Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gvu trojaner 2013 mit webcam infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.02.2013, 13:08   #1
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



GVU TROJANER 2013 MIT WEBCAM

Guten Morgen,

Ich habe mir gestern Nacht den GVU TROJANER mit Webcam eingefangen.
Die "Notfall CD" lässt sich über das BIOS nicht starten.
Ich habe es dann mit der Systemwiederherstellung probiert.
Der Bildschirm mit der Forderung ist verschwunden, dennoch habe ich kein Zugriff auf das Internet nur im abgesicherten Modus.
Gestern Abend hat Malwarebytes Anti-Malware zwei infizierte Objekte in die Quarantäne gesteckt, habe ihn vor 10 Minuten nochmal durchsuchen lassen, kein Fund.
Könnte dringen Hilfe gebrauchen diesen Trojaner loszuwerden.

VIELEN DANK!

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.02.2013 13:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pascal\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,83% Memory free
6,00 Gb Paging File | 5,42 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 157,85 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.13 13:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Downloads\OTL.exe
PRC - [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.09 17:27:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.26 17:31:23 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 20:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.21 14:50:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.13 18:14:00 | 000,247,296 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe -- (DfSdkS)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.19 07:33:38 | 000,387,616 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.04.19 07:33:38 | 000,178,720 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2003.07.28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - [2012.10.10 20:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.10.08 19:53:56 | 000,026,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.31 20:23:12 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.08.01 14:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.06.07 11:32:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.06 17:49:48 | 000,029,248 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV - [2011.06.06 17:44:55 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2011.05.25 08:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.01 05:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.08.12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.08 14:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.06.11 13:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.01.25 06:11:32 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010.01.25 06:11:30 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010.01.25 06:11:24 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010.01.25 06:11:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010.01.11 10:29:36 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2009.12.07 18:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.07 18:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.11.25 14:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.30 10:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005.05.09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 0B 92 16 C7 46 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A7C8B4E-A7AB-46CF-898F-9C093B798333}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34F6E3FD-A231-441A-8F85-DA39992B2FD9}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{3DB9F006-E73E-4648-A5AF-31EB1D2C7439}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE510
IE - HKCU\..\SearchScopes\{FDC14845-92E0-4300-BE4C-BB33F1F0F4BB}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Pascal\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.06 22:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 13:22:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.13 18:36:53 | 000,000,000 | ---D | M]
 
