Firefox 13.0.1 (x86 de) Mozilla 22.10.2012 38,5MB 13.0.1 notwendig
Mozilla Maintenance Service Mozilla 07.07.2012 216KB 13.0.1 unbekannt
MSXML 4.0 SP2 (KB925672) Microsoft Corporation 21.06.2007 34,0KB 4.20.9839.0 unbekannt
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 21.06.2007 1,23MB 4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 05.05.2009 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0 unbekannt
Norton PC Checkup NortonLive Services 15.09.2012 26,5MB 3.0.2.122.0 unbekannt
Norton Security Scan Symantec Corporation 02.09.2010 11,7MB 2.7.3.34
NVIDIA Drivers 04.06.2009 unbekannt
OpenOffice.org 3.1 OpenOffice.org 21.09.2009 371MB 3.1.9420 notwendig
Opera 9.64 Opera Software ASA 22.05.2009 15,7MB 9.64 unnötig
Pando Media Booster Pando Networks Inc. 10.08.2012 6,69MB 2.6.0.8 unbekannt
Pflanzen gegen Zombies PopCap Games 13.06.2012 48,1MB unnötig
PhotoNow! 1.0 CyberLink Corporation 09.03.2009 1,61MB 3.0.4004 unbekannt
Pivot Stickfigure Animator Peter Bone 11.11.2009 1,01MB 2.2.5 unbekannt
Plants vs. Zombies 1.0.4.7924 (by Scar) PopCap Games 13.06.2012 62,6MB unnötig
QUICKfind server v1.1 IDM 31.08.2009 3,19MB unbekannt
QuickTime Apple Inc. 24.04.2011 73,7MB 7.69.80.9 unnötig
Ralink Wireless LAN Card RALINK 13.04.2009 90,8MB 1.00.01 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.06.2007 14,7MB 6.0.1.5413 notwendig
REALTEK USB Wireless LAN Driver and Utility Realtek 09.03.2009 6,14MB 1.00.0000 notwendig
Safari Apple Inc. 14.09.2010 41,2MB 5.33.18.5 unnötig
Schreibmaschinenkurs 3.6 Freudenreich 06.12.2010 23,6MB 3.6 unnötig
SearchTheWeb Iminent 23.12.2010 660KB 3.27.3 unbekannt
Silvercrest OM1007 driver Targa GmbH 06.03.2009 7,55MB 5.10.17 unbekannt
Skype Toolbars Skype Technologies S.A. 13.07.2011 5,86MB 5.3.7555 unnötig
Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,4MB 5.10.116 notwendig
softonic-de3 Toolbar softonic-de3 15.07.2011 6.3.3.3 unbekannt
Stronghold 2 Deluxe Firefly Studios 18.04.2011 0,95GB 1.40.100 unnötig
Sven Kommt! Demo 08.01.2012 43,7MB 1.00.0000 unnötig
System Requirements Lab 19.02.2011 392KB unbekannt
TeamSpeak 2 RC2 Dominating Bytes Design 20.12.2009 2.0.32.60 unnötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 03.06.2010 25,8MB notwendig
TeamViewer 5 TeamViewer GmbH 05.03.2010 17,1MB 5.0.7904 unnötig
Ulead PhotoImpact 12 Ulead System 13.05.2009 386MB 12.0 unnötig
Vegas Pro 11.0 Sony 02.01.2012 423MB 11.0.510 unnötig
Veoh Player Veoh Networks, Inc. 24.05.2009 6,46MB 3.2.1 unnötig
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 13.06.2007 1.24 unbekannt
VIA Rhine-Family Fast-Ethernet Adapter 06.03.2009 unbekannt
Virtual Audio Cable 4.10 25.12.2011 320KB unbekannt
VLC media player 1.1.4 VideoLAN 27.11.2010 76,1MB 1.1.4 notwendig
Winamp Nullsoft, Inc 26.12.2011 61,6MB 5.623 notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 26.12.2011 156KB 1.0.0.1 unbekannt
Windows Live ID Sign-in Assistant Microsoft Corporation 16.11.2010 4,68MB 6.500.3165.0 unbekannt
WinRAR 20.02.2011 3,78MB unnötig
WinZip 14.5 WinZip Computing, S.L. 22.08.2010 19,7MB 14.5.9095 notwendig
WWP Demo 04.09.2010 1,15MB unbekannt
X10 Hardware(TM) 06.03.2009 32,0KB unbekannt
Yontoo Layers Runtime 1.10.01 Yontoo LLC 30.06.2011 772KB 1.10.01 unbekannt
Zattoo 3.3.3 Beta Zattoo Inc. 15.05.2009 31,2MB 3.3.3 Beta unbekannt

Geändert von xb0ssi (23.01.2013 um 14:39 Uhr)

