Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt (https://www.trojaner-board.de/117711-redirector-adware-tracking-cookie-krieg-geloescht-microsoft-se-rundll-32-geblockt.html)

danke 21.06.2012 15:18
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt
 
Hallo Ihr Lieben,

Das hier ist mein erster Forum Post also entschuldige ich mich hier schonmal für alle Rechtschreibfehler und andere Fehler.

Ich nutze Windows 7 Ultimate 64 bit Service pack 1

Ich habe große Probleme mit meinem Computer.

vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben.

Nach dem doppelklick verschwand die datei und bei jedem Start von windows sah man kurz die eingabeaufforderung mit der Überschrift : amd accelerated video transcoding device initialisation

habe das dann über den catalyst deinstalliert hat aber nichts gebracht.

Ich kann mit sicherheit sagen das ich einen Redirector habe und bestimmt noch mehr...

Benutze Opera und von google aus redirected der mich immer

wenn der pc hochfährt ist Microsoft Security Essentials nicht geöffnet...

wenn ich im task manager bei prozesse rundll 32 hostprotzess beende lässt sich Microsoft Security Essentials starten ansonsten schliesst es sich sofort wieder.

Zusätzlich kann ich in mein Lieblings Onlinerollenspiel Eden Eternal nicht mehr connecten.

Vor ein Paar monaten hatte ich schonmal einen redirector den ich aber erfolgreich mit TDSS Killer gekillt habe.

Ich habe Malwarebytes anti malware mehrmals durchlaufen lassen das findet nichts mehr.

Nur superantispyware findet nach jedem neustart erneut Adware Tracking cookie.

Ich habe auch verschiedene Online Scans durchlaufen lassen

Ich habe schonmal ein paar logfiles vorbereitet ich hoffe ich poste die hier richtig.

Jetzt kommts Malwarebytes anti Malware Quarantäne:

hxxp://www10.pic-upload.de/21.06.12/wjpsm322i9ap.png



OTL Log:OTL Logfile:
Code:
OTL logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\GUILD WARS\Gw.exe (ArenaNet)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Fab\AppData\Local\Temp\GwA6494.tmp ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COM Service) -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Tosrfhid) -- C:\Windows\SysWOW64\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbd) -- C:\Windows\SysWOW64\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\SysWOW64\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\SysWOW64\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\SysWOW64\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\SysWOW64\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\SysWOW64\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\SysWOW64\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4
FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M]
 
[2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions
[2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.19 22:00:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe
[2012.06.18 23:05:55 | 000,171,176 | ---- | C] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll
[2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2012.06.14 17:45:30 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 17:45:30 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 17:45:09 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 17:45:09 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 17:43:29 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe
[2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41
[2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package
[2012.05.22 00:14:58 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Local\Aeria Games
[2012.05.22 00:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.05.22 00:10:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.05.22 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 22:06:12 | 000,026,786 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.19 22:06:12 | 000,005,598 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.19 22:06:12 | 000,004,382 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.19 22:01:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 14:36:50 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.06.19 14:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 14:36:01 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 06:19:47 | 002,109,032 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:42:30 | 000,171,176 | ---- | M] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll
[2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 22:04:17 | 000,850,383 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.14 17:44:44 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 17:44:44 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 17:44:44 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 17:44:43 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 17:44:43 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.14 17:43:38 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe
[2012.06.14 17:32:20 | 001,624,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.14 17:32:20 | 000,709,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:32:20 | 000,662,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:32:20 | 000,153,626 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:32:20 | 000,125,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 17:32:06 | 001,624,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 01:27:30 | 007,214,239 | ---- | M] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar
[2012.06.13 03:00:37 | 000,000,612 | ---- | M] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.13 01:24:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.13 01:24:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.05.29 10:47:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:36:53 | 000,026,786 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.19 14:36:53 | 000,005,598 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.19 14:36:53 | 000,004,382 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.19 06:19:42 | 002,109,032 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat
[2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 22:04:14 | 000,850,383 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.14 01:27:28 | 007,214,239 | ---- | C] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar
[2012.06.13 03:00:37 | 000,000,612 | ---- | C] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg
[2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini
[2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini
[2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif
[2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start
[2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd
[2011.03.29 22:37:47 | 001,624,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe
[2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe
[2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe
[2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat
[2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat
[2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe
[2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2011.04.09 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.01.28 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.05.19 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job
[2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---