[2011.06.07 10:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions
[2012.10.30 11:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions
[2012.05.31 11:17:16 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011.09.02 20:16:38 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions\support@predictad.com
[2012.07.21 14:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.31 20:35:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.08.31 20:35:06 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.07.21 14:50:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.16 20:42:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.21 14:50:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.21 14:50:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.21 14:50:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.21 14:50:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.21 14:50:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.21 14:50:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Pascal\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 4\ashsnap.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.196.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4005449D-608D-4766-86BE-D3619A65B178}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EC166F5-11BE-4B20-A332-F9BE4608AD23}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD8D62F5-4B09-46B2-A88F-EEBE97EFE6EC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15bbf239-b0bc-11e0-8659-89b88005e800}\Shell - "" = AutoRun
O33 - MountPoints2\{15bbf239-b0bc-11e0-8659-89b88005e800}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33ea3f4b-c364-11e0-8ae1-002522a97b50}\Shell - "" = AutoRun
O33 - MountPoints2\{33ea3f4b-c364-11e0-8ae1-002522a97b50}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{4effda4e-90d6-11e0-9821-ebfb136c693e}\Shell - "" = AutoRun
O33 - MountPoints2\{4effda4e-90d6-11e0-9821-ebfb136c693e}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{a099b41d-ae52-11e0-bac1-c84484135861}\Shell - "" = AutoRun
O33 - MountPoints2\{a099b41d-ae52-11e0-bac1-c84484135861}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c18f9267-99cb-11e0-8cf0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c18f9267-99cb-11e0-8cf0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 12:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.13 12:51:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.13 02:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Astroburn Lite
[2013.02.13 02:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
[2013.02.13 01:33:54 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes
[2013.02.13 01:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.13 01:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.04 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
[2013.02.04 21:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 13:09:42 | 000,000,156 | ---- | M] () -- C:\Users\Pascal\defogger_reenable
[2013.02.13 12:51:41 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.13 12:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 12:38:58 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:38:58 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.13 12:31:32 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.02.13 12:31:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 12:26:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 12:00:35 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000UA.job
[2013.02.13 11:56:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.13 11:56:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.13 11:56:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.13 11:56:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.13 03:57:56 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\Windows\System32\ctfmon.exe
[2013.02.13 01:11:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\7084724.pad
[2013.02.12 18:48:47 | 000,437,618 | ---- | M] () -- C:\Users\Pascal\Desktop\southside+track.png
[2013.02.12 18:35:48 | 009,104,265 | ---- | M] () -- C:\Users\Pascal\Desktop\untitled.mp3
[2013.02.12 15:35:31 | 010,425,016 | ---- | M] () -- C:\Users\Pascal\Desktop\m,..mp3
[2013.02.07 20:00:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000Core.job
[2013.02.03 18:50:03 | 000,036,104 | ---- | M] () -- C:\Users\Pascal\Documents\not-sure-if-meme-hipster.jpg
[2013.02.03 13:17:40 | 000,113,768 | ---- | M] () -- C:\Users\Pascal\Documents\deadmau5.jpg
[2013.01.30 20:04:26 | 000,049,902 | ---- | M] () -- C:\Users\Pascal\Documents\1281462591_51vtryqyvvl__ss500_.jpg
[2013.01.29 12:55:36 | 000,001,019 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.26 10:14:50 | 000,204,871 | ---- | M] () -- C:\Users\Pascal\Documents\73387_425298960871872_1425311602_n.jpg
[2013.01.23 10:36:09 | 000,063,344 | ---- | M] () -- C:\Users\Pascal\Documents\43858944.jpg
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 13:09:40 | 000,000,156 | ---- | C] () -- C:\Users\Pascal\defogger_reenable
[2013.02.13 12:51:41 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.13 00:21:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\7084724.pad
[2013.02.12 18:48:47 | 000,437,618 | ---- | C] () -- C:\Users\Pascal\Desktop\southside+track.png
[2013.02.12 18:34:26 | 009,104,265 | ---- | C] () -- C:\Users\Pascal\Desktop\untitled.mp3
[2013.02.12 15:33:18 | 010,425,016 | ---- | C] () -- C:\Users\Pascal\Desktop\m,..mp3
[2013.02.03 18:50:09 | 000,036,104 | ---- | C] () -- C:\Users\Pascal\Documents\not-sure-if-meme-hipster.jpg
[2013.02.03 13:17:56 | 000,113,768 | ---- | C] () -- C:\Users\Pascal\Documents\deadmau5.jpg
[2013.01.30 20:04:30 | 000,049,902 | ---- | C] () -- C:\Users\Pascal\Documents\1281462591_51vtryqyvvl__ss500_.jpg
[2013.01.26 10:15:20 | 000,204,871 | ---- | C] () -- C:\Users\Pascal\Documents\73387_425298960871872_1425311602_n.jpg
[2013.01.23 10:36:14 | 000,063,344 | ---- | C] () -- C:\Users\Pascal\Documents\43858944.jpg
[2012.12.05 15:41:37 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\WebCamLib.dll
[2012.11.18 22:58:34 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.18 22:58:34 | 000,138,056 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\PnkBstrK.sys
[2012.11.18 22:58:11 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.18 22:58:10 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.11.02 20:15:33 | 000,828,671 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Tempmusic.ogg
[2012.10.26 18:40:44 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.08 20:26:10 | 000,001,467 | ---- | C] () -- C:\Users\Pascal\.recently-used.xbel
[2012.05.19 16:14:18 | 000,001,206 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\CamStudio.Producer.ini
[2012.05.19 16:14:18 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.05.03 20:30:40 | 000,000,001 | ---- | C] () -- C:\Users\Pascal\0.cdat
[2012.01.30 22:35:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.01.30 22:35:09 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011.12.07 18:24:28 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2011.09.02 19:44:44 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.08.31 20:34:46 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.08.31 20:34:46 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.08.13 14:01:33 | 000,000,313 | ---- | C] () -- C:\Windows\System32\aptmp.exe
[2011.08.10 17:09:08 | 000,000,604 | ---- | C] () -- C:\Windows\Edofma.INI
[2011.06.07 12:44:38 | 000,000,550 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.06 21:30:49 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.06.06 21:30:49 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.06.06 17:36:20 | 000,704,512 | R--- | C] () -- C:\Windows\System32\cohelper.dll
[2011.06.06 17:36:20 | 000,005,940 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.05.20 13:11:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2012.10.06 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\1&1 Mail & Media GmbH
[2013.01.08 13:07:29 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Amazon
[2012.12.05 15:41:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Apowersoft
[2011.08.16 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Canneverbe Limited
[2011.08.14 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.06.07 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DAEMON Tools Lite
[2013.02.13 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Dropbox
[2012.03.11 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DVDVideoSoft
[2011.06.22 12:31:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\FFSJ
[2011.09.02 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\FreeAudioPack
[2011.06.21 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\GlarySoft
[2012.10.08 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\gtk-2.0
[2013.02.04 20:54:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ICQ
[2012.12.08 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\MAGIX
[2011.12.04 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Nik Software
[2012.05.22 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\OpenOffice.org
[2012.11.11 17:17:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin
[2012.11.30 23:58:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\pokerth
[2011.07.31 17:20:31 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ProtectDisc
[2011.07.14 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Reviversoft
[2011.08.11 08:43:59 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Sierra
[2011.08.16 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Steinberg
[2011.07.26 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TW7Booster
[2013.02.13 12:41:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 13:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pascal\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,83% Memory free
6,00 Gb Paging File | 5,42 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 157,85 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DE06E1C-72A2-4658-B707-1906837ED91B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3107194F-24E8-4460-88F7-B232E65D6DAE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{353BA680-E2A4-44E1-81C9-9A7B81EFA9B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{76A10545-3C38-4F0E-99BC-79D1B7BBF047}" = rport=138 | protocol=17 | dir=out | app=system | 
"{77977981-9C9B-4E08-9116-2558F6554D61}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7E568506-1C74-4B46-9C17-6A1C25F4F561}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{86F83E5E-1B10-48FA-9CB1-113C9CAE9EB9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A6825819-2EFA-410B-8734-6749691F1B49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B39A7E4E-EE49-4E2A-9E55-10F995F12867}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B8FE9BDC-FB13-4549-AFA1-FB593B100B86}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D8CEA302-CF4D-4185-8394-F4AA7B3E5FAE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E1403F13-7383-428C-B8CB-B451EB2A1043}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E881C05E-2D2E-4151-81B5-30B8C4A838D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EE5A7302-0665-4B92-A030-14D02B4A03D6}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0359E3BF-4328-4868-AB04-DCA8F7728F12}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic.exe | 
"{0406422B-E2BD-4854-B536-BABB469B33B4}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{0597DAC2-EDA8-4DA3-B6BB-B7A0BD921FAB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{0856CAA2-5BBA-433E-B0E8-F32DD0D5A44B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{0C8B7CB3-2971-457E-A2C5-DD3499D5F4AB}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{0D7A9C9A-06B6-42B6-B844-0B26B5400B59}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{0F8FD49F-5F01-4E1B-BE93-58A22D10FC55}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\counter-strike source\hl2.exe | 
"{11E10E45-FE36-4AB3-ABAE-F328933AFCC0}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | 
"{1638D10E-D7B0-4AF3-A4B4-A1FF076C9638}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic.exe | 
"{192A9B63-F900-4747-B7FE-2A05C8276D60}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{1FDC2394-2CE8-4DEA-A657-4E04D5D18D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{20FD62CD-62D5-41E9-A54D-74E8FF7EB220}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{2111D42D-09F1-46E2-805C-935C2F0FE4D0}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{23B66CF0-B1F9-474A-804E-F1A5284D9D04}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{317EA025-5DDD-47D1-B293-F2B4C78DF1A2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_ds.exe | 
"{32F7863C-03A0-46FC-AD0A-4B515FAF070C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_online.exe | 
"{35E53B8E-2D9E-4E1A-8BE9-BBD5356D55AB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{38B87E17-E494-4497-A892-E8B39EC21442}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{44B40EFD-8F7C-42BF-B868-580C5FEAF7E5}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{48BDE269-0346-413B-ABBB-9E1D4C3BF070}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{4BB3551E-8BD2-4466-B97E-7791180F94F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{4E1E7D20-7C2D-4CF8-9333-CF7E44E51A85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4E2E0BE6-B43B-4ADE-8C9C-AEF899411184}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{544241BD-143F-44A3-890A-D656F9B9D337}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{5596AEA6-0FC4-4215-AF36-621D6190174C}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe | 
"{57782BCF-B4F7-4D34-A78E-A45C4B922C54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\day of defeat source\hl2.exe | 
"{57C255AF-76B3-432C-A794-708D28ED5734}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{6374BA1A-A706-4B58-A544-7D60361A82E5}" = protocol=6 | dir=in | app=c:\users\pascal\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6742D14A-682E-41AC-B32F-F0FF35B0A444}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{677C3915-1459-46A7-97B3-B5846A800CBC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{6896FDCE-09FA-42CC-90E1-408FFBDD69E5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{6A856107-E0F2-46E1-8D3F-5911EA75E8D9}" = protocol=17 | dir=in | app=c:\users\pascal\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6F9FC5B7-188A-46DF-BEE5-18F373378819}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{6FA43757-7268-4BB6-888C-6AC18E830B40}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{730AE2A4-4784-42A4-A2BF-E432734D28B6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{77B59D61-591A-45B7-8389-F72AF6C301B9}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{7AB5C482-8E89-408E-BB31-EFAEC923FA57}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{7B8B1CC0-1CDC-42BA-BD89-F9976E76220A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7C870BEF-6779-4B47-B2E2-101AA453AB31}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{84B6F821-5111-4ACB-AE78-272E10680ACA}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | 
"{8E67F54F-A0BE-45D0-A11B-90CFF83FAF85}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{963643A9-8F5F-4BB7-BD4E-5D4A0EED1640}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{96CA6A62-9313-4856-8AC0-237DDE4074D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{998C8197-EDE0-402A-BDEF-E28493062A37}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_online.exe | 
"{9DB07269-A3D6-4DC5-A931-1DD088C2FE16}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9F032C83-0FFE-4428-8D09-7F3CFA2920D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{9FCD7B25-86DB-487E-9829-467F2F13DDE7}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{9FD87759-A00D-47C1-AFFF-8B4D38F870F6}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A14EF884-1F4D-44CE-AA1D-936244CB4F94}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{ACEAFE3E-49F4-4763-A061-7AE397A4632F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{AFF81E3D-594A-432E-B98F-9BB512779FC7}" = protocol=17 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_no_sse.exe | 
"{B72C7430-78A0-45F0-9BFE-83E3C69A0FE7}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe | 
"{BB21FBBD-DFDF-4C67-9614-C54868DFE2A0}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{BB9AF177-7D03-47C3-BCFB-CCD017D4B4F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{C424638E-76D4-454D-AC74-C2E857A863C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C9E6FC7E-2F93-479B-BEFF-D12F16C04E0A}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{D093524A-B325-42D1-908A-87DE17FB28C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D9037877-97D9-4ACD-9C75-5D696CDD53D8}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{DA828283-DCC9-442B-A5B8-17B880868EDF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | 
"{DA82D65F-3376-4A3F-989D-10F03C8AF3CA}" = protocol=6 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_sse.exe | 
"{DD1EAA7B-A289-4315-B384-FA628B69FD5E}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{DE0FCFDA-B84D-4FD6-AB76-643BA2693791}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{DF4C2C86-0F9A-4EA2-A4B5-ED012678BD13}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_ds.exe | 
"{E21960A6-7B79-4F78-9EC6-6002A90AAF38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | 
"{E7B56168-278A-4F21-9B55-08C26007A4AA}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 1942\bf1942.exe | 
"{E82B536D-93E8-40FA-8A9D-39BC0BD1E6FC}" = protocol=17 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_sse.exe | 
"{EB522692-9BC1-404B-AEC7-92ABEB476D5B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{ECE5F10A-4CA3-41C6-9060-9C606260AAD9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{EE68A0F6-29C1-40A9-9DCF-20071211D386}" = protocol=6 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_no_sse.exe | 
"{F4FA4662-5406-4859-9AEE-40040DEB93B7}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 1942\bf1942.exe | 
"{FABEDBCD-346B-4C25-8C9D-D599A32CC4CA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\counter-strike source\hl2.exe | 
"{FB1DD3B7-3F71-40D6-94F4-A2921D911CBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FE34076F-F38A-49B2-A2DE-5AB5F44D0A5F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\day of defeat source\hl2.exe | 
"TCP Query User{090BF863-3579-45F5-9E45-C5C4F26F2C71}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{232DF918-79AB-44C7-A99E-08B72E9BBA1D}C:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe | 
"TCP Query User{263B8034-81B3-4032-A2D7-5BCFF9F61595}C:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe | 
"TCP Query User{2A8B322C-FF83-429C-9C34-FB45953257F1}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe | 
"TCP Query User{41A8E26B-E872-4883-B8C9-4DA20731BF74}C:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{522E8EB8-962B-425B-BD99-CE8AD7C8AEBE}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | 
"TCP Query User{52FB9875-306A-4EB9-91D5-46352001881C}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{5AB30AF2-DB34-4B3E-A23F-17304FD352B9}C:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe | 
"TCP Query User{71B140E9-A2C9-4DF7-8827-6D6F96629CB1}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"TCP Query User{7D2F6781-1B1A-4501-9B9F-435BBC49C9FB}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"TCP Query User{8703D626-DC2D-443F-99C4-6C5BE363C235}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{A25BA49F-5A99-4EC6-977B-E92AE5C7A567}C:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe | 
"TCP Query User{A4537B76-6E2A-422C-9775-A1F2D6B31EAB}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe | 
"TCP Query User{AA4C50C6-A6C9-426E-9CA0-1F1DEB3D5B37}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"TCP Query User{B101C106-CC1F-4C00-87E9-0A59CD5FBE1E}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{C59CADEB-FA7C-42A4-B0B5-97CDEF5253FA}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{E86E99A3-E9D4-4F65-A650-07B253B6411B}C:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"TCP Query User{F1B96DAD-AC3D-4EB3-9910-8431FC95DF46}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 
"TCP Query User{FAE4E562-BB45-49D6-B1A7-E2370D4535E0}C:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe | 
"UDP Query User{19F4F651-66A4-4315-90B8-185B4D3C9B3E}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | 
"UDP Query User{1DC3C6F5-16DD-40FE-AD58-4C27341C7C60}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{257C17CA-995F-4767-BF30-D15AE607A2B5}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"UDP Query User{34B175F6-8772-4460-9B28-42F4D73AFD6A}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe | 
"UDP Query User{4A9694D4-0B68-45C4-A935-778F236997CF}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"UDP Query User{61377129-202F-485A-98F2-11145BDB35D9}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 
"UDP Query User{6D4C5CAD-5311-49E3-A0AF-CE47F0EF6C27}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe | 
"UDP Query User{8146C230-E73F-4746-B25B-7BC874B7417B}C:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe | 
"UDP Query User{8EF0A02D-4275-4196-90CB-DB7BF2D71594}C:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe | 
"UDP Query User{91537DE3-35E1-4590-AFAE-E3F58CFF42E6}C:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{BE51ABFB-BA2F-49F1-9081-85AC5F692113}C:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe | 
"UDP Query User{C218F04D-69D0-45EE-AF0B-F925D97D3150}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{C44A2C36-4A1E-48B2-B310-2BC575F7E8C0}C:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe | 
"UDP Query User{CC64A711-957A-4C42-A265-8F381DAE1A52}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{E147C511-9216-4EA1-8D2D-39A72DE9CCEB}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{E4384E2A-0227-4653-AD7C-7DFD360B687B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{E547B145-3365-4B53-8FF6-967768BB8DBF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{ED54214A-E11F-4D15-8EB6-2888B6D62242}C:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"UDP Query User{FD18476B-A82C-4D1E-BB21-0194CE7293E1}C:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BC0CDD6-E0C2-434D-9365-23E79E42DA95}" = Battlestations: Midway
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ArmA 2" = ArmA 2 Uninstall
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"ASIO4ALL" = ASIO4ALL
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC DNA_is1" = ASRock OC DNA v1.6
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"AutocompletePro3_is1" = AutocompletePro
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Battlestrike - Shadow of Stalingrad/DE-German_is1" = Battlestrike: Schlacht um Stalingrad
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"Counter-Strike 1.6" = Counter-Strike 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealBulldog Toolbar" = DealBulldog Toolbar
"Drakensang_is1" = Drakensang
"Earth 2160" = Earth 2160
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Edirol Hyper Canvas VSTi DXi_is1" = Edirol Hyper Canvas VSTi DXi 1.6.0
"ESN Sonar-0.70.4" = ESN Sonar
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"FL Studio 9" = FL Studio 9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"Hardcore" = Hardcore
"Hidden & Dangerous 2 Sabre Squadron Demo" = Hidden & Dangerous 2 Sabre Squadron Demo
"HS2_is1" = Steinberg Hypersonic 2
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"LUXONIX_Purity" = LUXONIX Purity
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3-Cutter" = MP3-Cutter
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Service Center" = Native Instruments Service Center
"NCH_EN Toolbar" = NCH EN Toolbar
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PoiZone" = PoiZone
"PokerTH 0.9.5" = PokerTH
"Predator_is1" = Rob Papen Predator V1.6.2a
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Recuva" = Recuva
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Rob Papen Blade_is1" = Rob Papen Blade 1.0.0d
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Sawer" = Sawer
"Steam App 17500" = Zombie Panic Source
"Steam App 17700" = Insurgency
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 43110" = Metro 2033
"Steam App 80" = Counter-Strike: Condition Zero
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Tone2 Gladiator Retail_is1" = Gladiator v1.2.2.0
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XFastUsb" = XFastUsb
"YTdetect" = Yahoo! Detect
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 13.02.2013 07:50:02 | Computer Name = Pascal-PC | Source = NetBT | ID = 4321
Description = Der Name "PASCAL-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.102  registriert werden. Der Computer mit IP-Adresse 192.168.2.105
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