Alt 23.01.2013, 15:39   #38
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Shockwave : beide
Ask
Babylon
BitTorrent
Bonjour
ConvertHelper
CVE
CyberGhost
DivX
Driver : beide
DS-Timer
Eligium
Empire
FILSHtray
Formelrechner
Game Booster
GMX : alle
Google : alle
ICQ: beide
Icy
Iminent : beide
IObit
iPhone-Konfigurationsprogramm : falls du kein iphone nutzt
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
K-Lite
Kalydo
Landwirtschafts
Lernwerkstatt
LetsTrade
Lexmark : alle
McAfee
MEDION
Mein Geld
Microsoft Games : alle
Microsoft Office
Microsoft Silverlight
Moorhuhn
Norton : beide
Opera
Pflanzen
PhotoNow
Plants vs
QUICKfind
Safari
Schreibmaschinenkurs
SearchTheWeb
Silvercrest
Skype Toolbars
softonic
Stronghold
Sven
TeamViewer
TeamSpeak 2
Ulead
Vegas
Veoh
Windows Live
WWP
Zattoo

Öffne CCleaner, analysieren, starten, PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 18:46   #39
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



# AdwCleaner v2.107 - Datei am 23/01/2013 um 18:46:06 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : PC - PC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\PC\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\Ask.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Iminent
Ordner Gefunden : C:\Program Files\Yontoo Layers Runtime
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\PC\AppData\Local\Conduit
Ordner Gefunden : C:\Users\PC\AppData\LocalLow\AVG Security Toolbar
Ordner Gefunden : C:\Users\PC\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\PC\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\PC\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\PC\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\PC\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\Conduit
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\ConduitCommon
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\ConduitEngine
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\CT2682599
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\engine@conduit.com
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\plugin@yontoo.com
Ordner Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchTheWebARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKU\S-1-5-21-3321380299-4151001280-1456515107-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-3321380299-4151001280-1456515107-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-3321380299-4151001280-1456515107-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-3321380299-4151001280-1456515107-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v13.0.1 (de)

Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\prefs.js

Gefunden : user_pref("CT2883880.1000082.currentList", "[{\"stationId\":\"21761921\",\"url\":\"mms://stream2.rbb[...]
Gefunden : user_pref("CT2883880.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2883880.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio[...]
Gefunden : user_pref("CT2883880.1000082.nowPlaying", "{\"stationId\":\"21761921\",\"url\":\"mms://stream2.rbb-o[...]
Gefunden : user_pref("CT2883880.1000082.publisherStations", "[{\"stationId\":\"21761921\",\"url\":\"mms://strea[...]
Gefunden : user_pref("CT2883880.1000082.state", "{\"state\":\"stopped\",\"text\":\"Radio Ein...\",\"description[...]
Gefunden : user_pref("CT2883880.1000234.TWC_TMP_city", "DUSSELDORF");
Gefunden : user_pref("CT2883880.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2883880.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2883880.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2883880.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2883880.enableAlerts", "always");
Gefunden : user_pref("CT2883880.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2883880.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2883880.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2883880.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2883880.keyword", true);
Gefunden : user_pref("CT2883880.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Gefunden : user_pref("CT2883880.search.searchAppId", "129375914645931457");
Gefunden : user_pref("CT2883880.search.searchCount", "0");
Gefunden : user_pref("CT2883880.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2883880.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1330279981904");
Gefunden : user_pref("CT2883880.serviceLayer_services_appTracking_lastUpdate", "1330279864480");
Gefunden : user_pref("CT2883880.serviceLayer_services_appsMetadata_lastUpdate", "1330539984505");
Gefunden : user_pref("CT2883880.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1329764284015");
Gefunden : user_pref("CT2883880.serviceLayer_services_login_10.5.0.42_lastUpdate", "1330545604450");
Gefunden : user_pref("CT2883880.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1329764284054");
Gefunden : user_pref("CT2883880.serviceLayer_services_serviceMap_lastUpdate", "1330539983931");
Gefunden : user_pref("CT2883880.serviceLayer_services_toolbarContextMenu_lastUpdate", "1329764283902");
Gefunden : user_pref("CT2883880.serviceLayer_services_toolbarSettings_lastUpdate", "1330552803737");
Gefunden : user_pref("CT2883880.serviceLayer_services_translation_lastUpdate", "1330539984455");
Gefunden : user_pref("CT2883880.smartbar.CTID", "CT2883880");
Gefunden : user_pref("CT2883880.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2883880.smartbar.isHidden", false);
Gefunden : user_pref("CT2883880.smartbar.toolbarName", "Abacho ");
Gefunden : user_pref("CT2883880.smartbar.userID", "UN19355715013253783");
Gefunden : user_pref("CT2883880.toolbarBornServerTime", "7-01-2012");
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "Abacho Customized Web Search");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=16418");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "bc49387d000000000000001f1f367214");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "bc49387d000000000000001f1f367214");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15316");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:57:24");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R1].txt - [16744 octets] - [23/01/2013 18:46:06]