OTL Extras Log:OTL Logfile:
Code:
OTL Extras logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EF41B0-CAB2-470A-BE02-58C62994F8B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C03FC63-0AE1-4FAE-8B81-B033A73F7447}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11F7058B-800D-4970-BFFA-D9F2751EE613}" = lport=139 | protocol=6 | dir=in | app=system |
"{178588F0-1F8A-42B4-B530-56DCB7D4DB6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A6427FB-ADAB-4E9C-A376-6BEC986C5471}" = lport=137 | protocol=17 | dir=in | app=system |
"{266A12B9-1295-4127-97FD-5E9F018B181A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26DE9AA3-E51D-4051-B540-B90F870ED3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{581D7069-049E-4F1D-8D60-2A60EBA251A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6585C237-A68E-41E1-803D-F08C0B0C7BAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{690B3DB0-23FC-4355-A09C-828065EFD61A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{741F91D2-7ABC-41C5-8EEB-D62C2DDE513A}" = rport=139 | protocol=6 | dir=out | app=system |
"{98D1F993-70B2-4699-B120-0DC1E49B31C2}" = lport=3389 | protocol=6 | dir=in | app=system |
"{A23EC258-F84B-4401-885C-97668D10EE82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5C51AC0-E014-44BB-87A6-D51D1404C544}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD6027F0-DB44-4EA6-8898-418E6B8D1DCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADBC0A2E-2EE9-43BF-A4D0-52D9AC8EAFB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADCC6908-15FF-450B-83D5-B32C1E7EB813}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C959795E-BC98-40DD-81D0-719775323F43}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9A11643-2764-4CFF-9701-AC4540B04984}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD9042B4-AC28-4145-8957-A0DDF32D9AE1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{CD9D8EE6-65EA-4564-8D0A-FBE30B8535CA}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface |
"{D623C146-4ECE-400C-9C21-113D52E4E56B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8922840-E9CF-4867-B6E2-53B52091C955}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E14974BC-2AE1-4AE2-9DC7-8B5B26E37EB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E4E4443E-65A3-4C4C-83FD-1B551A8F324F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6D05149-14A8-4164-BF50-27753EC84CFE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EC0D9165-2E7D-4A06-9A34-EEA1249BC416}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{ECE92AFE-B286-47AA-B5FC-382536AECA50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EED8BC73-0341-42F9-9DFC-D34DAFF9B84D}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |
"{F03203A7-463C-477A-BCD9-4B207C8AA7E4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0C8BA13-109F-4CEC-AD5F-0B94ED493C3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC383E-E754-43D0-8325-9257E063AF59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{09F746B0-87D8-4B32-A609-7DD7179DB6A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11FBC199-A243-40C7-843B-D2C1399DBFA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{125091D0-AA6A-4CE7-9368-E8A70077A5CC}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{1379ED50-F62F-431B-BB64-B00F9582B5C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{13A8BD29-D37A-4334-B23B-144BA174AC96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{14D815F2-FE8C-4947-BEFA-D237674DDD60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{176BCD48-06F9-4EBF-A556-A4F6743683FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17ACC1BA-DBA5-42EB-8FB4-8501F680B2C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1DECC78F-4579-4B6A-B4CA-4A4102B1F4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1F51B874-C061-43DA-ADDD-6FC81646A7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8A2EDB-AD4C-48E9-8FD6-95C9C5F912BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{22EE52EF-C2AA-4871-A14A-3EDD6822FF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{2DEC0B17-E82E-4C3A-9393-55F50D587EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{2EA01679-A5BB-43C6-A9A9-3FC5E00BF97F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{38306820-5691-4862-9C06-11BA08ED269D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{385BB579-8E89-4188-8B8F-488E3B0B42D8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40F25EA6-B2D1-4244-A1B2-FDA9C51F524C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{416DFF77-5D8F-4EB0-B117-7254F21F1768}" = protocol=6 | dir=out | app=system |
"{4377EDCB-EFD6-4F68-AF14-79DEB1B093E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4764E023-B81C-4ED3-8A74-25FE49CA366B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49682710-7B59-4970-B69A-0AD196DA637B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C227F96-4237-4069-BA5C-61824F85D807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C566F24-1F77-4F7E-9B2A-A09A6E1BBDD6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{4C7A56C3-B0B0-466E-911A-06EF46342BCA}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{4D37F240-74AF-4B2F-9FEC-8E306C7A655E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{4F61D0E1-7C66-4E00-A4AE-FD8245997048}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{563DE42C-FA31-4CAA-83E6-8440CD98FFD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3986C7-A275-49DE-9BD8-3A9CC5A6B7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{5F3DFFA2-1F95-471B-BB95-16212902DDFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64CE7BC5-53A8-4C35-A7D3-118C58CD5286}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68D012D4-EC77-4722-B628-F96C7CEFA910}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{6B774879-3A14-44F2-A16B-88B9A340E1E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CB74588-476F-40E4-936D-53B2AB371457}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6E1202A1-8315-4788-9BB6-035C206EE951}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{75198A66-70C1-4128-BA36-5E9E007D668C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{75D02F41-5F26-4D97-9C55-40A83B1566CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7ADB45AD-022B-474B-8129-12D5522E5EA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{7D52E935-95CE-4A8D-98B6-7BF9F493AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe |
"{7F8B91C0-CA76-46E4-A1EE-2FED8CB2BE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FC2A7B1-7646-4F6D-BE1B-0742B3B64DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe |
"{7FEED177-8664-4D08-BFC3-AFC571021C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{84CF5879-B40B-47FB-96B5-F78462163A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{873D9CDE-CCC0-4D36-BD12-FAD47F6B533E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88142BA3-7B75-4CBB-8B8D-0EB93E1585E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E9C6E54-0DC7-4AA5-828C-A0071C05934A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{90A79170-E002-4EE6-95A5-F1BB8FC2BBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{94434C26-1448-4B8A-8044-B593957808A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{953D439F-765F-494E-A2B5-FBBD285B82CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{9AC8D63F-49FD-4B8B-881B-AD71479312E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9F2CBEA9-F6E0-4004-955F-247903196534}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5DBD9DE-F67B-4EC9-A570-8B614D30F988}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A9CC0F2A-5545-48D3-A1DA-6BFDC2DF7A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{AF62CEBA-2114-4959-B847-B3A225AD8EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{AF92B122-BC71-4CB2-A1EC-48C2486A3D27}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AFC9D55A-F513-46B4-A00C-F7D1CBB7BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B0AEAE3F-0F78-4BF4-94DD-15296BCA2A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B4E06326-5D8D-4D3D-B8FA-8DFA1CC4B64B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9FD189F-C4AB-4E31-919B-E3CB9AA5EF8A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{BA1E0A5D-9A38-4F27-8734-58CBB7223921}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{C79F3D64-D5ED-415E-8CAC-35A7C5057251}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CB5F2B29-43AA-4FE2-8146-50EA06ED5F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{CC86ECB0-DC4B-4350-967F-8A1B69B445BA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CD732F82-EA33-42BA-958D-CC3BA86559DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1B75B1C-DB22-4A24-912A-D352BA54D669}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{D7862D59-C2BF-42E1-89EC-4B2B7920DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{D8228A9D-5651-4515-A4E1-18D585B6C5AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D8909193-565D-418F-B443-4E6E530D72DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E1713D19-A052-4DDF-B509-01D90FC85B39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E190C9C8-AA75-4B8C-8E19-54FF669CA775}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E4B72983-D2B5-4561-B9CF-76366D5998F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5CF9753-F3E6-4B36-A167-A9E352B953FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E7D8D36F-F577-4413-B8D7-C09F30187A68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EA78ED9E-7028-4749-9F8F-154475A4A8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{ED96ADED-92DF-4C35-8BA2-93041AC7E730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{EDF229CB-26F4-402B-A241-11AC4BD39994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F733AF3C-2149-42A2-BEF4-A536999C66AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9BEC370-8756-4966-B98B-1B6DD8863FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{FC80EB70-127E-4964-868B-550095424FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{02EC41FD-6434-4D47-9251-3574A2D8AC10}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe |
"TCP Query User{180F4CDE-D0E6-4FE6-A744-12A97C0DDB82}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe |
"TCP Query User{186D5C6B-08CA-40F4-B3C6-DFB6355886F9}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe |
"TCP Query User{19FA06A6-7EA0-4BF5-9A94-033E8A10BDFC}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{254F1699-BDD7-4122-BBEF-2E6EB28CCE15}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe |
"TCP Query User{265C4279-8513-4F61-83C4-2D428E3F9694}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe |
"TCP Query User{29F09BA2-03FE-41E3-B8F0-C8E5117966DD}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe |
"TCP Query User{360102C7-ADFE-41FA-AC1B-592B28EB6965}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe |
"TCP Query User{397E11B9-713D-4FB8-9AA7-E30CE9DAE587}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe |
"TCP Query User{4261E750-B22B-432C-A586-E1DD4BC6D4B3}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe |
"TCP Query User{4AC25604-EE34-48F9-92C5-8DB18A8FFBF6}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe |
"TCP Query User{5364CCD5-942C-45E0-AFD4-E3527413D92C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{58E1807B-2D0E-4F5F-BDEC-1638E39588F2}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{7016029C-CA4B-4717-8F5B-46E773F00E82}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{833DA657-F368-49D9-8ACD-37526A312ECB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{8CBE8C06-B119-4392-9CFD-40C5007947CF}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe |
"TCP Query User{8D6C454B-1E36-4549-98F6-E8B0F3E2CCAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{9496B09A-C614-4EAD-B854-63BB23D97453}C:\program files (x86)\remote mouse\server\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"TCP Query User{96A9022F-8DF6-447F-9A67-ECD4AA6335BE}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe |
"TCP Query User{9DFB931E-1C7B-44A3-B705-2422B384F580}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe |
"TCP Query User{AB7EDAB9-9C0E-4CE0-975C-9B2D62CCFB84}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe |
"TCP Query User{AE493C6E-835F-4B33-9A3C-E3C790017511}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe |
"TCP Query User{C8CACC9F-3DC6-49C2-8217-C25523EFA949}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"TCP Query User{CACB0CAC-74D0-4A9B-AF1F-90DA9DAF6442}C:\users\fab\desktop\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe |
"TCP Query User{DEDC8EFA-2309-4AB3-AD62-F4AE9213FD98}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E69B075C-2517-4878-9F27-CB3130FE9630}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{E6FC5A01-738C-43AD-84AC-AA40793B61AD}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{E92686C1-2B94-45F5-BF14-72CBC81B8D02}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe |
"TCP Query User{EC969529-1FDB-4411-BC54-950829EBE66C}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe |
"TCP Query User{EE5360FB-5A16-4363-962D-401FCC0B7CF8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F4DE1879-0BBD-47F4-83BC-1053DBF142A3}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe |
"TCP Query User{FA17EBC4-A2DA-418F-9F75-0C1C1AFD6DE8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{FB711252-9C33-454C-AA34-1E60703E5CC3}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe |
"UDP Query User{003BEF24-FF28-431B-BF90-3AF2C4EE2E4B}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe |
"UDP Query User{14058421-C4C2-4043-B4D5-A3051E3A381B}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe |
"UDP Query User{1C607A23-4F2D-471B-A6CD-BFA3063F205F}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe |
"UDP Query User{2A9A22E5-9A37-492E-9504-4A66E3817AFB}C:\program files (x86)\remote mouse\server\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"UDP Query User{304F0CBE-33AA-4FBD-8905-945767F6A003}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe |
"UDP Query User{46FC53D3-94F7-44BC-A6FB-CF2DF93B2687}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe |
"UDP Query User{47EBB217-68F8-4A6E-ADB4-F104569E08EF}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"UDP Query User{4C57B7D2-E759-46FC-A269-8366FA072B54}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe |
"UDP Query User{583D3BC1-DED6-4724-B647-01D4237DA918}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe |
"UDP Query User{5A5D7C04-C593-425F-A1CA-B7B7A8E77900}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe |
"UDP Query User{5AD7CE38-FDB9-491F-94A4-8115B9C1FA54}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe |
"UDP Query User{6D130F13-9607-4588-81A8-EE963CA79A52}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe |
"UDP Query User{73CA9FC0-97BF-4DE2-B87C-CF951C63A6B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{75E6717A-00FC-4E60-A894-E659AB4DD2F5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{7DEFCA12-A216-44B1-964C-688C60D81A0E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{8F01742C-B5E9-4F1F-ABEA-A9AAF657A749}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe |
"UDP Query User{90BBCE7C-65DB-4D67-8015-504CF4660BAD}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{99B5D779-0EB7-41F3-9622-F0D73971349A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9E97F6CC-26DA-4AD2-886B-E2F87F1516BD}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe |
"UDP Query User{A6F5E34F-B467-4740-985B-43525ADB877E}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe |
"UDP Query User{A973F2B1-824F-4871-BA58-A50267AEBEE6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{AF1FF237-AA74-4520-BBD7-50B5E097D43E}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe |
"UDP Query User{C63538EF-A25B-4C5B-9401-B2327455306B}C:\users\fab\desktop\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe |
"UDP Query User{C95F16B5-125A-4EE5-BBEF-3E6663590AC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{D60028DB-70B4-43B5-BFC9-929BCEF5003E}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe |
"UDP Query User{D6E22DED-1CE4-4FFB-94ED-CA4FD9810C77}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe |
"UDP Query User{E0C6DE29-8E54-4221-80F2-F1FE4BA7A969}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E90F21D2-7515-45C4-B370-131E72C6A784}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{EA06166C-0A6B-4FED-9BD1-12549902A997}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe |
"UDP Query User{F51E0B3D-303E-46C9-AC75-D002C5A06D98}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{F6E293D4-D798-404D-9331-17F2D59A5037}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe |
"UDP Query User{FCF14D18-C50A-4D07-9970-BDCF60C14EF2}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe |
"UDP Query User{FEBBA1AD-5FE6-4FA2-AE19-7D5BA80EF5AA}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.08
"DivX Setup" = DivX-Setup
"DriverCD" = DriverCD
"Eden Eternal" = Eden Eternal
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117
"G.O.M" = G.O.M
"Guild Wars" = GUILD WARS
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"Silkroad" = Silkroad
"Steam App 10" = Counter-Strike
"Steam App 113400" = APB Reloaded
"Steam App 200210" = Realm of the Mad God
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 3.0.9042
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248456 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248472 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248344 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 15.06.2012 13:31:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel:
 0x4fd8b9f9  Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel:
 0x4fd8b9f9  Ausnahmecode: 0x40000015  Fehleroffset: 0x005dff0a  ID des fehlerhaften Prozesses:
 0x11f4  Startzeit der fehlerhaften Anwendung: 0x01cd4b1b62acf8e7  Pfad der fehlerhaften
 Anwendung: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app  Pfad des fehlerhaften
 Moduls: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app  Berichtskennung: 01b8d1a8-b710-11e1-9120-00241d2232b9
 