Gmer.txt

GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 13:21:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.15.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Pascal\AppData\Local\Temp\uxliapog.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                  82644A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                    8267E4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!EnableWindow             77598D02 5 Bytes  JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamW          775B3B9B 5 Bytes  JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamW  775C3B7F 5 Bytes  JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamA          775DCF42 5 Bytes  JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamA  775DD274 5 Bytes  JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectA      775EE869 5 Bytes  JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectW      775EE963 5 Bytes  JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExA            775EE9C9 5 Bytes  JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExW            775EE9ED 5 Bytes  JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] kernel32.dll!CreateThread           779FDCC2 5 Bytes  JMP 70F675DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!EnableWindow             77598D02 5 Bytes  JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CallNextHookEx           7759ABE1 5 Bytes  JMP 70FC7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!UnhookWindowsHookEx      7759ADF9 5 Bytes  JMP 70FEED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DefWindowProcA           7759BB1C 7 Bytes  JMP 70F69805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExA          7759BF40 5 Bytes  JMP 70F7363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!SetWindowsHookExW        7759E30C 5 Bytes  JMP 70FA25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExW          7759EC7C 5 Bytes  JMP 70FD03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DefWindowProcW           775A507D 7 Bytes  JMP 70FC8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamW          775B3B9B 5 Bytes  JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamW  775C3B7F 5 Bytes  JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamA          775DCF42 5 Bytes  JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamA  775DD274 5 Bytes  JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectA      775EE869 5 Bytes  JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectW      775EE963 5 Bytes  JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExA            775EE9C9 5 Bytes  JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExW            775EE9ED 5 Bytes  JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1288] ole32.dll!OleLoadFromStream         77246143 5 Bytes  JMP 710F9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateThread           779FDCC2 5 Bytes  JMP 70F675DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!EnableWindow             77598D02 5 Bytes  JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CallNextHookEx           7759ABE1 5 Bytes  JMP 70FC7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!UnhookWindowsHookEx      7759ADF9 5 Bytes  JMP 70FEED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DefWindowProcA           7759BB1C 7 Bytes  JMP 70F69805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExA          7759BF40 5 Bytes  JMP 70F7363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!SetWindowsHookExW        7759E30C 5 Bytes  JMP 70FA25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExW          7759EC7C 5 Bytes  JMP 70FD03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DefWindowProcW           775A507D 7 Bytes  JMP 70FC8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW          775B3B9B 5 Bytes  JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW  775C3B7F 5 Bytes  JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA          775DCF42 5 Bytes  JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA  775DD274 5 Bytes  JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA      775EE869 5 Bytes  JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW      775EE963 5 Bytes  JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA            775EE9C9 5 Bytes  JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW            775EE9ED 5 Bytes  JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!OleLoadFromStream         77246143 5 Bytes  JMP 710F9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- EOF - GMER 2.0 ----
         
--- --- ---

Alt 13.02.2013, 15:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Hallo und

Zitat:
Gestern Abend hat Malwarebytes Anti-Malware zwei infizierte Objekte in die Quarantäne gesteckt, habe ihn vor 10 Minuten nochmal durchsuchen lassen, kein Fund.
Logs von Malwarebytes und anderen Scanner bitte allesamt komplett nachreichen, in CODE-Tags posten

Zitat:
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
Wieso bitte ist Avast und Kaspersky gleichzeitig installiert?!
Zwei Virenscanner dieser Art sollten niemals gleichzeitig installiert sein!
__________________

__________________

Alt 13.02.2013, 15:49   #3
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.12.10

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [Administrator]

Schutz: Deaktiviert

13.02.2013 01:36:17
mbam-log-2013-02-13 (01-36-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 137410
Laufzeit: 12 Minute(n), 17 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.12.10

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [Administrator]

Schutz: Deaktiviert

13.02.2013 01:48:43
mbam-log-2013-02-13 (01-48-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223891
Laufzeit: 3 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Pascal\4274807.dll (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.13.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [Administrator]

Schutz: Deaktiviert

13.02.2013 12:52:43
mbam-log-2013-02-13 (12-52-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223313
Laufzeit: 3 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Das mit den zwei Virenprogrammen gleichzeitig war mir nicht bekannt.
Kaspersky war davor immer deaktiviert.
__________________

Alt 14.02.2013, 00:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 11:25   #5
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.14.03

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [administrator]

14.02.2013 11:20:40
mbar-log-2013-02-14 (11-20-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28069
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 14.02.2013, 11:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Denkst du daran bitte:

Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
__________________
--> Gvu trojaner 2013 mit webcam infiziert

Alt 14.02.2013, 12:01   #7
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Hab ihn nochmal scannen lassen, kein Fund

Alt 14.02.2013, 12:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 13:02   #9
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 12:34:16
-----------------------------
12:34:16.402    OS Version: Windows 6.1.7601 Service Pack 1
12:34:16.402    Number of processors: 2 586 0x602
12:34:16.402    ComputerName: PASCAL-PC  UserName: Pascal
12:34:35.636    Initialize success
12:34:37.089    AVAST engine defs: 13021302
12:34:57.089    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
12:34:57.089    Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
12:34:57.105    Disk 0 MBR read successfully
12:34:57.105    Disk 0 MBR scan
12:34:57.511    Disk 0 Windows 7 default MBR code
12:34:57.527    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476938 MB offset 2048
12:34:57.808    Disk 0 scanning sectors +976771072
12:34:58.105    Disk 0 scanning C:\Windows\system32\drivers
12:35:13.339    Service scanning
12:35:22.980    Service MSICDSetup D:\CDriver.sys **LOCKED** 21
12:35:32.589    Modules scanning
12:35:35.542    Disk 0 trace - called modules:
12:35:35.542    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys 
12:35:36.058    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86166398]
12:35:36.058    3 CLASSPNP.SYS[8bb8759e] -> nt!IofCallDriver -> [0x85186480]
12:35:36.058    5 ACPI.sys[8ae443d4] -> nt!IofCallDriver -> \Device\00000066[0x85186030]
12:35:37.449    AVAST engine scan C:\Windows
12:35:40.339    AVAST engine scan C:\Windows\system32
12:37:29.042    AVAST engine scan C:\Windows\system32\drivers
12:37:37.105    AVAST engine scan C:\Users\Pascal
12:53:41.730    AVAST engine scan C:\ProgramData
12:55:13.558    Scan finished successfully
12:56:07.902    Disk 0 MBR has been saved successfully to "C:\Users\Pascal\Desktop\MBR.dat"
12:56:07.917    The log file has been saved successfully to "C:\Users\Pascal\Desktop\aswMBR.txt"
         
Die Logdatei von TDSSKiller habe ich nicht gefunden, hat auch nichts infiziertes entdeckt.

Alt 14.02.2013, 13:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Anleitungen bitte richtig lesen und umsetzen

Zitat:
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 13:22   #11
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 12:34:16
-----------------------------
12:34:16.402    OS Version: Windows 6.1.7601 Service Pack 1
12:34:16.402    Number of processors: 2 586 0x602
12:34:16.402    ComputerName: PASCAL-PC  UserName: Pascal
12:34:35.636    Initialize success
12:34:37.089    AVAST engine defs: 13021302
12:34:57.089    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
12:34:57.089    Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
12:34:57.105    Disk 0 MBR read successfully
12:34:57.105    Disk 0 MBR scan
12:34:57.511    Disk 0 Windows 7 default MBR code
12:34:57.527    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476938 MB offset 2048
12:34:57.808    Disk 0 scanning sectors +976771072
12:34:58.105    Disk 0 scanning C:\Windows\system32\drivers
12:35:13.339    Service scanning
12:35:22.980    Service MSICDSetup D:\CDriver.sys **LOCKED** 21
12:35:32.589    Modules scanning
12:35:35.542    Disk 0 trace - called modules:
12:35:35.542    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys 
12:35:36.058    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86166398]
12:35:36.058    3 CLASSPNP.SYS[8bb8759e] -> nt!IofCallDriver -> [0x85186480]
12:35:36.058    5 ACPI.sys[8ae443d4] -> nt!IofCallDriver -> \Device\00000066[0x85186030]
12:35:37.449    AVAST engine scan C:\Windows
12:35:40.339    AVAST engine scan C:\Windows\system32
12:37:29.042    AVAST engine scan C:\Windows\system32\drivers
12:37:37.105    AVAST engine scan C:\Users\Pascal
12:53:41.730    AVAST engine scan C:\ProgramData
12:55:13.558    Scan finished successfully
12:56:07.902    Disk 0 MBR has been saved successfully to "C:\Users\Pascal\Desktop\MBR.dat"
12:56:07.917    The log file has been saved successfully to "C:\Users\Pascal\Desktop\aswMBR.txt"
         