########## EOF - C:\AdwCleaner[R1].txt - [16805 octets] ##########

Alt 24.01.2013, 13:33   #40
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



hi


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten bitte, testen wie PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 19:54   #41
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



# AdwCleaner v2.107 - Datei am 24/01/2013 um 19:41:18 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : PC - PC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\PC\Gimp\Desktop\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Yontoo Layers Runtime
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\PC\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\PC\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\Conduit
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\ConduitCommon
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\ConduitEngine
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\CT2682599
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchTheWebARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\prefs.js

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2883880.1000082.currentList", "[{\"stationId\":\"21761921\",\"url\":\"mms://stream2.rbb[...]
Gelöscht : user_pref("CT2883880.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2883880.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio[...]
Gelöscht : user_pref("CT2883880.1000082.nowPlaying", "{\"stationId\":\"21761921\",\"url\":\"mms://stream2.rbb-o[...]
Gelöscht : user_pref("CT2883880.1000082.publisherStations", "[{\"stationId\":\"21761921\",\"url\":\"mms://strea[...]
Gelöscht : user_pref("CT2883880.1000082.state", "{\"state\":\"stopped\",\"text\":\"Radio Ein...\",\"description[...]
Gelöscht : user_pref("CT2883880.1000234.TWC_TMP_city", "DUSSELDORF");
Gelöscht : user_pref("CT2883880.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2883880.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2883880.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2883880.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2883880.enableAlerts", "always");
Gelöscht : user_pref("CT2883880.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2883880.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2883880.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2883880.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2883880.keyword", true);
Gelöscht : user_pref("CT2883880.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Gelöscht : user_pref("CT2883880.search.searchAppId", "129375914645931457");
Gelöscht : user_pref("CT2883880.search.searchCount", "0");
Gelöscht : user_pref("CT2883880.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2883880.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2883880.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1330279981904");
Gelöscht : user_pref("CT2883880.serviceLayer_services_appTracking_lastUpdate", "1330279864480");
Gelöscht : user_pref("CT2883880.serviceLayer_services_appsMetadata_lastUpdate", "1330539984505");
Gelöscht : user_pref("CT2883880.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1329764284015");
Gelöscht : user_pref("CT2883880.serviceLayer_services_login_10.5.0.42_lastUpdate", "1330545604450");
Gelöscht : user_pref("CT2883880.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1329764284054");
Gelöscht : user_pref("CT2883880.serviceLayer_services_serviceMap_lastUpdate", "1330539983931");
Gelöscht : user_pref("CT2883880.serviceLayer_services_toolbarContextMenu_lastUpdate", "1329764283902");
Gelöscht : user_pref("CT2883880.serviceLayer_services_toolbarSettings_lastUpdate", "1330552803737");
Gelöscht : user_pref("CT2883880.serviceLayer_services_translation_lastUpdate", "1330539984455");
Gelöscht : user_pref("CT2883880.smartbar.CTID", "CT2883880");
Gelöscht : user_pref("CT2883880.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2883880.smartbar.isHidden", false);
Gelöscht : user_pref("CT2883880.smartbar.toolbarName", "Abacho ");
Gelöscht : user_pref("CT2883880.smartbar.userID", "UN19355715013253783");
Gelöscht : user_pref("CT2883880.toolbarBornServerTime", "7-01-2012");
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Abacho Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=16418");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "bc49387d000000000000001f1f367214");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "bc49387d000000000000001f1f367214");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15316");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:57:24");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R1].txt - [16875 octets] - [23/01/2013 18:46:06]
AdwCleaner[S1].txt - [16297 octets] - [24/01/2013 19:41:18]

########## EOF - C:\AdwCleaner[S1].txt - [16358 octets] ##########

Mein Internet lädt nurnoch total langsam, kann mit irgendwas , was ich hier gemacht habt zusammenhängen?

Alt 24.01.2013, 20:52   #42
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Hi,
1. sind mehrere PC's im Haus? wenn ja, tritt das Problem da auch auf?
falls nein:
2. starte mal neu, tritt das Problem noch immer auf?
Falls ja:
3. Poste ein neues OTL Log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 21:03   #43
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Ja ist bei mehreren im Haus so, dann wirds wohl an der Wlanbox liegen.