Error - 17.06.2012 21:45:59 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4fd10cda  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00425cd2  ID des fehlerhaften Prozesses:
 0x13bc  Startzeit der fehlerhaften Anwendung: 0x01cd4cee65b87207  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
 2\tf\bin\client.dll  Berichtskennung: 5a1a16ed-b8e7-11e1-a634-00241d2232b9
 
Error - 18.06.2012 14:47:42 | Computer Name = FAB | Source = Application Hang | ID = 1002
Description = Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd8    Startzeit:
01cd4d7fb4c985b9    Endzeit: 920    Anwendungspfad: UNKNOWN    Berichts-ID: 0fa1d30a-b976-11e1-a634-00241d2232b9

 
Error - 18.06.2012 15:11:53 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fd10baa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6a2de3c9
ID
 des fehlerhaften Prozesses: 0x1710  Startzeit der fehlerhaften Anwendung: 0x01cd4d82000e2711
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
 fortress 2\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 76078f3c-b979-11e1-a634-00241d2232b9
 
Error - 18.06.2012 16:05:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4fd10cda  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00425cd2  ID des fehlerhaften Prozesses:
 0x11cc  Startzeit der fehlerhaften Anwendung: 0x01cd4d868cd2cff2  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
 2\tf\bin\client.dll  Berichtskennung: 044e84d4-b981-11e1-a634-00241d2232b9
 
Error - 18.06.2012 16:58:50 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: QuickTime.qts, Version: 7.71.80.42, Zeitstempel:
 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ae14  ID des fehlerhaften Prozesses:
 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01cd4d9523bd6df7  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
Berichtskennung:
 676c3506-b988-11e1-8e46-00241d2232b9
 
Error - 18.06.2012 18:29:23 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fd10baa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67e3e3c9
ID
 des fehlerhaften Prozesses: 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cd4da0da41c80e
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
 fortress 2\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 0d38cf2c-b995-11e1-8e46-00241d2232b9
 
[ System Events ]
Error - 19.06.2012 08:35:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = SNMP | ID = 16713180
Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration
 ist ein Fehler aufgetreten.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:22 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:39 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 09:12:02 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 09:12:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
--- --- ---



Hijackthis LOG:


HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:43:39, on 19.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Fab\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Internet Explorer.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9380 bytes
--- --- ---



Super Anti Spyware Logs:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 12:56 PM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 00:10:25

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 839
Memory threats detected : 0
Registry items scanned : 66166
Registry threats detected : 0
File items scanned : 9540
File threats detected : 13

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\X0KWUPYL.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R5B0WU9L.txt [ /ads.creative-serving.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\J0Q9W314.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IAFDSU0E.txt [ /nextag.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DGTR8UQJ.txt [ /overture.com ]
C:\USERS\FAB\Cookies\X0KWUPYL.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\J0Q9W314.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\IAFDSU0E.txt [ Cookie:fab@nextag.de/ ]
C:\USERS\FAB\Cookies\DGTR8UQJ.txt [ Cookie:fab@overture.com/ ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BPZ7AME3.txt [ /find.safeseeking.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HAA0QI0W.txt [ /click.get-answers-fast.com ]
C:\USERS\FAB\Cookies\BPZ7AME3.txt [ Cookie:fab@find.safeseeking.com/ ]
C:\USERS\FAB\Cookies\HAA0QI0W.txt [ Cookie:fab@click.get-answers-fast.com/ads-clicktrack/click/ ]




NR 2


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 03:42 AM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 01:11:16

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 887
Memory threats detected : 0
Registry items scanned : 66312
Registry threats detected : 0
File items scanned : 97496
File threats detected : 17

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BENLAHXH.txt [ /unitymedia.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OSUXMJNC.txt [ /tracking.quisma.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\KPKOF9KE.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\2X2JB7N1.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9VOJXJAA.txt [ /adfarm1.adition.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1PD7DNRT.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\XPMCY3CS.txt [ /xml.trafficno.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6FMFEULI.txt [ /overture.com ]
C:\USERS\FAB\Cookies\BENLAHXH.txt [ Cookie:fab@unitymedia.de/ ]
C:\USERS\FAB\Cookies\OSUXMJNC.txt [ Cookie:fab@tracking.quisma.com/ ]
C:\USERS\FAB\Cookies\2X2JB7N1.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\1PD7DNRT.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\6FMFEULI.txt [ Cookie:fab@overture.com/ ]

PUP.MyWebSearch
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[2].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[3].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E27O6YM\api[2].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6UK21F7\api[1].htm [ cache:mywebsearch.com ]






Nr 3




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 04:40 PM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Custom Scan
Total Scan Time : 00:13:20

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 895
Memory threats detected : 0
Registry items scanned : 66282
Registry threats detected : 0
File items scanned : 7427
File threats detected : 42

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6PC2B5SS.txt [ /traffictrack.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TYMTHD69.txt [ /ads.bleepingcomputer.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DD560O3Z.txt [ /mm.chitika.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\H5GC1A3D.txt [ /mediaplex.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4ICSKNBG.txt [ /at.atwola.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4JDY54JE.txt [ /ru4.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EBPQXRYF.txt [ /kaspersky.122.2o7.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HMT1VKCJ.txt [ /kontera.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\V75N6P28.txt [ /atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LRRS5APJ.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5ML59VHB.txt [ /lucidmedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RVZWAWZB.txt [ /c.atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IUEHJVQ4.txt [ /www.traffictrack.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\WQUJ46J7.txt [ /247realmedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3WXSENB5.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1OH8RXFV.txt [ /apmebf.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R1PHNFTF.txt [ /advertising.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\Y5PAYXJH.txt [ /tracking.3gnet.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LVRKYT79.txt [ /serving-sys.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EPB71HKS.txt [ /adbrite.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SUXFQZIS.txt [ /www.googleadservices.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\A77HX2ZV.txt [ /invitemedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5EG5BUIH.txt [ /ad.360yield.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5R6XKKH3.txt [ /media6degrees.com ]
C:\USERS\FAB\Cookies\6PC2B5SS.txt [ Cookie:fab@traffictrack.de/ ]
C:\USERS\FAB\Cookies\H5GC1A3D.txt [ Cookie:fab@mediaplex.com/ ]
C:\USERS\FAB\Cookies\4ICSKNBG.txt [ Cookie:fab@at.atwola.com/ ]
C:\USERS\FAB\Cookies\4JDY54JE.txt [ Cookie:fab@ru4.com/ ]
C:\USERS\FAB\Cookies\EBPQXRYF.txt [ Cookie:fab@kaspersky.122.2o7.net/ ]
C:\USERS\FAB\Cookies\HMT1VKCJ.txt [ Cookie:fab@kontera.com/ ]
C:\USERS\FAB\Cookies\V75N6P28.txt [ Cookie:fab@atdmt.com/ ]
C:\USERS\FAB\Cookies\5ML59VHB.txt [ Cookie:fab@lucidmedia.com/ ]
C:\USERS\FAB\Cookies\RVZWAWZB.txt [ Cookie:fab@c.atdmt.com/ ]
C:\USERS\FAB\Cookies\IUEHJVQ4.txt [ Cookie:fab@www.traffictrack.de/ ]
C:\USERS\FAB\Cookies\WQUJ46J7.txt [ Cookie:fab@247realmedia.com/ ]
C:\USERS\FAB\Cookies\3WXSENB5.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\1OH8RXFV.txt [ Cookie:fab@apmebf.com/ ]
C:\USERS\FAB\Cookies\R1PHNFTF.txt [ Cookie:fab@advertising.com/ ]
C:\USERS\FAB\Cookies\Y5PAYXJH.txt [ Cookie:fab@tracking.3gnet.de/ ]
C:\USERS\FAB\Cookies\LVRKYT79.txt [ Cookie:fab@serving-sys.com/ ]
C:\USERS\FAB\Cookies\EPB71HKS.txt [ Cookie:fab@adbrite.com/ ]
C:\USERS\FAB\Cookies\A77HX2ZV.txt [ Cookie:fab@invitemedia.com/ ]


NR 4


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 02:48 AM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 01:22:02

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 842
Memory threats detected : 0
Registry items scanned : 66217
Registry threats detected : 0
File items scanned : 95542
File threats detected : 3

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\QGWPO1R8.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3UTKQ21H.txt [ /adfarm1.adition.com ]
C:\USERS\FAB\Cookies\QGWPO1R8.txt [ Cookie:fab@adtech.de/ ]



Es tut mir wirklich leid euch mit soviel zu belästigen.