Code:
ATTFilter
12:56:28.0214 2008  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:56:28.0699 2008  ============================================================
12:56:28.0699 2008  Current date / time: 2013/02/14 12:56:28.0699
12:56:28.0699 2008  SystemInfo:
12:56:28.0699 2008  
12:56:28.0699 2008  OS Version: 6.1.7601 ServicePack: 1.0
12:56:28.0714 2008  Product type: Workstation
12:56:28.0714 2008  ComputerName: PASCAL-PC
12:56:28.0714 2008  UserName: Pascal
12:56:28.0714 2008  Windows directory: C:\Windows
12:56:28.0714 2008  System windows directory: C:\Windows
12:56:28.0714 2008  Processor architecture: Intel x86
12:56:28.0714 2008  Number of processors: 2
12:56:28.0714 2008  Page size: 0x1000
12:56:28.0714 2008  Boot type: Safe boot with network
12:56:28.0714 2008  ============================================================
12:56:29.0855 2008  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:56:29.0855 2008  ============================================================
12:56:29.0855 2008  \Device\Harddisk0\DR0:
12:56:29.0855 2008  MBR partitions:
12:56:29.0855 2008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:56:29.0855 2008  ============================================================
12:56:29.0886 2008  C: <-> \Device\Harddisk0\DR0\Partition1
12:56:29.0886 2008  ============================================================
12:56:29.0886 2008  Initialize success
12:56:29.0886 2008  ============================================================
12:56:32.0652 1264  ============================================================
12:56:32.0652 1264  Scan started
12:56:32.0652 1264  Mode: Manual; 
12:56:32.0652 1264  ============================================================
12:56:34.0074 1264  ================ Scan system memory ========================
12:56:34.0074 1264  System memory - ok
12:56:34.0074 1264  ================ Scan services =============================
12:56:34.0324 1264  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:56:34.0324 1264  1394ohci - ok
12:56:34.0371 1264  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
12:56:34.0371 1264  acedrv11 - ok
12:56:34.0433 1264  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:56:34.0449 1264  ACPI - ok
12:56:34.0464 1264  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:56:34.0464 1264  AcpiPmi - ok
12:56:34.0574 1264  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:56:34.0574 1264  AdobeARMservice - ok
12:56:34.0621 1264  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:56:34.0636 1264  AdobeFlashPlayerUpdateSvc - ok
12:56:34.0667 1264  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:56:34.0683 1264  adp94xx - ok
12:56:34.0683 1264  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:56:34.0699 1264  adpahci - ok
12:56:34.0699 1264  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:56:34.0714 1264  adpu320 - ok
12:56:34.0730 1264  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:56:34.0730 1264  AeLookupSvc - ok
12:56:34.0761 1264  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:56:34.0777 1264  AFD - ok
12:56:34.0808 1264  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:56:34.0808 1264  agp440 - ok
12:56:34.0824 1264  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:56:34.0839 1264  aic78xx - ok
12:56:34.0855 1264  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:56:34.0855 1264  ALG - ok
12:56:34.0871 1264  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:56:34.0871 1264  aliide - ok
12:56:34.0886 1264  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:56:34.0886 1264  amdagp - ok
12:56:34.0902 1264  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:56:34.0902 1264  amdide - ok
12:56:34.0917 1264  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:56:34.0917 1264  AmdK8 - ok
12:56:34.0949 1264  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:56:34.0949 1264  AmdPPM - ok
12:56:34.0980 1264  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:56:34.0980 1264  amdsata - ok
12:56:34.0996 1264  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:56:34.0996 1264  amdsbs - ok
12:56:35.0027 1264  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:56:35.0027 1264  amdxata - ok
12:56:35.0058 1264  [ 45039AD240754B3BD789668C2C986EA7 ] Andbus          C:\Windows\system32\DRIVERS\lgandbus.sys
12:56:35.0058 1264  Andbus - ok
12:56:35.0074 1264  [ F7EC18DB02C9FB26AED52E0E1BB98960 ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag.sys
12:56:35.0074 1264  AndDiag - ok
12:56:35.0105 1264  [ 6D79F0C7F33DD85F50D69C7D7EFEC9E0 ] AndGps          C:\Windows\system32\DRIVERS\lgandgps.sys
12:56:35.0105 1264  AndGps - ok
12:56:35.0105 1264  [ 881837E816B948F7A94098ADD21AFD7C ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem.sys
12:56:35.0105 1264  ANDModem - ok
12:56:35.0152 1264  [ 54A40A58FF71936026F2E49ECFD487B8 ] androidusb      C:\Windows\system32\Drivers\lgandadb.sys
12:56:35.0152 1264  androidusb - ok
12:56:35.0183 1264  [ 548CCBD8B48FDF7E2435AD6017920A7F ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
12:56:35.0183 1264  Apowersoft_AudioDevice - ok
12:56:35.0230 1264  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:56:35.0230 1264  AppID - ok
12:56:35.0261 1264  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:56:35.0261 1264  AppIDSvc - ok
12:56:35.0292 1264  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
12:56:35.0292 1264  Appinfo - ok
12:56:35.0324 1264  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:56:35.0324 1264  arc - ok
12:56:35.0339 1264  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:56:35.0339 1264  arcsas - ok
12:56:35.0386 1264  [ 46658EE12F6924E832697581FDD0E659 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
12:56:35.0386 1264  AsrAppCharger - ok
12:56:35.0402 1264  [ 054DF24C92B55427E0757CFFF160E4F2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
12:56:35.0402 1264  aswFsBlk - ok
12:56:35.0433 1264  [ 258143605E77E4008F1758481D6A977D ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:56:35.0433 1264  aswMonFlt - ok
12:56:35.0449 1264  [ 352D5A48EBAB35A7693B048679304831 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
12:56:35.0449 1264  aswRdr - ok
12:56:35.0464 1264  [ 8D34D2B24297E27D93E847319ABFDEC4 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:56:35.0464 1264  aswSnx - ok
12:56:35.0480 1264  [ 010012597333DA1F46C3243F33F8409E ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:56:35.0480 1264  aswSP - ok
12:56:35.0511 1264  [ F9F84364416658E9786235904D448D37 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
12:56:35.0511 1264  aswTdi - ok
12:56:35.0542 1264  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:35.0542 1264  AsyncMac - ok
12:56:35.0574 1264  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:56:35.0589 1264  atapi - ok
12:56:35.0605 1264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:56:35.0621 1264  AudioEndpointBuilder - ok
12:56:35.0621 1264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:56:35.0636 1264  Audiosrv - ok
12:56:35.0714 1264  [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:56:35.0714 1264  avast! Antivirus - ok
12:56:35.0777 1264  [ 3CE83DAAF178E2A8DBB5A1A7CB6892EA ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
12:56:35.0777 1264  AVP - ok
12:56:35.0824 1264  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:56:35.0824 1264  AxInstSV - ok
12:56:35.0871 1264  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:56:35.0871 1264  b06bdrv - ok
12:56:35.0902 1264  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:56:35.0917 1264  b57nd60x - ok
12:56:35.0949 1264  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:56:35.0964 1264  BDESVC - ok
12:56:35.0964 1264  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:56:35.0964 1264  Beep - ok
12:56:35.0996 1264  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:56:36.0011 1264  BFE - ok
12:56:36.0058 1264  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:56:36.0058 1264  BITS - ok
12:56:36.0074 1264  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:36.0074 1264  blbdrive - ok
12:56:36.0105 1264  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:56:36.0105 1264  bowser - ok
12:56:36.0121 1264  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:56:36.0121 1264  BrFiltLo - ok
12:56:36.0136 1264  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:56:36.0136 1264  BrFiltUp - ok
12:56:36.0152 1264  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:56:36.0152 1264  Browser - ok
12:56:36.0167 1264  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:56:36.0167 1264  Brserid - ok
12:56:36.0183 1264  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:36.0183 1264  BrSerWdm - ok
12:56:36.0214 1264  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:36.0214 1264  BrUsbMdm - ok
12:56:36.0214 1264  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:36.0214 1264  BrUsbSer - ok
12:56:36.0214 1264  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:56:36.0214 1264  BTHMODEM - ok
12:56:36.0261 1264  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:56:36.0261 1264  bthserv - ok
12:56:36.0308 1264  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:56:36.0308 1264  cdfs - ok
12:56:36.0339 1264  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:56:36.0339 1264  cdrom - ok
12:56:36.0355 1264  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:56:36.0371 1264  CertPropSvc - ok
12:56:36.0386 1264  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:56:36.0386 1264  circlass - ok
12:56:36.0417 1264  [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX           C:\Windows\system32\DRIVERS\cledx.sys
12:56:36.0417 1264  CLEDX - ok
12:56:36.0449 1264  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:56:36.0449 1264  CLFS - ok
12:56:36.0527 1264  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:36.0542 1264  clr_optimization_v2.0.50727_32 - ok
12:56:36.0589 1264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:56:36.0605 1264  clr_optimization_v4.0.30319_32 - ok
12:56:36.0636 1264  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:36.0636 1264  CmBatt - ok
12:56:36.0652 1264  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:56:36.0652 1264  cmdide - ok
12:56:36.0683 1264  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:56:36.0683 1264  CNG - ok
12:56:36.0699 1264  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:56:36.0699 1264  Compbatt - ok
12:56:36.0746 1264  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:56:36.0746 1264  CompositeBus - ok
12:56:36.0761 1264  COMSysApp - ok
12:56:36.0777 1264  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:56:36.0777 1264  crcdisk - ok
12:56:36.0808 1264  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:56:36.0808 1264  CryptSvc - ok
12:56:36.0839 1264  [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
12:56:36.0855 1264  dc3d - ok
12:56:36.0886 1264  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:56:36.0886 1264  DcomLaunch - ok
12:56:36.0902 1264  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:56:36.0902 1264  defragsvc - ok
12:56:36.0933 1264  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:56:36.0933 1264  DfsC - ok
12:56:36.0996 1264  [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS          C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe
12:56:36.0996 1264  DfSdkS - ok
12:56:37.0042 1264  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:56:37.0042 1264  Dhcp - ok
12:56:37.0058 1264  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:56:37.0058 1264  discache - ok
12:56:37.0089 1264  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:56:37.0105 1264  Disk - ok
12:56:37.0121 1264  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:56:37.0121 1264  Dnscache - ok
12:56:37.0152 1264  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:56:37.0152 1264  dot3svc - ok
12:56:37.0199 1264  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:56:37.0199 1264  DPS - ok
12:56:37.0230 1264  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:56:37.0230 1264  drmkaud - ok
12:56:37.0261 1264  [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:56:37.0277 1264  dtsoftbus01 - ok
12:56:37.0292 1264  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:56:37.0308 1264  DXGKrnl - ok
12:56:37.0324 1264  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:56:37.0339 1264  EapHost - ok
12:56:37.0402 1264  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:56:37.0449 1264  ebdrv - ok
12:56:37.0464 1264  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:56:37.0464 1264  EFS - ok
12:56:37.0511 1264  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:56:37.0527 1264  ehRecvr - ok
12:56:37.0542 1264  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:56:37.0542 1264  ehSched - ok
12:56:37.0589 1264  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:56:37.0589 1264  elxstor - ok
12:56:37.0621 1264  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:56:37.0621 1264  ErrDev - ok
12:56:37.0652 1264  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:56:37.0652 1264  EventSystem - ok
12:56:37.0699 1264  [ DAFC7E1B2FFA35CCBDDF95AE3E31BFAE ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
12:56:37.0699 1264  ewusbnet - ok
12:56:37.0730 1264  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:56:37.0730 1264  exfat - ok
12:56:37.0746 1264  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:56:37.0761 1264  fastfat - ok
12:56:37.0777 1264  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:56:37.0792 1264  Fax - ok
12:56:37.0808 1264  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:56:37.0808 1264  fdc - ok
12:56:37.0808 1264  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:56:37.0824 1264  fdPHost - ok
12:56:37.0824 1264  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:56:37.0824 1264  FDResPub - ok
12:56:37.0839 1264  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:56:37.0839 1264  FileInfo - ok
12:56:37.0855 1264  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:56:37.0855 1264  Filetrace - ok
12:56:37.0871 1264  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:56:37.0871 1264  flpydisk - ok
12:56:37.0902 1264  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:56:37.0902 1264  FltMgr - ok
12:56:37.0933 1264  [ 09CAE05275585AC404D48213D7B08396 ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
12:56:37.0933 1264  FNETTBOH_305 - ok
12:56:37.0949 1264  [ 47BDA10316324CFA540F25AB7021F0D8 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
12:56:37.0949 1264  FNETURPX - ok
12:56:37.0980 1264  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
12:56:37.0980 1264  FontCache - ok
12:56:38.0074 1264  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:56:38.0074 1264  FontCache3.0.0.0 - ok
12:56:38.0121 1264  [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:56:38.0121 1264  ForceWare Intelligent Application Manager (IAM) - ok
12:56:38.0136 1264  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:56:38.0136 1264  FsDepends - ok
12:56:38.0152 1264  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:56:38.0152 1264  Fs_Rec - ok
12:56:38.0199 1264  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:56:38.0199 1264  fvevol - ok
12:56:38.0230 1264  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:56:38.0230 1264  gagp30kx - ok
12:56:38.0230 1264  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:56:38.0246 1264  gpsvc - ok
12:56:38.0308 1264  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:38.0308 1264  gupdate - ok
12:56:38.0324 1264  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:38.0324 1264  gupdatem - ok
12:56:38.0386 1264  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:56:38.0386 1264  gusvc - ok
12:56:38.0417 1264  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:56:38.0417 1264  hcw85cir - ok
12:56:38.0464 1264  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:56:38.0464 1264  HdAudAddService - ok
12:56:38.0496 1264  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:56:38.0496 1264  HDAudBus - ok
12:56:38.0511 1264  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:56:38.0511 1264  HidBatt - ok
12:56:38.0527 1264  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:56:38.0527 1264  HidBth - ok
12:56:38.0558 1264  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:56:38.0558 1264  HidIr - ok
12:56:38.0589 1264  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:56:38.0589 1264  hidserv - ok