Alt 24.01.2013, 21:04   #44
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



jo, kannst ja noch mal ein otl log posten, um sicher zu gehen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 22:03   #45
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Code:
ATTFilter
OTL logfile created on: 24.01.2013 21:16:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,14% Memory free
4,24 Gb Paging File | 2,51 Gb Available in Paging File | 59,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277,50 Gb Total Space | 78,44 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive D: | 20,57 Gb Total Space | 12,62 Gb Free Space | 61,35% Space Free | Partition Type: FAT32
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 21:16:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Downloads\OTL.exe
PRC - [2013.01.23 16:57:44 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 12:39:32 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 12:39:19 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.11 12:39:18 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 12:39:17 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.31 07:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Programme\LOLReplay\LOLRecorder.exe
PRC - [2012.08.10 23:15:41 | 003,093,624 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.07 07:22:16 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.29 10:47:40 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012.05.29 10:46:42 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
PRC - [2012.02.16 16:16:58 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.233\deploy\LolClient.exe
PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.12.17 10:55:41 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2007.12.05 10:18:59 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2007.12.05 10:18:53 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
PRC - [2007.05.10 16:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.29 14:20:22 | 000,786,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
PRC - [2006.11.29 10:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.23 16:57:43 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013.01.09 17:22:18 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e67c93130bccca9ecab38df6cd2e60cb\System.ServiceModel.Web.ni.dll
MOD - [2013.01.09 17:19:21 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.09 17:01:24 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll
MOD - [2013.01.09 17:00:30 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll
MOD - [2013.01.09 17:00:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.09 17:00:18 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll
MOD - [2013.01.09 17:00:16 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.09 16:59:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.09 16:59:36 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.09 16:59:07 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll
MOD - [2013.01.09 16:59:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 16:59:01 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll
MOD - [2013.01.09 16:58:41 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll
MOD - [2013.01.09 16:58:23 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
MOD - [2013.01.09 16:58:15 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.09 16:57:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.31 07:35:50 | 000,156,160 | ---- | M] () -- C:\Programme\LOLReplay\Air.dll
MOD - [2012.10.31 07:35:36 | 000,311,808 | ---- | M] () -- C:\Programme\LOLReplay\LOLUtils.dll
MOD - [2012.09.01 12:40:36 | 000,411,648 | ---- | M] () -- C:\Programme\LOLReplay\Compression.dll
MOD - [2012.09.01 12:10:38 | 000,052,224 | ---- | M] () -- C:\Programme\LOLReplay\Launcher.dll
MOD - [2012.08.10 23:15:41 | 003,093,624 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
MOD - [2012.07.07 07:22:15 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.05.29 10:47:40 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012.05.29 10:46:42 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 19:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2007.12.17 10:55:41 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe
MOD - [2007.12.07 22:36:27 | 000,036,864 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.monitor.core.dll
MOD - [2007.12.07 22:36:27 | 000,028,672 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.monitor.common.dll
MOD - [2007.12.07 22:35:14 | 000,061,440 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007.11.22 17:55:48 | 000,011,776 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2006.10.26 22:30:12 | 000,131,072 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll
MOD - [2004.07.26 16:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2013.01.23 16:57:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.11 12:39:32 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 12:39:18 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.07 07:22:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.05 10:18:59 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2007.12.05 10:18:53 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\videX32.sys -- (videX32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.11 12:39:34 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 12:39:34 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.14 14:18:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.12.25 21:33:35 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2007.06.16 13:11:00 | 007,566,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.06.13 11:09:44 | 000,017,280 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ViBus.sys -- (ViBus)
DRV - [2007.02.08 18:46:44 | 000,211,456 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.01.08 17:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.12.02 05:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{13B38ED5-F6AA-4833-B2CA-5ACEF200FF0D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{36F34217-D85C-470D-AAA9-3D323196344C}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6DE5C561-9D4A-42E7-ABD8-59A0A2E804CE}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{9B761C77-D9FA-4494-9223-3721ADF89ACC}: "URL" = hxxp://search.avg.com/route/?d=4bb3325b&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{AC5C341E-007C-447F-872D-D24E79D5EBB0}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{E1D88547-1E03-4A0E-92C0-2AF16353879D}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.4
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.24 19:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.23 17:04:18 | 000,000,000 | ---D | M]
 