Ich glaube ich habe alles falsch gemacht was man überhaupt falschmachen kann...

Ich habe nämlich TDSS Killer benutzt und die roten sachen gelöscht war das sehr schlimm? XD ^^

Es wäre nett wenn mir jemand helfen könnte .
:headbang:

cosinus 24.06.2012 18:31
Zitat:
vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben.
geht das auch konkreter? Dateiname, Sinn, Zweck und Quelle dieser exe Datei?

Die Logs von Malwarebytes bitte in Textform posten! So ein riesiges Bild von Malwarebytes ist sinnfrei, die anderen Logs hast du doch auch normal gepostet!
Ich mach aus dem riesigen Bild mal nur einen normalen Link.

danke 25.06.2012 16:23
Ja die datei war eine exe datei die einen x box 360 controller emulieren sollte habe nur einen speedlink die datei hiess x360ce is aber irrelevant da sie nicht das gewünschte programm war sondern sich nach dem doppelklick in luft auflöste ...
ich habe die datei bei google gesucht dann in google auf einen link geklickt und schon kam der download

Ja die Malware logs zeigen alle 0 funde an ... komisch

cosinus 25.06.2012 19:32
Du solltest alle Logs von Malwarebytes in Textform posten

danke 27.06.2012 13:21
Ok Sorry hier sind alle von alt nach neu geordnet

und ich sehe grade das im task manager ganz of opera_plugin_wrapper.exe*32 geöffnet ist das war voher nicht der prozess ist mehr als 30 mal geöffnet


MBAM LOGS:

nr 1

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6822

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.06.2011 04:07:42
mbam-log-2011-06-10 (04-07-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 299117
Laufzeit: 1 Stunde(n), 13 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> 852 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray2 (Backdoor.Agent) -> Value: tray2 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\Fab\Desktop\agbot.package\agBot.exe (Trojan.Scar) -> Quarantined and deleted successfully.
c:\Users\Fab\Desktop\agbot.package\nuconnector9.26.exe (Trojan.Scar) -> Quarantined and deleted successfully.




nr 2


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8209

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 18:38:39
mbam-log-2011-12-07 (18-38-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 20851
Laufzeit: 18 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Fab\AppData\Local\Temp\0.4891385984227795.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\0.6793807639939748.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\0.840330846978053.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\dwme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


nr 3



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8209

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 21:00:30
mbam-log-2011-12-07 (21-00-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 337375
Laufzeit: 1 Stunde(n), 59 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XbbbF4m5QJ6dE8R8234A (Trojan.FakeAlert.CLGen) -> Value: XbbbF4m5QJ6dE8R8234A -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



nr 4



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8329

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 21:23:50
mbam-log-2011-12-07 (21-23-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 20637
Laufzeit: 15 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012 (Rogue.CloudAV2012) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Fab\AppData\Roaming\ahst.lni (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012\cloud av 2012.lnk (Rogue.CloudAV2012) -> Quarantined and deleted successfully.



nr 5


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

Schutz: Aktiviert

20.01.2012 17:50:53
mbam-log-2012-01-20 (17-50-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345500
Laufzeit: 1 Stunde(n), 27 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray3 (Trojan.Agent) -> Daten: C:\Windows\system32\RecvMessage.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\RecvMessage.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)



nr 6

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

Schutz: Aktiviert

27.02.2012 22:05:23
mbam-log-2012-02-27 (22-05-23).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Fab\Downloads\kool_savas__kool_savas__aura__2011_itunes__deluxe_edition___bonus.exe (PUP.BundleInstaller.MG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



nr 7


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.19.01

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

19.06.2012 02:13:19
mbam-log-2012-06-19 (02-13-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433060
Laufzeit: 1 Stunde(n), 25 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\TDSSKiller_Quarantine\19.06.2012_01.56.59\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



nr 8 is alles clean

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

22.06.2012 08:47:07
mbam-log-2012-06-22 (08-47-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426910
Laufzeit: 3 Stunde(n), 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 28.06.2012 09:21
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

danke 28.06.2012 21:56
oh da is wohl was durch java gekommen



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=54bc3c8726ca0140bfc455ac965c2838
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 05:03:37
# local_time=2012-06-28 07:03:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 38945570 92522711 0 0
# compatibility_mode=8192 67108863 100 0 753176 753176 0 0
# scanned=227176
# found=3
# cleaned=0
# scan_time=10157
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\63353b17-556bb6e2 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\510abf60-34023288 Java/TrojanDownloader.Agent.NDR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\fd299c9-7fe2b229 multiple threats (unable to clean) 00000000000000000000000000000000 I

cosinus 29.06.2012 12:07
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

danke 29.06.2012 14:01
OTL Logfile:
Code:
OTL logfile created on: 29.06.2012 14:34:53 - Run 2
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,98% Memory free
11,90 Gb Paging File | 9,95 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 21,73 Gb Free Space | 9,33% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01  [binary data]
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4
FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M]
 
[2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions
[2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions
[2012.06.26 16:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.06.26 16:23:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: 39480465.sys - Driver
SafeBootMin:64bit: 95626647.sys - Driver
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin: 39480465.sys - Driver
SafeBootMin: 95626647.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 39480465.sys - Driver
SafeBootNet:64bit: 95626647.sys - Driver
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet: 39480465.sys - Driver
SafeBootNet: 95626647.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 14:20:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.28 06:01:44 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
[2012.06.28 06:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drakensang Online
[2012.06.21 12:57:16 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe
[2012.06.21 00:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.21 00:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.06.20 04:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.06.20 04:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.06.20 03:19:37 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\f-secure
[2012.06.20 03:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.06.20 03:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2012.06.20 03:05:03 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.06.20 03:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.20 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\osam
[2012.06.20 01:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.20 01:39:33 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe
[2012.06.19 23:12:07 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.19 23:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.19 23:11:12 | 017,937,032 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe
[2012.06.19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.19 22:43:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe
[2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe
[2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41
[2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 14:41:31 | 000,027,268 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.29 14:41:31 | 000,006,355 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.29 14:41:31 | 000,005,224 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.29 14:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 14:30:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 14:20:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.28 06:01:44 | 000,001,972 | ---- | M] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk
[2012.06.22 08:31:36 | 001,648,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.22 08:31:36 | 000,709,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.22 08:31:36 | 000,663,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.22 08:31:36 | 000,153,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.22 08:31:36 | 000,126,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.22 08:30:28 | 000,094,909 | ---- | M] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf
[2012.06.22 08:28:42 | 000,000,005 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan
[2012.06.21 15:57:30 | 000,834,855 | ---- | M] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png
[2012.06.21 12:57:42 | 002,109,806 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.21 00:45:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.21 00:45:43 | 001,669,766 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.21 00:30:46 | 000,294,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe
[2012.06.20 10:44:20 | 005,745,269 | ---- | M] () -- C:\Users\Fab\AppData\Local\census.cache
[2012.06.20 10:38:42 | 000,102,417 | ---- | M] () -- C:\Users\Fab\AppData\Local\ars.cache
[2012.06.20 05:09:53 | 001,294,411 | ---- | M] () -- C:\Windows\umcat_01.db
[2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.20 03:10:18 | 000,000,036 | ---- | M] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache
[2012.06.20 02:29:01 | 004,272,474 | ---- | M] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.20 01:56:29 | 000,112,660 | ---- | M] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg
[2012.06.20 01:41:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.20 01:39:34 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe
[2012.06.19 23:11:40 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.19 23:11:22 | 017,937,032 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe
[2012.06.19 22:43:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe
[2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.29 14:31:24 | 000,027,266 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.29 14:31:24 | 000,006,355 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.29 14:31:24 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.26 16:10:41 | 000,001,972 | ---- | C] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk
[2012.06.22 08:30:28 | 000,094,909 | ---- | C] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf
[2012.06.22 08:28:42 | 000,000,005 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan
[2012.06.21 15:57:45 | 000,834,855 | ---- | C] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png
[2012.06.21 00:45:47 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.20 10:44:20 | 005,745,269 | ---- | C] () -- C:\Users\Fab\AppData\Local\census.cache
[2012.06.20 10:38:42 | 000,102,417 | ---- | C] () -- C:\Users\Fab\AppData\Local\ars.cache
[2012.06.20 05:09:13 | 001,294,411 | ---- | C] () -- C:\Windows\umcat_01.db
[2012.06.20 04:13:02 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.20 04:12:57 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.20 03:10:18 | 000,000,036 | ---- | C] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache
[2012.06.20 02:29:01 | 004,272,474 | ---- | C] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.20 01:56:20 | 000,112,660 | ---- | C] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg
[2012.06.20 01:41:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.19 23:11:40 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 06:19:42 | 002,109,806 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat
[2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg
[2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini
[2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini
[2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.07 09:20:12 | 000,078,083 | ---- | C] () -- C:\Users\Fab\gw profi makro g 13.xml
[2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.27 22:17:18 | 000,015,119 | ---- | C] () -- C:\Users\Fab\steiger hdm.jpg
[2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif
[2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start
[2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd
[2011.03.29 22:37:47 | 001,669,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe
[2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe
[2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe
[2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat
[2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat
[2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe
[2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job
[2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.29 03:56:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Adobe
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.04.29 13:22:26 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Apple Computer
[2011.03.29 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ATI
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.04.14 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DivX
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure
[2011.10.19 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\FastStone
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.03.29 21:31:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Identities
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2011.03.29 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Macromedia
[2011.06.09 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Media Center Programs
[2012.04.27 12:41:46 | 000,000,000 | --SD | M] -- C:\Users\Fab\AppData\Roaming\Microsoft
[2012.04.12 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Mozilla
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2012.06.19 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com
[2011.06.24 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\teamspeak2
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Ventrilo
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2011.12.29 02:39:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.02.29 03:55:51 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.29 03:55:46 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.09.02 20:25:21 | 000,008,854 | R--- | M] () -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys
[2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\BootDrv\SB750V\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\BootDrv\SB750V\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\fdBthk.dll
[2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
<          >