12:56:38.0589 1264  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:56:38.0589 1264  HidUsb - ok
12:56:38.0621 1264  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:56:38.0621 1264  hkmsvc - ok
12:56:38.0636 1264  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:56:38.0636 1264  HomeGroupListener - ok
12:56:38.0667 1264  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:56:38.0667 1264  HomeGroupProvider - ok
12:56:38.0683 1264  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:56:38.0683 1264  HpSAMD - ok
12:56:38.0714 1264  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:56:38.0714 1264  HTTP - ok
12:56:38.0792 1264  [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:56:38.0792 1264  hwdatacard - ok
12:56:38.0808 1264  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:56:38.0808 1264  hwpolicy - ok
12:56:38.0839 1264  [ A259D3619AA23D4562581067F85E2006 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
12:56:38.0839 1264  hwusbdev - ok
12:56:38.0886 1264  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:56:38.0886 1264  i8042prt - ok
12:56:38.0917 1264  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:56:38.0917 1264  iaStorV - ok
12:56:38.0996 1264  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:56:38.0996 1264  IDriverT - ok
12:56:39.0042 1264  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:56:39.0058 1264  idsvc - ok
12:56:39.0089 1264  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:56:39.0089 1264  iirsp - ok
12:56:39.0121 1264  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:56:39.0121 1264  IKEEXT - ok
12:56:39.0136 1264  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:56:39.0136 1264  intelide - ok
12:56:39.0152 1264  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:56:39.0152 1264  intelppm - ok
12:56:39.0183 1264  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:56:39.0183 1264  IPBusEnum - ok
12:56:39.0199 1264  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:39.0199 1264  IpFilterDriver - ok
12:56:39.0230 1264  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:56:39.0230 1264  iphlpsvc - ok
12:56:39.0261 1264  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:56:39.0261 1264  IPMIDRV - ok
12:56:39.0277 1264  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:56:39.0277 1264  IPNAT - ok
12:56:39.0308 1264  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:56:39.0308 1264  IRENUM - ok
12:56:39.0339 1264  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:56:39.0339 1264  isapnp - ok
12:56:39.0386 1264  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:56:39.0402 1264  iScsiPrt - ok
12:56:39.0433 1264  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:56:39.0433 1264  kbdclass - ok
12:56:39.0464 1264  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:56:39.0464 1264  kbdhid - ok
12:56:39.0496 1264  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:56:39.0496 1264  KeyIso - ok
12:56:39.0542 1264  [ 94D67D49BD9503BB1D838405D80F2058 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
12:56:39.0542 1264  KL1 - ok
12:56:39.0558 1264  [ 713576569667AC9E0F8556076004A96B ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
12:56:39.0558 1264  kl2 - ok
12:56:39.0605 1264  [ 39920D69EAEDB51757527AA54FE25216 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
12:56:39.0605 1264  KLIF - ok
12:56:39.0636 1264  [ CF88B4985D957EEE45C9939092E87C92 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
12:56:39.0636 1264  KLIM6 - ok
12:56:39.0636 1264  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
12:56:39.0636 1264  klmouflt - ok
12:56:39.0667 1264  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:56:39.0667 1264  KSecDD - ok
12:56:39.0667 1264  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:56:39.0667 1264  KSecPkg - ok
12:56:39.0714 1264  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:56:39.0730 1264  KtmRm - ok
12:56:39.0761 1264  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:56:39.0777 1264  LanmanServer - ok
12:56:39.0792 1264  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:56:39.0808 1264  LanmanWorkstation - ok
12:56:39.0855 1264  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:56:39.0855 1264  lltdio - ok
12:56:39.0871 1264  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:56:39.0871 1264  lltdsvc - ok
12:56:39.0886 1264  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:56:39.0886 1264  lmhosts - ok
12:56:39.0902 1264  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:56:39.0917 1264  LSI_FC - ok
12:56:39.0917 1264  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:56:39.0917 1264  LSI_SAS - ok
12:56:39.0933 1264  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:56:40.0011 1264  LSI_SAS2 - ok
12:56:40.0074 1264  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:56:40.0089 1264  LSI_SCSI - ok
12:56:40.0152 1264  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:56:40.0183 1264  luafv - ok
12:56:40.0214 1264  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\Windows\system32\drivers\massfilter.sys
12:56:40.0214 1264  massfilter - ok
12:56:40.0230 1264  mbamchameleon - ok
12:56:40.0246 1264  mbamswissarmy - ok
12:56:40.0261 1264  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:56:40.0277 1264  Mcx2Svc - ok
12:56:40.0277 1264  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:56:40.0277 1264  megasas - ok
12:56:40.0308 1264  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:56:40.0308 1264  MegaSR - ok
12:56:40.0324 1264  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:56:40.0324 1264  MMCSS - ok
12:56:40.0355 1264  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:56:40.0355 1264  Modem - ok
12:56:40.0371 1264  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:56:40.0371 1264  monitor - ok
12:56:40.0402 1264  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:56:40.0402 1264  mouclass - ok
12:56:40.0417 1264  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:56:40.0417 1264  mouhid - ok
12:56:40.0433 1264  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:56:40.0449 1264  mountmgr - ok
12:56:40.0480 1264  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:56:40.0480 1264  MozillaMaintenance - ok
12:56:40.0496 1264  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:56:40.0496 1264  mpio - ok
12:56:40.0511 1264  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:56:40.0511 1264  mpsdrv - ok
12:56:40.0542 1264  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:56:40.0558 1264  MpsSvc - ok
12:56:40.0574 1264  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:56:40.0574 1264  MRxDAV - ok
12:56:40.0605 1264  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:56:40.0621 1264  mrxsmb - ok
12:56:40.0652 1264  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:56:40.0652 1264  mrxsmb10 - ok
12:56:40.0652 1264  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:56:40.0652 1264  mrxsmb20 - ok
12:56:40.0667 1264  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:56:40.0667 1264  msahci - ok
12:56:40.0714 1264  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:56:40.0714 1264  msdsm - ok
12:56:40.0730 1264  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:56:40.0730 1264  MSDTC - ok
12:56:40.0761 1264  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:56:40.0761 1264  Msfs - ok
12:56:40.0792 1264  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:56:40.0792 1264  mshidkmdf - ok
12:56:40.0808 1264  MSICDSetup - ok
12:56:40.0839 1264  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:56:40.0839 1264  msisadrv - ok
12:56:40.0871 1264  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:56:40.0871 1264  MSiSCSI - ok
12:56:40.0871 1264  msiserver - ok
12:56:40.0902 1264  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:56:40.0902 1264  MSKSSRV - ok
12:56:40.0917 1264  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:56:40.0917 1264  MSPCLOCK - ok
12:56:40.0917 1264  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:56:40.0933 1264  MSPQM - ok
12:56:40.0949 1264  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:56:40.0949 1264  MsRPC - ok
12:56:40.0949 1264  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:56:40.0949 1264  mssmbios - ok
12:56:40.0964 1264  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:56:40.0964 1264  MSTEE - ok
12:56:40.0964 1264  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:56:40.0964 1264  MTConfig - ok
12:56:40.0980 1264  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:56:40.0980 1264  Mup - ok
12:56:41.0027 1264  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:56:41.0027 1264  napagent - ok
12:56:41.0058 1264  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:56:41.0074 1264  NativeWifiP - ok
12:56:41.0105 1264  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:56:41.0121 1264  NDIS - ok
12:56:41.0152 1264  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:56:41.0152 1264  NdisCap - ok
12:56:41.0167 1264  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:56:41.0167 1264  NdisTapi - ok
12:56:41.0199 1264  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:56:41.0199 1264  Ndisuio - ok
12:56:41.0214 1264  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:56:41.0230 1264  NdisWan - ok
12:56:41.0230 1264  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:56:41.0230 1264  NDProxy - ok
12:56:41.0261 1264  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:56:41.0261 1264  NetBIOS - ok
12:56:41.0277 1264  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:56:41.0277 1264  NetBT - ok
12:56:41.0292 1264  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:56:41.0292 1264  Netlogon - ok
12:56:41.0339 1264  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:56:41.0339 1264  Netman - ok
12:56:41.0355 1264  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:56:41.0355 1264  netprofm - ok
12:56:41.0386 1264  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:56:41.0386 1264  NetTcpPortSharing - ok
12:56:41.0496 1264  [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:56:41.0558 1264  Netzmanager Service - ok
12:56:41.0589 1264  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:56:41.0589 1264  nfrd960 - ok
12:56:41.0621 1264  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:56:41.0621 1264  NlaSvc - ok
12:56:41.0667 1264  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:56:41.0667 1264  Npfs - ok
12:56:41.0683 1264  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:56:41.0683 1264  nsi - ok
12:56:41.0683 1264  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:56:41.0683 1264  nsiproxy - ok
12:56:41.0730 1264  [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:56:41.0730 1264  nSvcIp - ok
12:56:41.0792 1264  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:56:41.0808 1264  Ntfs - ok
12:56:41.0824 1264  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:56:41.0824 1264  Null - ok
12:56:41.0855 1264  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
12:56:41.0855 1264  NVENETFD - ok
12:56:41.0902 1264  [ 0E616537F3E12D4C9FB71181C2F21BD5 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
12:56:41.0902 1264  NVHDA - ok
12:56:42.0058 1264  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:56:42.0214 1264  nvlddmkm - ok
12:56:42.0246 1264  [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
12:56:42.0246 1264  NVNET - ok
12:56:42.0277 1264  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:56:42.0277 1264  nvraid - ok
12:56:42.0292 1264  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:56:42.0292 1264  nvstor - ok
12:56:42.0308 1264  [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
12:56:42.0308 1264  nvstor32 - ok
12:56:42.0355 1264  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:56:42.0371 1264  nvsvc - ok
12:56:42.0449 1264  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:56:42.0464 1264  nvUpdatusService - ok
12:56:42.0511 1264  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:56:42.0511 1264  nv_agp - ok
12:56:42.0527 1264  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:56:42.0527 1264  ohci1394 - ok
12:56:42.0574 1264  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:56:42.0574 1264  ose - ok
12:56:42.0605 1264  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:56:42.0605 1264  p2pimsvc - ok
12:56:42.0636 1264  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:56:42.0636 1264  p2psvc - ok
12:56:42.0683 1264  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:56:42.0683 1264  Parport - ok
12:56:42.0714 1264  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:56:42.0714 1264  partmgr - ok
12:56:42.0730 1264  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:56:42.0730 1264  Parvdm - ok
12:56:42.0730 1264  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:56:42.0746 1264  PcaSvc - ok
12:56:42.0792 1264  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:56:42.0792 1264  pci - ok
12:56:42.0792 1264  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:56:42.0792 1264  pciide - ok
12:56:42.0808 1264  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:56:42.0824 1264  pcmcia - ok
12:56:42.0824 1264  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:56:42.0824 1264  pcw - ok
12:56:42.0855 1264  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:56:42.0855 1264  PEAUTH - ok
12:56:42.0902 1264  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:56:42.0933 1264  pla - ok
12:56:42.0980 1264  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:56:42.0980 1264  PlugPlay - ok
12:56:43.0027 1264  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
12:56:43.0027 1264  PnkBstrA - ok
12:56:43.0042 1264  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:56:43.0042 1264  PNRPAutoReg - ok
12:56:43.0058 1264  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:56:43.0058 1264  PNRPsvc - ok
12:56:43.0089 1264  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
12:56:43.0089 1264  Point32 - ok
12:56:43.0121 1264  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:56:43.0121 1264  PolicyAgent - ok
12:56:43.0152 1264  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:56:43.0152 1264  Power - ok
12:56:43.0183 1264  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:56:43.0183 1264  PptpMiniport - ok
12:56:43.0214 1264  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:56:43.0214 1264  Processor - ok
12:56:43.0246 1264  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:56:43.0246 1264  ProfSvc - ok
12:56:43.0261 1264  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:56:43.0261 1264  ProtectedStorage - ok
12:56:43.0292 1264  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:56:43.0292 1264  Psched - ok
12:56:43.0324 1264  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:56:43.0355 1264  ql2300 - ok
12:56:43.0371 1264  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:56:43.0371 1264  ql40xx - ok
12:56:43.0402 1264  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:56:43.0402 1264  QWAVE - ok
12:56:43.0417 1264  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:56:43.0417 1264  QWAVEdrv - ok
12:56:43.0417 1264  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:56:43.0417 1264  RasAcd - ok
12:56:43.0449 1264  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:56:43.0449 1264  RasAgileVpn - ok
12:56:43.0464 1264  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:56:43.0464 1264  RasAuto - ok
12:56:43.0480 1264  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:56:43.0480 1264  Rasl2tp - ok
12:56:43.0511 1264  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:56:43.0511 1264  RasMan - ok
12:56:43.0527 1264  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:56:43.0527 1264  RasPppoe - ok
12:56:43.0558 1264  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:56:43.0558 1264  RasSstp - ok
12:56:43.0574 1264  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:56:43.0574 1264  rdbss - ok
12:56:43.0589 1264  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:56:43.0589 1264  rdpbus - ok
12:56:43.0605 1264  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:43.0605 1264  RDPCDD - ok
12:56:43.0621 1264  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:56:43.0621 1264  RDPENCDD - ok
12:56:43.0636 1264  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:56:43.0636 1264  RDPREFMP - ok
12:56:43.0667 1264  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:56:43.0667 1264  RDPWD - ok