[2009.05.06 14:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
[2013.01.24 19:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions
[2012.10.20 12:14:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.03 22:28:20 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.04.01 10:23:41 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2013.01.10 21:24:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.09.13 18:42:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.01.08 19:26:14 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\firefox@ghostery.com
[2013.01.04 17:14:47 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\autopager@mozilla.org.xpi
[2013.01.18 13:28:33 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\toolbar@gmx.net.xpi
[2012.02.11 17:52:57 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011.04.14 19:57:50 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2013.01.05 17:15:03 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.11.23 19:24:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.13 16:19:44 | 000,000,855 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\1und1-suche.xml
[2011.11.28 15:15:22 | 000,001,283 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\amazondotcom-de.xml
[2011.11.28 15:16:14 | 000,002,366 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\eBay-de.xml
[2011.11.03 10:32:05 | 000,002,419 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\englische-ergebnisse.xml
[2011.10.13 16:01:56 | 000,010,507 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\gmx-suche.xml
[2010.06.24 14:25:09 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-10.xml
[2010.06.27 18:54:10 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-11.xml
[2010.07.22 17:43:23 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-12.xml
[2010.07.22 18:58:17 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-13.xml
[2010.09.03 12:37:07 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-14.xml
[2010.09.19 11:04:52 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-15.xml
[2010.10.22 00:29:48 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-16.xml
[2010.10.26 14:36:43 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-17.xml
[2010.12.11 12:44:59 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-18.xml
[2010.12.23 10:07:54 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-19.xml
[2011.03.13 09:54:22 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-20.xml
[2011.03.30 19:39:24 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-21.xml
[2011.05.01 11:58:22 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-22.xml
[2011.06.23 11:42:18 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-23.xml
[2011.06.30 17:49:22 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-24.xml
[2011.08.18 22:55:04 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-25.xml
[2011.09.02 09:20:35 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-26.xml
[2011.09.07 18:46:00 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-27.xml
[2011.09.27 18:35:52 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-28.xml
[2011.10.02 18:32:14 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-29.xml
[2011.11.09 22:05:03 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-30.xml
[2011.12.08 17:34:14 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-31.xml
[2011.12.23 18:02:23 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-32.xml
[2012.01.02 14:20:00 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-33.xml
[2009.07.24 17:25:30 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-4.xml
[2009.07.24 18:25:05 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-5.xml
[2009.07.24 18:37:28 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-6.xml
[2009.07.24 22:10:55 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-7.xml
[2009.07.24 22:43:02 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-8.xml
[2009.08.05 08:43:39 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-9.xml
[2011.11.28 16:00:56 | 000,002,387 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\lastminute.xml
[2011.10.13 16:34:10 | 000,002,248 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\mailcom-search.xml
[2012.05.06 11:21:08 | 000,005,489 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\webde-suche.xml
[2013.01.23 17:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.05.06 14:53:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.07 07:22:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.11 17:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.11 17:52:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.11 17:52:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.11 17:52:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.11 17:52:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 17:52:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s File not found
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C88F9EE-6C50-453A-80AF-FC4A3072BB9A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2373DAED-E0A9-47BB-8A61-45D8AABBC563}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5547983-0077-4DBC-8F95-3A51E6352F32}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\ICQ
[2013.01.23 17:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.01.23 17:34:48 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.23 17:34:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.23 17:34:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.23 17:34:17 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.23 16:57:44 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.23 16:57:44 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.23 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.22 19:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.22 19:30:50 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.22 19:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.22 18:43:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.22 18:33:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.22 18:13:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.22 18:13:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.22 18:13:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.22 18:13:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.22 18:12:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.22 18:11:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.22 18:11:00 | 005,025,054 | R--- | C] (Swearware) -- C:\Users\PC\Gimp\Desktop\ComboFix.exe
[2013.01.22 01:37:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.15 14:03:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.11 17:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.11 17:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.11 17:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.11 17:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.11 17:40:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.01.09 13:35:47 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 13:35:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.12.31 13:07:59 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\LOLReplay
[2012.12.31 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2010.09.02 15:05:30 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files\tbsoft.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 20:59:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.24 20:03:23 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2013.01.24 20:03:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 20:03:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 20:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 19:38:27 | 000,574,315 | ---- | M] () -- C:\Users\PC\Gimp\Desktop\adwcleaner(1).exe
[2013.01.23 17:39:57 | 000,000,047 | ---- | M] () -- C:\Windows\WinInit.Ini
[2013.01.23 17:39:54 | 000,088,777 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2013.01.23 17:39:04 | 000,000,941 | ---- | M] () -- C:\Windows\uninst.ini