< End of report >
--- --- ---
[/code]

cosinus 29.06.2012 14:37
Zitat:
-- C:\TDSSKiller_Quarantine
Die Logs vom TDSS-Killer müssen auch gepostet werden
Bitte nicht wild und v.a. nicht ohne Absprache alles einfach an Tools ausprobieren, du machst es dadurch nur noch schlimmer!

danke 29.06.2012 15:32
wie finde ich die logs ? und ich werde seit neustem von google bei suche wieder zu google weitergeleitet

cosinus 29.06.2012 23:36
Siehste, sowas ist kontraproduktiv. Du spielst mit Tools ohne Anleitung rum ohne zu wissen was du da machst oder die Logs gespeichert sind. Deswegen seh ich das überhaupt nicht gerne wenn solche Spezialtools schon ausgeführt wurden, weil ich eine dafür eine ganz bestimmte defenierte Instruktion zu habe! Das wurde natürlich nicht von mir vorher erwähnt, nur poste ich das als Warnung und Hinweise jetzt für dich und evtl. Mitleser.

Ok wollen wir mal weiter machen, die Logs vom TDSS-Killer sind direkt auf C:
Bitte alles posten

danke 30.06.2012 04:54
Hallo, Ich Entschuldige mich wegen dem rumgedocktore aber nachdem ich hier angemeldet war habe ich nichtmehr rumgedocktort.

Ich habe die logs als anhang beigefügt da es sonst viel zu viele zeichen sind Sorry.

cosinus 01.07.2012 15:19
Sehr unübersichtlich, zudem hast du da leider ziemlich ohne echten Sinn und Verstand da drauflosgefixt :(

Bitte ein neues Log (im normalen Windows-Modus) mit dem TDSS-Killer machen und posten, lade das Tool bitte neu runter damit du wirklich eine aktuelle Version verwendest
Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