12:56:43.0683 1264  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:56:43.0683 1264  rdyboost - ok
12:56:43.0699 1264  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:56:43.0699 1264  RemoteAccess - ok
12:56:43.0714 1264  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:56:43.0714 1264  RemoteRegistry - ok
12:56:43.0746 1264  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:56:43.0746 1264  RpcEptMapper - ok
12:56:43.0761 1264  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:56:43.0761 1264  RpcLocator - ok
12:56:43.0777 1264  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:56:43.0777 1264  RpcSs - ok
12:56:43.0777 1264  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:56:43.0792 1264  rspndr - ok
12:56:43.0839 1264  [ 030129520D4C75CBA170E0F0C6040C68 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
12:56:43.0839 1264  RTL8192su - ok
12:56:43.0855 1264  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:56:43.0855 1264  SamSs - ok
12:56:43.0886 1264  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:56:43.0886 1264  sbp2port - ok
12:56:43.0902 1264  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:56:43.0902 1264  SCardSvr - ok
12:56:43.0933 1264  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:56:43.0933 1264  scfilter - ok
12:56:43.0949 1264  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:56:43.0964 1264  Schedule - ok
12:56:43.0964 1264  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:56:43.0964 1264  SCPolicySvc - ok
12:56:43.0996 1264  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:56:43.0996 1264  SDRSVC - ok
12:56:44.0027 1264  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:56:44.0027 1264  secdrv - ok
12:56:44.0042 1264  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:56:44.0042 1264  seclogon - ok
12:56:44.0058 1264  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:56:44.0058 1264  SENS - ok
12:56:44.0089 1264  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:56:44.0089 1264  SensrSvc - ok
12:56:44.0105 1264  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:56:44.0105 1264  Serenum - ok
12:56:44.0105 1264  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:56:44.0105 1264  Serial - ok
12:56:44.0136 1264  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:56:44.0136 1264  sermouse - ok
12:56:44.0167 1264  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:56:44.0167 1264  SessionEnv - ok
12:56:44.0183 1264  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:56:44.0183 1264  sffdisk - ok
12:56:44.0199 1264  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:56:44.0199 1264  sffp_mmc - ok
12:56:44.0214 1264  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:56:44.0214 1264  sffp_sd - ok
12:56:44.0214 1264  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:56:44.0230 1264  sfloppy - ok
12:56:44.0246 1264  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:56:44.0246 1264  SharedAccess - ok
12:56:44.0277 1264  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:56:44.0277 1264  ShellHWDetection - ok
12:56:44.0292 1264  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:56:44.0292 1264  sisagp - ok
12:56:44.0308 1264  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:56:44.0308 1264  SiSRaid2 - ok
12:56:44.0324 1264  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:56:44.0324 1264  SiSRaid4 - ok
12:56:44.0339 1264  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:56:44.0339 1264  Smb - ok
12:56:44.0386 1264  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:56:44.0386 1264  SNMPTRAP - ok
12:56:44.0402 1264  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:56:44.0402 1264  spldr - ok
12:56:44.0417 1264  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:56:44.0433 1264  Spooler - ok
12:56:44.0480 1264  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:56:44.0542 1264  sppsvc - ok
12:56:44.0558 1264  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:56:44.0558 1264  sppuinotify - ok
12:56:44.0589 1264  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:56:44.0589 1264  srv - ok
12:56:44.0605 1264  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:56:44.0605 1264  srv2 - ok
12:56:44.0621 1264  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:56:44.0621 1264  srvnet - ok
12:56:44.0652 1264  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:56:44.0652 1264  SSDPSRV - ok
12:56:44.0652 1264  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:56:44.0652 1264  SstpSvc - ok
12:56:44.0699 1264  Steam Client Service - ok
12:56:44.0761 1264  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:56:44.0761 1264  Stereo Service - ok
12:56:44.0792 1264  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:56:44.0792 1264  stexstor - ok
12:56:44.0824 1264  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:56:44.0824 1264  StiSvc - ok
12:56:44.0839 1264  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:56:44.0839 1264  swenum - ok
12:56:44.0855 1264  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:56:44.0855 1264  swprv - ok
12:56:44.0902 1264  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:56:44.0917 1264  SysMain - ok
12:56:44.0933 1264  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:56:44.0933 1264  TabletInputService - ok
12:56:44.0964 1264  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:56:44.0964 1264  TapiSrv - ok
12:56:44.0964 1264  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:56:44.0980 1264  TBS - ok
12:56:45.0011 1264  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:56:45.0042 1264  Tcpip - ok
12:56:45.0074 1264  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:56:45.0074 1264  TCPIP6 - ok
12:56:45.0105 1264  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:56:45.0105 1264  tcpipreg - ok
12:56:45.0136 1264  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:56:45.0136 1264  TDPIPE - ok
12:56:45.0152 1264  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:56:45.0167 1264  TDTCP - ok
12:56:45.0183 1264  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:56:45.0183 1264  tdx - ok
12:56:45.0277 1264  [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
12:56:45.0277 1264  TelekomNM3 - ok
12:56:45.0277 1264  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:56:45.0292 1264  TermDD - ok
12:56:45.0308 1264  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:56:45.0324 1264  TermService - ok
12:56:45.0339 1264  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:56:45.0339 1264  Themes - ok
12:56:45.0355 1264  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:56:45.0355 1264  THREADORDER - ok
12:56:45.0371 1264  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:56:45.0371 1264  TrkWks - ok
12:56:45.0417 1264  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:56:45.0417 1264  TrustedInstaller - ok
12:56:45.0433 1264  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:56:45.0433 1264  tssecsrv - ok
12:56:45.0480 1264  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:56:45.0480 1264  TsUsbFlt - ok
12:56:45.0511 1264  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:56:45.0527 1264  tunnel - ok
12:56:45.0542 1264  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:56:45.0542 1264  uagp35 - ok
12:56:45.0558 1264  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:56:45.0574 1264  udfs - ok
12:56:45.0667 1264  [ 0CA9E659B7053D398052776AC936B167 ] UI Assistant Service C:\Program Files\Mobile Partner Manager\AssistantServices.exe
12:56:45.0667 1264  UI Assistant Service - ok
12:56:45.0699 1264  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:56:45.0699 1264  UI0Detect - ok
12:56:45.0730 1264  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:56:45.0730 1264  uliagpkx - ok
12:56:45.0761 1264  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
12:56:45.0761 1264  umbus - ok
12:56:45.0777 1264  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:56:45.0777 1264  UmPass - ok
12:56:45.0792 1264  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:56:45.0792 1264  upnphost - ok
12:56:45.0839 1264  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:56:45.0839 1264  usbaudio - ok
12:56:45.0871 1264  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:56:45.0871 1264  usbccgp - ok
12:56:45.0902 1264  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:56:45.0902 1264  usbcir - ok
12:56:45.0917 1264  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:56:45.0917 1264  usbehci - ok
12:56:45.0949 1264  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:56:45.0949 1264  usbhub - ok
12:56:45.0980 1264  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:56:45.0980 1264  usbohci - ok
12:56:45.0996 1264  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:56:45.0996 1264  usbprint - ok
12:56:46.0011 1264  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:56:46.0011 1264  USBSTOR - ok
12:56:46.0027 1264  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:56:46.0027 1264  usbuhci - ok
12:56:46.0058 1264  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:56:46.0058 1264  usbvideo - ok
12:56:46.0074 1264  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:56:46.0074 1264  UxSms - ok
12:56:46.0089 1264  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:56:46.0089 1264  VaultSvc - ok
12:56:46.0121 1264  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:56:46.0121 1264  vdrvroot - ok
12:56:46.0152 1264  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:56:46.0152 1264  vds - ok
12:56:46.0167 1264  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:56:46.0167 1264  vga - ok
12:56:46.0183 1264  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:56:46.0183 1264  VgaSave - ok
12:56:46.0214 1264  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:56:46.0214 1264  vhdmp - ok
12:56:46.0230 1264  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:56:46.0230 1264  viaagp - ok
12:56:46.0246 1264  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:56:46.0246 1264  ViaC7 - ok
12:56:46.0308 1264  [ 4B1C025D194BBB41B1D7E86B54D88DC1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:56:46.0324 1264  VIAHdAudAddService - ok
12:56:46.0355 1264  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:56:46.0355 1264  viaide - ok
12:56:46.0371 1264  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:56:46.0371 1264  volmgr - ok
12:56:46.0386 1264  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:56:46.0386 1264  volmgrx - ok
12:56:46.0402 1264  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:56:46.0402 1264  volsnap - ok
12:56:46.0433 1264  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:56:46.0433 1264  vsmraid - ok
12:56:46.0464 1264  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:56:46.0480 1264  VSS - ok
12:56:46.0496 1264  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:56:46.0496 1264  vwifibus - ok
12:56:46.0527 1264  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:56:46.0527 1264  vwififlt - ok
12:56:46.0574 1264  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:56:46.0574 1264  W32Time - ok
12:56:46.0589 1264  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:56:46.0589 1264  WacomPen - ok
12:56:46.0621 1264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:56:46.0621 1264  WANARP - ok
12:56:46.0621 1264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:56:46.0621 1264  Wanarpv6 - ok
12:56:46.0667 1264  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:56:46.0683 1264  wbengine - ok
12:56:46.0714 1264  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:56:46.0730 1264  WbioSrvc - ok
12:56:46.0746 1264  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:56:46.0746 1264  wcncsvc - ok
12:56:46.0761 1264  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:56:46.0777 1264  WcsPlugInService - ok
12:56:46.0777 1264  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:56:46.0777 1264  Wd - ok
12:56:46.0808 1264  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:56:46.0808 1264  Wdf01000 - ok
12:56:46.0808 1264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:56:46.0824 1264  WdiServiceHost - ok
12:56:46.0824 1264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:56:46.0824 1264  WdiSystemHost - ok
12:56:46.0855 1264  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:56:46.0855 1264  WebClient - ok
12:56:46.0871 1264  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:56:46.0871 1264  Wecsvc - ok
12:56:46.0886 1264  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:56:46.0886 1264  wercplsupport - ok
12:56:46.0917 1264  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:56:46.0917 1264  WerSvc - ok
12:56:46.0949 1264  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:56:46.0949 1264  WfpLwf - ok
12:56:46.0964 1264  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:56:46.0964 1264  WIMMount - ok
12:56:47.0011 1264  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:56:47.0027 1264  WinDefend - ok
12:56:47.0027 1264  WinHttpAutoProxySvc - ok
12:56:47.0074 1264  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:56:47.0074 1264  Winmgmt - ok
12:56:47.0136 1264  [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0  C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
12:56:47.0136 1264  WinRing0_1_2_0 - ok
12:56:47.0183 1264  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:56:47.0199 1264  WinRM - ok
12:56:47.0230 1264  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:56:47.0230 1264  WinUsb - ok
12:56:47.0261 1264  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:56:47.0277 1264  Wlansvc - ok
12:56:47.0339 1264  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:56:47.0371 1264  wlidsvc - ok
12:56:47.0386 1264  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:56:47.0386 1264  WmiAcpi - ok
12:56:47.0417 1264  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:56:47.0417 1264  wmiApSrv - ok
12:56:47.0464 1264  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:56:47.0480 1264  WMPNetworkSvc - ok
12:56:47.0496 1264  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:56:47.0496 1264  WPCSvc - ok
12:56:47.0527 1264  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:56:47.0527 1264  WPDBusEnum - ok
12:56:47.0558 1264  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:56:47.0558 1264  ws2ifsl - ok
12:56:47.0574 1264  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:56:47.0574 1264  wscsvc - ok
12:56:47.0589 1264  WSearch - ok
12:56:47.0636 1264  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:56:47.0683 1264  wuauserv - ok
12:56:47.0714 1264  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:56:47.0714 1264  WudfPf - ok
12:56:47.0746 1264  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:56:47.0746 1264  WUDFRd - ok
12:56:47.0761 1264  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:56:47.0777 1264  wudfsvc - ok
12:56:47.0777 1264  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:56:47.0777 1264  WwanSvc - ok
12:56:47.0824 1264  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:56:47.0824 1264  ZTEusbmdm6k - ok
12:56:47.0839 1264  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:56:47.0839 1264  ZTEusbnmea - ok
12:56:47.0855 1264  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:56:47.0855 1264  ZTEusbser6k - ok
12:56:47.0871 1264  ================ Scan global ===============================
12:56:47.0902 1264  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:56:47.0933 1264  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
12:56:47.0933 1264  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
12:56:47.0949 1264  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:56:47.0996 1264  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:56:47.0996 1264  [Global] - ok
12:56:47.0996 1264  ================ Scan MBR ==================================
12:56:47.0996 1264  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:56:48.0464 1264  \Device\Harddisk0\DR0 - ok
12:56:48.0464 1264  ================ Scan VBR ==================================
12:56:48.0464 1264  [ AA219A9D006AB9085A4DC696A6C5D99C ] \Device\Harddisk0\DR0\Partition1
12:56:48.0464 1264  \Device\Harddisk0\DR0\Partition1 - ok
12:56:48.0464 1264  ============================================================
12:56:48.0464 1264  Scan finished
12:56:48.0464 1264  ============================================================
12:56:48.0480 1664  Detected object count: 0
12:56:48.0480 1664  Actual detected object count: 0
12:57:03.0324 1520  Deinitialize success
         