[2013.01.23 17:34:00 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.23 17:33:58 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.23 17:33:58 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.01.23 17:33:58 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.23 17:33:58 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.23 17:33:58 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.23 17:11:26 | 000,000,025 | ---- | M] () -- C:\Windows\SIERRA.INI
[2013.01.23 17:04:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.01.23 16:57:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.23 16:57:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.23 13:13:21 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.22 19:30:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.22 18:10:57 | 000,173,568 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.22 17:08:30 | 005,025,054 | R--- | M] (Swearware) -- C:\Users\PC\Gimp\Desktop\ComboFix.exe
[2013.01.13 17:43:32 | 000,681,680 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.13 17:43:32 | 000,640,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.13 17:43:32 | 000,148,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.13 17:43:32 | 000,122,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.11 17:49:29 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.09 16:55:04 | 003,729,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.03 19:34:26 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.31 13:07:45 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.12.31 13:07:45 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.24 19:38:12 | 000,574,315 | ---- | C] () -- C:\Users\PC\Gimp\Desktop\adwcleaner(1).exe
[2013.01.23 17:39:57 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013.01.23 17:39:04 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini
[2013.01.23 17:04:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.01.23 17:04:18 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.01.23 16:57:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.23 13:13:21 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.22 19:30:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.22 18:13:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.22 18:13:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.22 18:13:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.22 18:13:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.22 18:13:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.11 17:49:29 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.31 13:07:45 | 000,001,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.12.31 13:07:45 | 000,001,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.12.31 13:07:45 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.10.05 13:12:36 | 005,618,768 | ---- | C] () -- C:\Users\PC\com.android.vending_3.8.16.apk
[2012.08.10 21:28:01 | 000,000,051 | ---- | C] () -- C:\ProgramData\osdtngrmymcyfto
[2012.01.23 11:43:19 | 000,144,772 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.11.25 18:09:27 | 000,000,090 | ---- | C] () -- C:\Users\PC\AppData\Local\fusioncache.dat
[2010.09.02 15:05:30 | 000,006,836 | ---- | C] () -- C:\Program Files\UNWISE.INI
[2010.08.29 18:53:20 | 000,000,000 | ---- | C] () -- C:\Users\PC\AppData\Local\prvlcl.dat
[2010.04.28 19:40:44 | 000,008,576 | ---- | C] () -- C:\Users\PC\.recently-used.xbel
[2009.07.24 13:18:43 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat
[2009.03.12 16:07:58 | 000,000,030 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Default.PLS
[2009.03.10 17:49:00 | 000,173,568 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 21:16:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,14% Memory free
4,24 Gb Paging File | 2,51 Gb Available in Paging File | 59,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277,50 Gb Total Space | 78,44 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive D: | 20,57 Gb Total Space | 12,62 Gb Free Space | 61,35% Space Free | Partition Type: FAT32
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0427D948-DF45-42C3-A773-E5DCF4F978A9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{14B97494-2731-4BBB-8484-071F2B479F35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F68E4CE-EAEB-4B07-B2BA-27A2E19845A1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4C922C27-27BE-4645-AE04-E7F2FAD52906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F05053A-5FF5-4AE2-B279-567EB1AA9369}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE1DC206-4B38-431A-B40D-E0E4DE642DCD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DD08943B-9F3E-4DC4-861A-3581751EDB0D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E605B4E7-AE2C-45E8-BA61-9820FC4E3AD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1051E893-5B6C-4A98-8F1D-41EA01B47162}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{147A938C-1E74-45F9-8A97-0621C9EE580F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{1CB7D9F9-8633-4BAC-B88E-8F27A84C37C8}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{1ED8FBB2-F796-4B44-98AD-38DC1B8665C7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{2524609D-9ED6-4983-BDB3-59EFC95F927F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{31EF03E7-E382-414E-AC97-16DEEBD76EDB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe | 
"{34025260-FECE-49FC-B6E8-47BBFCD5DA37}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe | 
"{446FD513-D99B-4306-B370-07E081B1C51F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{46B48FA1-0DA9-48D2-B4F5-82B202E7832E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{48AA5ED3-F0C5-4AED-9D8E-F808818CAB65}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4B37919C-2017-4457-959F-305E63FE459E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe | 
"{4E7B7B94-08CD-4260-8632-C1523A02B0B2}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe | 
"{56D2AB86-4E24-439F-96D9-132A3A13D1E7}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe | 
"{6E38B364-A3B2-4B41-87D1-A7B794FD9445}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe | 
"{74035061-A957-44AA-A608-3AC9AB7EAF2B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{778CEB29-88A9-48F5-9C1D-3C80579C0938}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe | 
"{84E6AEBD-7E82-408D-A32F-6655240C5BD5}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{855ADAB8-84AA-4508-8A70-C858DBB6399A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8B7425AA-72BB-4FDC-9D9F-DCA3E3B72E15}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9443DD48-A193-453B-98FB-2E05008A8342}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{97ABC2AB-CDB8-4A67-9A00-2658DEB3105E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{99C385EA-44A9-4565-834B-8119F9A0FA19}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe | 
"{A2B5409E-9872-4ACD-8EA4-4B929BC96097}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe | 
"{A9C74460-945A-4C0E-8FD2-B706B1ABAD1E}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{ACCFFE4E-0DEC-4DF1-99AC-18FD11FE53FF}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{B7E05870-063E-4503-AB64-4CD1EFE8F9C4}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe | 
"{C363FBCE-302E-4682-8EEE-A302F7FFA4C3}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe | 
"{CE0D546F-C8EC-412B-B9EF-6CC8192390E3}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{DB027967-794C-4D0B-9136-ED304C4506D9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{DBCA5814-543E-4718-A8C9-FD2870566B36}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe | 
"{DF08E080-E92C-4DDC-86C6-ED96A0BACF5F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe | 
"{E168A49C-95C6-416B-9BAC-71556E3E8F75}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe | 
"{E1B2B661-47C6-44C1-8E0F-A4E6EE93D2EA}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{F357E73D-7EE1-4C39-AAC9-C388D5D3B03C}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{F45BD94A-BA3C-4800-B058-0BC3236EE95D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{0B17056A-7B12-4515-A7AB-D06D3DF15437}C:\users\pc\spiele\battelfield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\battelfield vietnam\bfvietnam.exe | 