danke 01.07.2012 18:38
Code:
19:35:33.0408 2972        TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
19:35:33.0447 2972        ============================================================
19:35:33.0447 2972        Current date / time: 2012/07/01 19:35:33.0447
19:35:33.0447 2972        SystemInfo:
19:35:33.0447 2972       
19:35:33.0447 2972        OS Version: 6.1.7601 ServicePack: 1.0
19:35:33.0447 2972        Product type: Workstation
19:35:33.0447 2972        ComputerName: FAB
19:35:33.0447 2972        UserName: Fab
19:35:33.0447 2972        Windows directory: C:\Windows
19:35:33.0447 2972        System windows directory: C:\Windows
19:35:33.0447 2972        Running under WOW64
19:35:33.0447 2972        Processor architecture: Intel x64
19:35:33.0447 2972        Number of processors: 2
19:35:33.0447 2972        Page size: 0x1000
19:35:33.0447 2972        Boot type: Normal boot
19:35:33.0447 2972        ============================================================
19:35:34.0345 2972        Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:35:34.0353 2972        Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:34.0361 2972        Drive \Device\Harddisk2\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:34.0370 2972        ============================================================
19:35:34.0370 2972        \Device\Harddisk0\DR0:
19:35:34.0378 2972        MBR partitions:
19:35:34.0378 2972        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:35:34.0378 2972        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
19:35:34.0378 2972        \Device\Harddisk1\DR1:
19:35:34.0379 2972        MBR partitions:
19:35:34.0379 2972        \Device\Harddisk2\DR2:
19:35:34.0380 2972        MBR partitions:
19:35:34.0380 2972        ============================================================
19:35:34.0412 2972        C: <-> \Device\Harddisk0\DR0\Partition1
19:35:34.0420 2972        B: <-> \Device\Harddisk0\DR0\Partition0
19:35:34.0420 2972        ============================================================
19:35:34.0420 2972        Initialize success
19:35:34.0420 2972        ============================================================
19:35:49.0271 1588        ============================================================
19:35:49.0271 1588        Scan started
19:35:49.0271 1588        Mode: Manual; SigCheck; TDLFS;
19:35:49.0271 1588        ============================================================
19:35:49.0579 1588        !SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:35:49.0707 1588        !SASCORE - ok
19:35:50.0129 1588        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:35:50.0177 1588        1394ohci - ok
19:35:50.0229 1588        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:35:50.0250 1588        ACPI - ok
19:35:50.0270 1588        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:35:50.0326 1588        AcpiPmi - ok
19:35:50.0445 1588        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:50.0461 1588        AdobeARMservice - ok
19:35:50.0512 1588        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:50.0540 1588        adp94xx - ok
19:35:50.0580 1588        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:35:50.0602 1588        adpahci - ok
19:35:50.0619 1588        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:35:50.0634 1588        adpu320 - ok
19:35:50.0675 1588        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:35:50.0772 1588        AeLookupSvc - ok
19:35:50.0840 1588        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:35:50.0906 1588        AFD - ok
19:35:50.0966 1588        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:35:50.0978 1588        agp440 - ok
19:35:51.0001 1588        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:35:51.0060 1588        ALG - ok
19:35:51.0084 1588        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:35:51.0095 1588        aliide - ok
19:35:51.0149 1588        AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
19:35:51.0288 1588        AMD External Events Utility - ok
19:35:51.0383 1588        AMD FUEL Service - ok
19:35:51.0432 1588        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:35:51.0443 1588        amdide - ok
19:35:51.0472 1588        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:35:51.0924 1588        amdiox64 - ok
19:35:52.0192 1588        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:35:52.0210 1588        AmdK8 - ok
19:35:52.0584 1588        amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:52.0877 1588        amdkmdag - ok
19:35:53.0007 1588        amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:35:53.0039 1588        amdkmdap - ok
19:35:53.0055 1588        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:35:53.0070 1588        AmdPPM - ok
19:35:53.0129 1588        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:35:53.0156 1588        amdsata - ok
19:35:53.0185 1588        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:53.0210 1588        amdsbs - ok
19:35:53.0251 1588        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:35:53.0261 1588        amdxata - ok
19:35:53.0373 1588        AODDriver4.0    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:35:53.0388 1588        AODDriver4.0 - ok
19:35:53.0447 1588        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:35:53.0713 1588        AppID - ok
19:35:53.0731 1588        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:35:53.0767 1588        AppIDSvc - ok
19:35:53.0827 1588        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:35:53.0861 1588        Appinfo - ok
19:35:53.0976 1588        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:53.0993 1588        Apple Mobile Device - ok
19:35:54.0030 1588        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:35:54.0090 1588        AppMgmt - ok
19:35:54.0125 1588        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:35:54.0142 1588        arc - ok
19:35:54.0159 1588        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:35:54.0176 1588        arcsas - ok
19:35:54.0313 1588        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:35:54.0351 1588        aspnet_state - ok
19:35:54.0376 1588        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:54.0410 1588        AsyncMac - ok
19:35:54.0454 1588        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:35:54.0464 1588        atapi - ok
19:35:55.0075 1588        atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:55.0200 1588        atikmdag - ok
19:35:55.0336 1588        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:35:55.0385 1588        AudioEndpointBuilder - ok
19:35:55.0391 1588        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:35:55.0426 1588        AudioSrv - ok
19:35:55.0483 1588        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:35:55.0570 1588        AxInstSV - ok
19:35:55.0644 1588        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:55.0690 1588        b06bdrv - ok
19:35:55.0726 1588        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:55.0750 1588        b57nd60a - ok
19:35:55.0807 1588        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:35:55.0837 1588        BDESVC - ok
19:35:55.0880 1588        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:35:55.0926 1588        Beep - ok
19:35:56.0010 1588        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:35:56.0054 1588        BFE - ok
19:35:56.0123 1588        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:35:56.0218 1588        BITS - ok
19:35:56.0267 1588        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:56.0305 1588        blbdrive - ok
19:35:56.0415 1588        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:35:56.0438 1588        Bonjour Service - ok
19:35:56.0495 1588        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:35:56.0531 1588        bowser - ok
19:35:56.0551 1588        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:56.0568 1588        BrFiltLo - ok
19:35:56.0592 1588        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:56.0605 1588        BrFiltUp - ok
19:35:56.0655 1588        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:35:56.0723 1588        Browser - ok
19:35:56.0771 1588        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:35:56.0806 1588        Brserid - ok
19:35:56.0818 1588        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:56.0863 1588        BrSerWdm - ok
19:35:56.0886 1588        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:56.0901 1588        BrUsbMdm - ok
19:35:56.0914 1588        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:56.0946 1588        BrUsbSer - ok
19:35:57.0009 1588        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:35:57.0071 1588        BthEnum - ok
19:35:57.0088 1588        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:57.0118 1588        BTHMODEM - ok
19:35:57.0157 1588        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:35:57.0194 1588        BthPan - ok
19:35:57.0236 1588        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:35:57.0282 1588        BTHPORT - ok
19:35:57.0316 1588        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:35:57.0368 1588        bthserv - ok
19:35:57.0388 1588        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:35:57.0419 1588        BTHUSB - ok
19:35:57.0456 1588        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:57.0496 1588        cdfs - ok
19:35:57.0550 1588        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:57.0577 1588        cdrom - ok
19:35:57.0630 1588        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:35:57.0687 1588        CertPropSvc - ok
19:35:57.0726 1588        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:35:57.0750 1588        circlass - ok
19:35:57.0776 1588        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:35:57.0798 1588        CLFS - ok
19:35:57.0859 1588        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:57.0869 1588        clr_optimization_v2.0.50727_32 - ok
19:35:57.0912 1588        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:57.0932 1588        clr_optimization_v2.0.50727_64 - ok
19:35:58.0026 1588        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:58.0080 1588        clr_optimization_v4.0.30319_32 - ok
19:35:58.0148 1588        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:58.0178 1588        clr_optimization_v4.0.30319_64 - ok
19:35:58.0202 1588        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:58.0219 1588        CmBatt - ok
19:35:58.0256 1588        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:35:58.0268 1588        cmdide - ok
19:35:58.0322 1588        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:35:58.0356 1588        CNG - ok
19:35:58.0384 1588        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:35:58.0396 1588        Compbatt - ok
19:35:58.0441 1588        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:35:58.0460 1588        CompositeBus - ok
19:35:58.0474 1588        COMSysApp - ok
19:35:58.0497 1588        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:58.0508 1588        crcdisk - ok
19:35:58.0568 1588        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:35:58.0609 1588        CryptSvc - ok
19:35:58.0665 1588        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:35:58.0741 1588        CSC - ok
19:35:58.0775 1588        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:35:58.0806 1588        CscService - ok
19:35:58.0865 1588        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:35:58.0913 1588        DcomLaunch - ok
19:35:58.0939 1588        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:35:58.0981 1588        defragsvc - ok
19:35:59.0041 1588        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:35:59.0078 1588        DfsC - ok
19:35:59.0137 1588        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:35:59.0179 1588        Dhcp - ok
19:35:59.0200 1588        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:35:59.0239 1588        discache - ok
19:35:59.0272 1588        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:35:59.0283 1588        Disk - ok
19:35:59.0323 1588        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:35:59.0355 1588        Dnscache - ok
19:35:59.0404 1588        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:35:59.0448 1588        dot3svc - ok
19:35:59.0495 1588        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:35:59.0549 1588        DPS - ok
19:35:59.0583 1588        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:35:59.0618 1588        drmkaud - ok
19:35:59.0670 1588        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:35:59.0690 1588        dtsoftbus01 - ok
19:35:59.0760 1588        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:59.0796 1588        DXGKrnl - ok
19:35:59.0894 1588        E1G60          (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:35:59.0919 1588        E1G60 - ok
19:36:00.0056 1588        EagleX64 - ok
19:36:00.0078 1588        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:36:00.0117 1588        EapHost - ok
19:36:00.0271 1588        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:36:00.0371 1588        ebdrv - ok
19:36:00.0514 1588        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:36:00.0576 1588        EFS - ok
19:36:00.0666 1588        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:36:00.0730 1588        ehRecvr - ok
19:36:00.0762 1588        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:36:00.0781 1588        ehSched - ok
19:36:00.0869 1588        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:36:00.0895 1588        elxstor - ok
19:36:00.0934 1588        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:36:00.0947 1588        ErrDev - ok
19:36:01.0036 1588        etdrv          (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:36:01.0056 1588        etdrv - ok
19:36:01.0091 1588        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:36:01.0151 1588        EventSystem - ok
19:36:01.0195 1588        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:36:01.0232 1588        exfat - ok
19:36:01.0251 1588        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:36:01.0293 1588        fastfat - ok
19:36:01.0370 1588        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:36:01.0433 1588        Fax - ok
19:36:01.0444 1588        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:36:01.0459 1588        fdc - ok
19:36:01.0490 1588        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:36:01.0526 1588        fdPHost - ok
19:36:01.0538 1588        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:36:01.0572 1588        FDResPub - ok
19:36:01.0598 1588        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:36:01.0611 1588        FileInfo - ok
19:36:01.0625 1588        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:36:01.0657 1588        Filetrace - ok
19:36:01.0666 1588        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:01.0677 1588        flpydisk - ok
19:36:01.0731 1588        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:36:01.0755 1588        FltMgr - ok
19:36:01.0809 1588        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:36:01.0852 1588        FontCache - ok
19:36:01.0943 1588        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:01.0957 1588        FontCache3.0.0.0 - ok