gefunden.

Alt 14.02.2013, 13:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 14:49   #13
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-13.02 - Pascal 14.02.2013  14:37:52.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.2120 [GMT 1:00]
ausgeführt von:: c:\users\Pascal\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Security Suite CBE 11 *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Security Suite CBE 11 *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Kaspersky Security Suite CBE 11 *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\DealBulldog Toolbar
c:\program files\DealBulldog Toolbar\affid.dat
c:\program files\DealBulldog Toolbar\alert_plugin.dll
c:\program files\DealBulldog Toolbar\basis.xml
c:\program files\DealBulldog Toolbar\icons.bmp
c:\program files\DealBulldog Toolbar\info.txt
c:\program files\DealBulldog Toolbar\install.ico
c:\program files\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files\DealBulldog Toolbar\mbback.bmp
c:\program files\DealBulldog Toolbar\mbbigopen.bmp
c:\program files\DealBulldog Toolbar\mbclose.bmp
c:\program files\DealBulldog Toolbar\mbfwd.bmp
c:\program files\DealBulldog Toolbar\mbsep.bmp
c:\program files\DealBulldog Toolbar\nav1c.bmp
c:\program files\DealBulldog Toolbar\somoto.dll
c:\program files\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files\DealBulldog Toolbar\tbcore3.dll
c:\program files\DealBulldog Toolbar\tbcore3.inf
c:\program files\DealBulldog Toolbar\tbHElper.dll
c:\program files\DealBulldog Toolbar\TbHelper2.exe
c:\program files\DealBulldog Toolbar\uninstall.exe
c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files\DealBulldog Toolbar\update.exe
c:\program files\DealBulldog Toolbar\version.txt
c:\programdata\7084724.pad
c:\users\Pascal\AppData\Roaming\Microsoft\~DFK5cf31a.tmp
c:\users\Pascal\videos\mp3DirectCut.exe
c:\windows\system32\roboot.exe
c:\windows\system32\tmp5E46.tmp
c:\windows\system32\tmp5E67.tmp
c:\windows\system32\tmpFDA6.tmp
c:\windows\system32\tmpFDB7.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-14 bis 2013-02-14  ))))))))))))))))))))))))))))))
.
.
2013-02-13 23:04 . 2013-02-14 13:20	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A63AC76-E5B2-4021-AB2A-B9D19D3AC874}\offreg.dll
2013-02-13 11:51 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-13 02:57 . 2009-07-14 01:14	8704	----a-w-	c:\windows\system32\ctfmon.exe.backup
2013-02-13 01:59 . 2013-02-13 02:43	--------	dc----w-	c:\program files\Astroburn Lite
2013-02-13 01:59 . 2013-02-13 01:59	--------	d-----w-	c:\programdata\Astroburn Lite
2013-02-13 00:33 . 2013-02-13 00:33	--------	d-----w-	c:\users\Pascal\AppData\Roaming\Malwarebytes
2013-02-13 00:33 . 2013-02-13 11:51	--------	dc----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-13 00:33 . 2013-02-13 00:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-29 11:55 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A63AC76-E5B2-4021-AB2A-B9D19D3AC874}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 02:57 . 2009-07-13 23:26	24064	----a-w-	c:\windows\system32\ctfmon.exe
2013-02-09 16:27 . 2012-04-28 12:19	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 16:27 . 2011-06-07 09:50	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2013-01-07 18:51	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-07 18:51	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 08:57	308736	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:57	2576384	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 08:57	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:57	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 08:57	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:57	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:57	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:57	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:57	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:57	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:57	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:57	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 08:57	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:57	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:57	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:57	55296	----a-w-	c:\windows\system32\cero.rs
2012-11-30 04:53 . 2013-01-09 08:59	169984	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 04:47 . 2013-01-09 08:59	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 08:59	271360	----a-w-	c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 08:59	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:59	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 21:57 . 2012-11-18 21:58	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-11-23 21:57 . 2012-11-18 22:11	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-11-23 21:57 . 2012-11-18 21:58	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-11-23 02:56 . 2013-01-09 09:05	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-23 02:48 . 2013-01-09 08:56	49152	----a-w-	c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-09 09:05	626688	----a-w-	c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 08:56	220160	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-18 22:11 . 2012-11-18 21:58	270240	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-11-18 21:58 . 2012-11-18 21:58	138056	----a-w-	c:\users\Pascal\AppData\Roaming\PnkBstrK.sys
2012-11-18 21:58 . 2012-11-18 21:58	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-07-21 13:50 . 2011-06-20 18:25	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-13 02:57 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\System32\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 14:54	175912	----a-w-	c:\program files\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-10 969104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files\XFastUsb\XFastUsb.exe" [2011-06-06 4942336]
"UIExec"="c:\program files\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2012-02-06 597504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Pascal\Desktop\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe [x]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Mobile Partner Manager\AssistantServices.exe [x]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 54561277
*NewlyCreated* - 72216825
*NewlyCreated* - ASWMBR
*Deregistered* - 54561277
*Deregistered* - 72216825
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 16:27]
.
2013-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-06-07 06:26]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 17:06]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 17:06]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000Core.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 19:44]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000UA.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 19:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4005449D-608D-4766-86BE-D3619A65B178}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\nni4695t.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-AshSnap - c:\program files\Ashampoo\Ashampoo Snap 4\ashsnap.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-DealBulldog Toolbar - c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-Free Mp3 Wma Converter_is1 - c:\program files\Free mp3 Wma Converter\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180806219-2987136475-2523560488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,1b,7a,79,50,89,32,d5,d1,de,10,c9,60,cd,c4,74,8b,35,13,ed,ae,85,62,
   dc,fa,ea,f3,03,fd,2b,5d,68,0a,ce,06,48,5e,ce,f5,7f,59,fd,a8,18,11,dc,a8,22,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3180806219-2987136475-2523560488-1000\Software\SecuROM\License information*]
"datasecu"=hex:75,f8,51,dd,79,15,4c,db,1f,28,be,ba,99,0b,ba,a5,ba,16,cc,90,c1,
   7c,64,f7,1d,90,aa,a4,36,54,a5,96,bb,ea,2a,5a,0b,95,73,4e,ab,a8,21,ef,b3,c9,\
"rkeysecu"=hex:cc,31,02,7e,6f,de,78,e6,1e,62,81,55,72,bf,9f,94
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-14  14:44:28
ComboFix-quarantined-files.txt  2013-02-14 13:44
.
Vor Suchlauf: 10 Verzeichnis(se), 168.460.509.184 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 168.341.696.512 Bytes frei
.
- - End Of File - - FE97DC320D01AF848B15056784B946FE
         