"TCP Query User{0D918CD5-0DAA-46AA-9361-0D0BC8C5B191}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{12123A3A-FD27-4F5F-9B10-C429E67DA407}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{1533F918-39E9-458E-9A96-ADE09D5BE449}C:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe | 
"TCP Query User{21104C88-EC56-4A35-999C-8569BA6105DC}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"TCP Query User{2285F3D7-162A-4ABB-A764-F6C557853A6F}C:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{2508E41B-A4D2-40E8-95C3-7499BC85E94E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{29F2DDB7-20E4-4D16-B3FF-0D59CFBAA794}C:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe | 
"TCP Query User{34CF8E16-93B1-4D25-B70D-620FAA62F02F}C:\program files\rapidsolution\audials tv\bin\audialstv.exe" = protocol=6 | dir=in | app=c:\program files\rapidsolution\audials tv\bin\audialstv.exe | 
"TCP Query User{42CFC478-5B12-4EC0-9B0E-4D3B78E299C8}C:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe" = protocol=6 | dir=in | app=c:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe | 
"TCP Query User{4DF32E65-A794-4003-913E-3FA344470DCB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{518AAC6F-2298-490A-A825-28E8D4BBE6D4}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{5B0003A5-C91C-43DE-BFC9-CDCC0C879AD6}C:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe | 
"TCP Query User{69B9BC84-A72C-4D1F-A3AE-B7F40849DEF5}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"TCP Query User{6A895DDB-0AF3-400D-84E7-D169AE1C8692}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{6BA3205C-3220-43D1-BDD2-C8A162FE1273}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{784B5906-C441-4094-A7B4-E4AC001F9503}C:\users\pc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\call of duty 2\cod2mp_s.exe | 
"TCP Query User{7CC9A123-19DC-45B4-93BB-734FBA2ADC0D}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{7E61C7AC-2D43-44C3-BB6A-AA02DEFFD191}C:\users\pc\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{81F5D36E-2EDE-4950-A8F7-EF57A4F7E0B1}C:\users\pc\spiele\fucksteamcss\hl2.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\fucksteamcss\hl2.exe | 
"TCP Query User{8465216C-699C-4049-970C-AA252E8341B5}C:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe | 
"TCP Query User{920F2AEE-1B6C-4F3A-B00C-C13F8F936F1B}C:\users\pc\desktop\fucksteamcss\hl2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\fucksteamcss\hl2.exe | 
"TCP Query User{959D0B6A-C1F0-45C1-89E6-B56C75786E23}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{9EF45619-B7F4-4B5F-AF8E-B7A7F64127C0}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{A611F459-4995-40B7-A660-362C4B85BED8}C:\users\pc\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\left 4 dead 2\left4dead2.exe | 
"TCP Query User{A7BBA9BA-0EC2-41D9-969C-CC66B2566484}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{B6F8011B-7536-4D49-853B-2AF3F5A9106F}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe | 
"TCP Query User{E05F25E3-6B06-4EEC-82CC-9144ADEB6C9B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{F5CF5851-3BFA-4B78-B040-EC4C3657DD26}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{0D02B197-1151-41AF-A8F2-699D090C09A7}C:\users\pc\spiele\battelfield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\battelfield vietnam\bfvietnam.exe | 
"UDP Query User{0EBAEA22-DD04-4B74-80FF-9A8873CF80EB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{176C23F7-32B9-4B06-9574-D806360B5B09}C:\users\pc\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{297FF978-7849-44B1-B893-A2A7A3E7DEBF}C:\program files\rapidsolution\audials tv\bin\audialstv.exe" = protocol=17 | dir=in | app=c:\program files\rapidsolution\audials tv\bin\audialstv.exe | 
"UDP Query User{37040FD9-34D4-4806-B7BD-8E017BCA84CF}C:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe | 
"UDP Query User{4256BC2A-16C0-438B-BED3-62BCCEC887DD}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"UDP Query User{4348FC16-EDE1-4F24-B192-CA12491D079B}C:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{44B1703E-C882-4E8D-8E8C-E2C97F341E13}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{4DCE5682-917E-4ED0-9315-C4FB55DC0385}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{582F68BC-6C45-4575-B534-1CE080867DB0}C:\users\pc\desktop\fucksteamcss\hl2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\fucksteamcss\hl2.exe | 
"UDP Query User{5E342AD0-C2AD-4F8F-8C9D-19ECFE274435}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"UDP Query User{686018BA-06CA-412A-BC11-5F90A2D2DFC7}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe | 
"UDP Query User{6A78DFD5-8875-428F-80EF-4BEC23563388}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{713ED677-C9A2-435D-96DF-9A97A9E43F45}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7734F37D-02E6-4D65-9251-1AC447F9B3B4}C:\users\pc\spiele\fucksteamcss\hl2.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\fucksteamcss\hl2.exe | 
"UDP Query User{7DF903A5-1DF3-4591-99E7-A47C621F6F4F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{8772A69B-CF8F-4AF2-A61B-BB5B60F3CBF9}C:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe | 
"UDP Query User{93B821B7-8ED8-4F31-9EB0-333D12EDF036}C:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe | 
"UDP Query User{A8CBF5E0-1B40-49C7-9F01-C3FB743B5E88}C:\users\pc\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\left 4 dead 2\left4dead2.exe | 
"UDP Query User{ACC0E1E7-F932-4963-8F1D-E6501A50B989}C:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe" = protocol=17 | dir=in | app=c:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe | 
"UDP Query User{BE997DEB-0796-42BD-8037-C699B34B7786}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{C0000B8B-BD03-4DE5-B1C5-32E85AC2704E}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{D10FE592-804C-47A9-A441-71A8896D7302}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{D445D4DE-D1EA-430A-A6A4-AF8CD7003E6D}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{D800D083-26BB-48A8-84BA-EBB3A082F0C0}C:\users\pc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\call of duty 2\cod2mp_s.exe | 
"UDP Query User{DAE3A862-E41B-4347-8C4D-CA550E73BAAC}C:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe | 
"UDP Query User{ED9A1B5F-44F0-4470-A583-003EAC4B5D4D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F776F89F-B245-46C7-97CA-F78182552896}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F9B53CE1-95CE-47DC-AAFD-F0485A146C88}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B973521-269F-11E1-8ED3-F04DA23A5C58}" = MSVCRT Redists
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30D3D974-A770-4EF7-83EC-D56081450FFA}" = Lernwerkstatt 5
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4StoryDE_is1" = 4Story 3.4
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Derive5" = Derive 5
"DivX Setup" = DivX-Setup
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HyperCam 3" = HyperCam 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"VLC media player" = VLC media player 1.1.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2013 13:19:16 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 23.01.2013 13:19:16 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 23.01.2013 13:21:07 | Computer Name = PC-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.01.2013 13:21:08 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 24.01.2013 14:47:13 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 23.01.2013 11:59:16 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.01.2013 11:59:16 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.01.2013 13:41:24 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.01.2013 13:41:24 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2013 14:31:42 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.01.2013 14:31:42 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2013 14:51:13 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.01.2013 14:51:13 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2013 15:03:53 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.01.2013 15:03:53 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Antwort