19:36:02.0001 1588        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:36:02.0012 1588        FsDepends - ok
19:36:02.0037 1588        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:02.0047 1588        Fs_Rec - ok
19:36:02.0098 1588        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:02.0123 1588        fvevol - ok
19:36:02.0148 1588        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:02.0158 1588        gagp30kx - ok
19:36:02.0210 1588        gdrv            (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
19:36:02.0229 1588        gdrv - ok
19:36:02.0268 1588        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:36:02.0278 1588        GEARAspiWDM - ok
19:36:02.0342 1588        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:36:02.0395 1588        gpsvc - ok
19:36:02.0448 1588        GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:36:02.0469 1588        GVTDrv64 - ok
19:36:02.0490 1588        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:36:02.0520 1588        hcw85cir - ok
19:36:02.0579 1588        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:36:02.0603 1588        HdAudAddService - ok
19:36:02.0642 1588        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:36:02.0662 1588        HDAudBus - ok
19:36:02.0681 1588        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:02.0695 1588        HidBatt - ok
19:36:02.0747 1588        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:36:02.0769 1588        HidBth - ok
19:36:02.0785 1588        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:36:02.0800 1588        HidIr - ok
19:36:02.0823 1588        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:36:02.0857 1588        hidserv - ok
19:36:02.0909 1588        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:36:02.0921 1588        HidUsb - ok
19:36:02.0964 1588        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:36:03.0000 1588        hkmsvc - ok
19:36:03.0045 1588        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:36:03.0082 1588        HomeGroupListener - ok
19:36:03.0131 1588        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:36:03.0154 1588        HomeGroupProvider - ok
19:36:03.0203 1588        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:36:03.0213 1588        HpSAMD - ok
19:36:03.0294 1588        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:36:03.0344 1588        HTTP - ok
19:36:03.0381 1588        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:36:03.0392 1588        hwpolicy - ok
19:36:03.0436 1588        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:36:03.0452 1588        i8042prt - ok
19:36:03.0512 1588        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:36:03.0535 1588        iaStorV - ok
19:36:03.0622 1588        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:03.0631 1588        IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:36:03.0631 1588        IDriverT - detected UnsignedFile.Multi.Generic (1)
19:36:03.0741 1588        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:36:03.0780 1588        idsvc - ok
19:36:03.0862 1588        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:36:03.0872 1588        iirsp - ok
19:36:03.0936 1588        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:36:03.0990 1588        IKEEXT - ok
19:36:04.0066 1588        IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
19:36:04.0120 1588        IntcAzAudAddService - ok
19:36:04.0235 1588        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:36:04.0245 1588        intelide - ok
19:36:04.0273 1588        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:04.0301 1588        intelppm - ok
19:36:04.0331 1588        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:36:04.0384 1588        IPBusEnum - ok
19:36:04.0418 1588        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:04.0472 1588        IpFilterDriver - ok
19:36:04.0517 1588        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:36:04.0563 1588        iphlpsvc - ok
19:36:04.0603 1588        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:36:04.0635 1588        IPMIDRV - ok
19:36:04.0672 1588        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:36:04.0707 1588        IPNAT - ok
19:36:04.0783 1588        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:36:04.0815 1588        iPod Service - ok
19:36:04.0847 1588        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:36:04.0883 1588        IRENUM - ok
19:36:04.0915 1588        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:36:04.0925 1588        isapnp - ok
19:36:04.0972 1588        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:36:05.0001 1588        iScsiPrt - ok
19:36:05.0165 1588        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:05.0178 1588        kbdclass - ok
19:36:05.0189 1588        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:05.0225 1588        kbdhid - ok
19:36:05.0263 1588        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:05.0273 1588        KeyIso - ok
19:36:05.0290 1588        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:36:05.0308 1588        KSecDD - ok
19:36:05.0323 1588        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:05.0338 1588        KSecPkg - ok
19:36:05.0368 1588        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:36:05.0404 1588        ksthunk - ok
19:36:05.0439 1588        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:36:05.0500 1588        KtmRm - ok
19:36:05.0566 1588        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:36:05.0607 1588        LanmanServer - ok
19:36:05.0651 1588        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:36:05.0689 1588        LanmanWorkstation - ok
19:36:05.0752 1588        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:36:05.0762 1588        LGBusEnum - ok
19:36:05.0785 1588        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:36:05.0796 1588        LGVirHid - ok
19:36:05.0826 1588        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:05.0859 1588        lltdio - ok
19:36:05.0895 1588        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:36:05.0940 1588        lltdsvc - ok
19:36:05.0958 1588        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:36:05.0989 1588        lmhosts - ok
19:36:06.0021 1588        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:06.0036 1588        LSI_FC - ok
19:36:06.0054 1588        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:06.0069 1588        LSI_SAS - ok
19:36:06.0083 1588        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:06.0095 1588        LSI_SAS2 - ok
19:36:06.0111 1588        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:06.0127 1588        LSI_SCSI - ok
19:36:06.0150 1588        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:36:06.0188 1588        luafv - ok
19:36:06.0294 1588        McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
19:36:06.0317 1588        McComponentHostService - ok
19:36:06.0359 1588        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:36:06.0395 1588        Mcx2Svc - ok
19:36:06.0428 1588        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:36:06.0438 1588        megasas - ok
19:36:06.0467 1588        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:06.0488 1588        MegaSR - ok
19:36:06.0539 1588        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:06.0588 1588        MMCSS - ok
19:36:06.0610 1588        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:36:06.0660 1588        Modem - ok
19:36:06.0687 1588        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:36:06.0701 1588        monitor - ok
19:36:06.0757 1588        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:36:06.0768 1588        mouclass - ok
19:36:06.0786 1588        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:06.0800 1588        mouhid - ok
19:36:06.0842 1588        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:36:06.0858 1588        mountmgr - ok
19:36:06.0912 1588        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:36:06.0929 1588        MpFilter - ok
19:36:06.0973 1588        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:36:06.0987 1588        mpio - ok
19:36:07.0017 1588        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:36:07.0046 1588        mpsdrv - ok
19:36:07.0111 1588        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:36:07.0162 1588        MpsSvc - ok
19:36:07.0200 1588        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:36:07.0242 1588        MRxDAV - ok
19:36:07.0280 1588        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:07.0307 1588        mrxsmb - ok
19:36:07.0363 1588        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:07.0384 1588        mrxsmb10 - ok
19:36:07.0398 1588        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:07.0416 1588        mrxsmb20 - ok
19:36:07.0458 1588        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:36:07.0469 1588        msahci - ok
19:36:07.0510 1588        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:36:07.0527 1588        msdsm - ok
19:36:07.0549 1588        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:36:07.0590 1588        MSDTC - ok
19:36:07.0630 1588        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:36:07.0659 1588        Msfs - ok
19:36:07.0669 1588        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:07.0701 1588        mshidkmdf - ok
19:36:07.0734 1588        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:36:07.0744 1588        msisadrv - ok
19:36:07.0778 1588        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:36:07.0815 1588        MSiSCSI - ok
19:36:07.0819 1588        msiserver - ok
19:36:07.0855 1588        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:07.0887 1588        MSKSSRV - ok
19:36:07.0986 1588        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:36:07.0998 1588        MsMpSvc - ok
19:36:08.0026 1588        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:08.0078 1588        MSPCLOCK - ok
19:36:08.0104 1588        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:36:08.0135 1588        MSPQM - ok
19:36:08.0186 1588        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:36:08.0212 1588        MsRPC - ok
19:36:08.0254 1588        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:36:08.0263 1588        mssmbios - ok
19:36:08.0286 1588        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:36:08.0335 1588        MSTEE - ok
19:36:08.0361 1588        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:08.0375 1588        MTConfig - ok
19:36:08.0399 1588        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:36:08.0409 1588        Mup - ok
19:36:08.0476 1588        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:36:08.0522 1588        napagent - ok
19:36:08.0570 1588        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:08.0596 1588        NativeWifiP - ok
19:36:08.0660 1588        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:36:08.0699 1588        NDIS - ok
19:36:08.0728 1588        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:08.0760 1588        NdisCap - ok
19:36:08.0819 1588        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:08.0850 1588        NdisTapi - ok
19:36:08.0912 1588        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:08.0945 1588        Ndisuio - ok
19:36:08.0996 1588        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:09.0040 1588        NdisWan - ok
19:36:09.0082 1588        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:36:09.0113 1588        NDProxy - ok
19:36:09.0135 1588        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:36:09.0166 1588        NetBIOS - ok
19:36:09.0212 1588        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:36:09.0255 1588        NetBT - ok
19:36:09.0295 1588        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:09.0305 1588        Netlogon - ok
19:36:09.0346 1588        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:36:09.0389 1588        Netman - ok
19:36:09.0517 1588        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0531 1588        NetMsmqActivator - ok
19:36:09.0536 1588        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0545 1588        NetPipeActivator - ok
19:36:09.0582 1588        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:36:09.0630 1588        netprofm - ok
19:36:09.0635 1588        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0643 1588        NetTcpActivator - ok
19:36:09.0647 1588        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0656 1588        NetTcpPortSharing - ok
19:36:09.0701 1588        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:09.0711 1588        nfrd960 - ok
19:36:09.0744 1588        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:36:09.0759 1588        NisDrv - ok
19:36:09.0864 1588        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:36:09.0888 1588        NisSrv - ok
19:36:09.0987 1588        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:36:10.0034 1588        NlaSvc - ok
19:36:10.0064 1588        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:36:10.0093 1588        Npfs - ok
19:36:10.0112 1588        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:36:10.0145 1588        nsi - ok
19:36:10.0155 1588        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:36:10.0187 1588        nsiproxy - ok
19:36:10.0276 1588        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:36:10.0339 1588        Ntfs - ok
19:36:10.0446 1588        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:36:10.0478 1588        Null - ok
19:36:10.0549 1588        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:36:10.0564 1588        nvraid - ok
19:36:10.0593 1588        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:36:10.0607 1588        nvstor - ok
19:36:10.0669 1588        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:36:10.0684 1588        nv_agp - ok
19:36:10.0696 1588        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:36:10.0741 1588        ohci1394 - ok
19:36:10.0795 1588        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:10.0828 1588        p2pimsvc - ok
19:36:10.0852 1588        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:36:10.0881 1588        p2psvc - ok
19:36:10.0902 1588        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:36:10.0918 1588        Parport - ok
19:36:10.0956 1588        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:36:10.0967 1588        partmgr - ok
19:36:10.0997 1588        pavboot        (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
19:36:11.0010 1588        pavboot - ok
19:36:11.0036 1588        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:36:11.0085 1588        PcaSvc - ok
19:36:11.0123 1588        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:36:11.0137 1588        pci - ok
19:36:11.0150 1588        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:36:11.0160 1588        pciide - ok
19:36:11.0185 1588        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:11.0208 1588        pcmcia - ok
19:36:11.0224 1588        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:36:11.0236 1588        pcw - ok
19:36:11.0266 1588        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:36:11.0316 1588        PEAUTH - ok
19:36:11.0382 1588        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:36:11.0463 1588        PeerDistSvc - ok