--- --- ---

Alt 14.02.2013, 15:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Zitat:
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Security Suite CBE 11 *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
Ähm hallo? warum hast du denn Avast und Kaspersky gleichzeitig installiert, man verwendet niemals zwei wolcher Virenscanner gleichzeitig!

Bitte umgehend einen der beiden deinstallieren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 16:03   #15
PascalReger
 
Gvu trojaner 2013 mit webcam infiziert - Standard

Gvu trojaner 2013 mit webcam infiziert



Gesagt, getan. Kaspersky ist weg

Antwort

Themen zu Gvu trojaner 2013 mit webcam infiziert
abgesicherten, anti-malware, bildschirm, bios, dringen, dringen hilfe, feedback, gestern, grand theft auto, gvutrojaner, infiziert, infizierte, install.exe, interne, internet, kein zugriff, launch, malwarebytes, minute, minuten, morgen, nexus, notfall, nvidia update, origin, quarantäne, recuva, starte, systemwiederherstellung, troja, trojaner, verschwunden, webcam, zugriff



Ähnliche Themen: Gvu trojaner 2013 mit webcam infiziert


  1. Vermutlich infiziert, "VIS_DE-2013-12-13.exe" (und mehr) gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (17)
  2. Smart Guard Protection 2013 infiziert
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (11)
  3. Windows 7: Kaspersky Internet Security 2013 findet Trojaner HEUR:Exploit.Java.CVE-2013-1493.gen
    Log-Analyse und Auswertung - 20.11.2013 (57)
  4. GVU Trojaner - Windows XP Mai 2013
    Log-Analyse und Auswertung - 30.09.2013 (4)
  5. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013 Ran by Verena (administrator) on 24-07-2013 20:57:45 Running f
    Mülltonne - 24.07.2013 (1)
  6. GVU Trojaner 2013 unter Windows8
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (2)
  7. GVU Trojaner 2013 [win xp SP3]
    Log-Analyse und Auswertung - 19.06.2013 (3)
  8. TechEd 2013: Visual Studio 2013 angekündigt
    Nachrichten - 04.06.2013 (0)
  9. XP System infiziert! TR/Ransom.Blocker.bgtk/.bgjy-EXP/Pidief.eho-EXP/CVE-2013-1493.A.87
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (13)
  10. GVU Trojaner 2013
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (13)
  11. 2x GVU Trojaner 2013 unter Windows8
    Mülltonne - 18.05.2013 (0)
  12. GVU/BKA-Trojaner 2013 - Logfile
    Log-Analyse und Auswertung - 13.04.2013 (12)
  13. BSI Trojaner 31.01.2013
    Log-Analyse und Auswertung - 05.04.2013 (18)
  14. EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (26)
  15. XP GVU-Trojaner März 2013
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (5)
  16. GVU-Trojaner (mit Webcam-Bildchen) infiziert
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (13)
  17. GVU Trojaner mit webcam infiziert rechner
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)

Zum Thema Gvu trojaner 2013 mit webcam infiziert - GVU TROJANER 2013 MIT WEBCAM Guten Morgen, Ich habe mir gestern Nacht den GVU TROJANER mit Webcam eingefangen. Die "Notfall CD" lässt sich über das BIOS nicht starten. Ich habe - Gvu trojaner 2013 mit webcam infiziert...
Archiv
Du betrachtest: Gvu trojaner 2013 mit webcam infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.