Themen zu GVU Trojaner - Reatogo
desktop, doppel, fenster, folder, frage, gvu trojaner, gvu virus, icon, klick, otlpe, reatogo, reatogo-x-pe, registry, remote, system, troja, trojaner, virus, öffnet



Ähnliche Themen: GVU Trojaner - Reatogo


  1. (GVU)PC springt aus beim booten mit Reatogo...
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (27)
  2. Bildschirm wird weiß, Festplatte wird mit Reatogo-X-Pe nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  3. GVU Trojaner, Booten nur noch über REATOGO, OTLPE ist gelaufen, wie gehts weiter?
    Log-Analyse und Auswertung - 26.01.2013 (11)
  4. Weißer Bildschirm, Trojanerverdacht, Blue-Screen bei REATOGO
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  5. AKM / UKASH mit Reatogo und OTPLE - bitte um Hilfe !
    Log-Analyse und Auswertung - 29.06.2012 (1)
  6. WIN-XP-PRO: REATOGO->OTLPE; dann kann ich kein windows Pfad öffnen!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  7. Die von Ihnen verwendete Windows Lizenz ist abgelaufen, Reatogo Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (13)
  8. reatogo geht nicht
    Log-Analyse und Auswertung - 24.05.2012 (3)
  9. OTL.TXT bereits vorhanden weißer bildschirm REATOGO-X-PE
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (5)
  10. Suisa virus und reatogo-x-pe error
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (7)
  11. AKM Trojaner, REATOGO-X-PE Bootet nicht!
    Log-Analyse und Auswertung - 16.04.2012 (1)
  12. Gemeiner Gema Trojaner - Auswertung OTL.txt (REATOGO-X-PE)
    Log-Analyse und Auswertung - 06.04.2012 (5)
  13. Weißer Bildschirm Win XP Reatogo durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (5)
  14. weißer bildschirm, doch komme nicht mal bis zum reatogo-desktop
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (1)
  15. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  16. Habe den BKA- Virus. schaffe es nicht die cd mit OTLPE zu booten. es öffnet sich reatogo x pe
    Log-Analyse und Auswertung - 27.07.2011 (29)
  17. eeePC nach Bundespolizei-Trojaner mit REATOGO gebootet - wie geht's nun weiter?
    Log-Analyse und Auswertung - 01.07.2011 (31)

Zum Thema GVU Trojaner - Reatogo - Ja geht, was jetz? Kann ich Avira und so wieder anschalten? - GVU Trojaner - Reatogo...
Archiv
Du betrachtest: GVU Trojaner - Reatogo auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.