19:36:11.0530 1588        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:36:11.0545 1588        PerfHost - ok
19:36:11.0669 1588        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:36:11.0733 1588        pla - ok
19:36:11.0800 1588        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:36:11.0830 1588        PlugPlay - ok
19:36:11.0872 1588        PnkBstrA - ok
19:36:11.0894 1588        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:36:11.0905 1588        PNRPAutoReg - ok
19:36:11.0925 1588        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:11.0938 1588        PNRPsvc - ok
19:36:11.0988 1588        Point64        (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
19:36:11.0997 1588        Point64 - ok
19:36:12.0048 1588        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:36:12.0097 1588        PolicyAgent - ok
19:36:12.0128 1588        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:36:12.0174 1588        Power - ok
19:36:12.0228 1588        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:12.0287 1588        PptpMiniport - ok
19:36:12.0315 1588        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:36:12.0350 1588        Processor - ok
19:36:12.0409 1588        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:36:12.0484 1588        ProfSvc - ok
19:36:12.0527 1588        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:12.0537 1588        ProtectedStorage - ok
19:36:12.0590 1588        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:36:12.0627 1588        Psched - ok
19:36:12.0704 1588        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:36:12.0757 1588        ql2300 - ok
19:36:12.0847 1588        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:12.0863 1588        ql40xx - ok
19:36:12.0893 1588        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:36:12.0940 1588        QWAVE - ok
19:36:12.0963 1588        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:36:13.0026 1588        QWAVEdrv - ok
19:36:13.0048 1588        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:13.0077 1588        RasAcd - ok
19:36:13.0107 1588        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:13.0137 1588        RasAgileVpn - ok
19:36:13.0157 1588        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:36:13.0212 1588        RasAuto - ok
19:36:13.0255 1588        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:13.0309 1588        Rasl2tp - ok
19:36:13.0340 1588        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:36:13.0384 1588        RasMan - ok
19:36:13.0414 1588        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:13.0452 1588        RasPppoe - ok
19:36:13.0468 1588        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:13.0504 1588        RasSstp - ok
19:36:13.0555 1588        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:13.0599 1588        rdbss - ok
19:36:13.0612 1588        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:13.0629 1588        rdpbus - ok
19:36:13.0639 1588        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:13.0692 1588        RDPCDD - ok
19:36:13.0732 1588        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:36:13.0766 1588        RDPDR - ok
19:36:13.0797 1588        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:36:13.0831 1588        RDPENCDD - ok
19:36:13.0839 1588        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:36:13.0869 1588        RDPREFMP - ok
19:36:13.0921 1588        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:36:13.0947 1588        RdpVideoMiniport - ok
19:36:13.0971 1588        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:36:13.0996 1588        RDPWD - ok
19:36:14.0051 1588        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:36:14.0066 1588        rdyboost - ok
19:36:14.0097 1588        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:36:14.0135 1588        RemoteAccess - ok
19:36:14.0159 1588        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:36:14.0194 1588        RemoteRegistry - ok
19:36:14.0226 1588        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:36:14.0255 1588        RFCOMM - ok
19:36:14.0281 1588        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:36:14.0319 1588        RpcEptMapper - ok
19:36:14.0341 1588        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:36:14.0356 1588        RpcLocator - ok
19:36:14.0408 1588        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:36:14.0444 1588        RpcSs - ok
19:36:14.0467 1588        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:14.0498 1588        rspndr - ok
19:36:14.0537 1588        RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
19:36:14.0558 1588        RTHDMIAzAudService - ok
19:36:14.0602 1588        RTL8167        (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:36:14.0658 1588        RTL8167 - ok
19:36:14.0700 1588        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:36:14.0727 1588        s3cap - ok
19:36:14.0767 1588        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:14.0778 1588        SamSs - ok
19:36:14.0983 1588        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:36:15.0034 1588        SASDIFSV - ok
19:36:15.0091 1588        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:36:15.0099 1588        SASKUTIL - ok
19:36:15.0150 1588        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:36:15.0165 1588        sbp2port - ok
19:36:15.0195 1588        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:36:15.0241 1588        SCardSvr - ok
19:36:15.0276 1588        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:15.0309 1588        scfilter - ok
19:36:15.0382 1588        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:36:15.0442 1588        Schedule - ok
19:36:15.0490 1588        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:36:15.0518 1588        SCPolicySvc - ok
19:36:15.0561 1588        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:36:15.0584 1588        SDRSVC - ok
19:36:15.0638 1588        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:36:15.0669 1588        secdrv - ok
19:36:15.0708 1588        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:36:15.0740 1588        seclogon - ok
19:36:15.0762 1588        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:36:15.0800 1588        SENS - ok
19:36:15.0809 1588        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:36:15.0830 1588        SensrSvc - ok
19:36:15.0850 1588        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:36:15.0862 1588        Serenum - ok
19:36:15.0886 1588        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:36:15.0905 1588        Serial - ok
19:36:15.0967 1588        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:36:15.0980 1588        sermouse - ok
19:36:16.0030 1588        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:36:16.0065 1588        SessionEnv - ok
19:36:16.0107 1588        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:36:16.0123 1588        sffdisk - ok
19:36:16.0134 1588        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:36:16.0165 1588        sffp_mmc - ok
19:36:16.0190 1588        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:36:16.0225 1588        sffp_sd - ok
19:36:16.0255 1588        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:16.0266 1588        sfloppy - ok
19:36:16.0298 1588        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:36:16.0342 1588        SharedAccess - ok
19:36:16.0392 1588        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:36:16.0457 1588        ShellHWDetection - ok
19:36:16.0491 1588        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:16.0502 1588        SiSRaid2 - ok
19:36:16.0514 1588        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:16.0525 1588        SiSRaid4 - ok
19:36:16.0633 1588        sj              (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
19:36:16.0642 1588        sj - ok
19:36:16.0669 1588        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:36:16.0709 1588        Smb - ok
19:36:16.0760 1588        SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
19:36:16.0787 1588        SNMP - ok
19:36:16.0811 1588        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:36:16.0827 1588        SNMPTRAP - ok
19:36:16.0835 1588        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:36:16.0845 1588        spldr - ok
19:36:16.0905 1588        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:36:16.0949 1588        Spooler - ok
19:36:17.0088 1588        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:36:17.0212 1588        sppsvc - ok
19:36:17.0294 1588        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:36:17.0331 1588        sppuinotify - ok
19:36:17.0404 1588        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:36:17.0459 1588        srv - ok
19:36:17.0521 1588        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:36:17.0572 1588        srv2 - ok
19:36:17.0609 1588        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:17.0641 1588        srvnet - ok
19:36:17.0686 1588        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:36:17.0732 1588        SSDPSRV - ok
19:36:17.0741 1588        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:36:17.0773 1588        SstpSvc - ok
19:36:17.0854 1588        Steam Client Service - ok
19:36:17.0885 1588        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:36:17.0895 1588        stexstor - ok
19:36:17.0957 1588        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:36:17.0991 1588        stisvc - ok
19:36:18.0028 1588        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:36:18.0039 1588        storflt - ok
19:36:18.0059 1588        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:36:18.0070 1588        storvsc - ok
19:36:18.0110 1588        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:36:18.0122 1588        swenum - ok
19:36:18.0159 1588        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:36:18.0210 1588        swprv - ok
19:36:18.0220 1588        Synth3dVsc - ok
19:36:18.0314 1588        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:36:18.0377 1588        SysMain - ok
19:36:18.0478 1588        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:36:18.0501 1588        TabletInputService - ok
19:36:18.0520 1588        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:36:18.0562 1588        TapiSrv - ok
19:36:18.0587 1588        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:36:18.0623 1588        TBS - ok
19:36:18.0734 1588        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:36:18.0805 1588        Tcpip - ok
19:36:18.0985 1588        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:19.0016 1588        TCPIP6 - ok
19:36:19.0092 1588        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:36:19.0123 1588        tcpipreg - ok
19:36:19.0150 1588        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:36:19.0165 1588        TDPIPE - ok
19:36:19.0208 1588        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:36:19.0220 1588        TDTCP - ok
19:36:19.0278 1588        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:36:19.0312 1588        tdx - ok
19:36:19.0473 1588        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:36:19.0554 1588        TeamViewer7 - ok
19:36:19.0675 1588        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:36:19.0684 1588        teamviewervpn - ok
19:36:19.0729 1588        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:36:19.0741 1588        TermDD - ok
19:36:19.0797 1588        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:36:19.0860 1588        TermService - ok
19:36:19.0892 1588        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:36:19.0913 1588        Themes - ok
19:36:20.0051 1588        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:20.0084 1588        THREADORDER - ok
19:36:20.0112 1588        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:36:20.0150 1588        TrkWks - ok
19:36:20.0226 1588        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:36:20.0290 1588        TrustedInstaller - ok
19:36:20.0326 1588        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:20.0357 1588        tssecsrv - ok
19:36:20.0414 1588        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:36:20.0478 1588        TsUsbFlt - ok
19:36:20.0481 1588        tsusbhub - ok
19:36:20.0536 1588        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:20.0594 1588        tunnel - ok
19:36:20.0625 1588        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:36:20.0635 1588        uagp35 - ok
19:36:20.0689 1588        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:36:20.0764 1588        udfs - ok
19:36:20.0810 1588        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:36:20.0828 1588        UI0Detect - ok
19:36:20.0885 1588        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:36:20.0896 1588        uliagpkx - ok
19:36:20.0929 1588        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:36:20.0943 1588        umbus - ok
19:36:20.0975 1588        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:36:20.0987 1588        UmPass - ok
19:36:21.0032 1588        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:36:21.0080 1588        UmRdpService - ok
19:36:21.0123 1588        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:36:21.0201 1588        upnphost - ok
19:36:21.0269 1588        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:36:21.0282 1588        USBAAPL64 - ok
19:36:21.0328 1588        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:21.0348 1588        usbccgp - ok
19:36:21.0400 1588        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:36:21.0418 1588        usbcir - ok
19:36:21.0442 1588        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:36:21.0471 1588        usbehci - ok
19:36:21.0518 1588        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:36:21.0541 1588        usbhub - ok
19:36:21.0554 1588        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:36:21.0567 1588        usbohci - ok
19:36:21.0593 1588        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:36:21.0626 1588        usbprint - ok
19:36:21.0663 1588        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
19:36:21.0685 1588        USBSTOR - ok
19:36:21.0695 1588        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:21.0709 1588        usbuhci - ok
19:36:21.0826 1588        usj            (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
19:36:21.0838 1588        usj - ok
19:36:21.0863 1588        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:36:21.0897 1588        UxSms - ok
19:36:21.0940 1588        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:21.0950 1588        VaultSvc - ok
19:36:22.0001 1588        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:36:22.0011 1588        vdrvroot - ok
19:36:22.0073 1588        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:36:22.0139 1588        vds - ok
19:36:22.0179 1588        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:22.0192 1588        vga - ok
19:36:22.0209 1588        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:36:22.0240 1588        VgaSave - ok
19:36:22.0243 1588        VGPU - ok
19:36:22.0290 1588        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:36:22.0313 1588        vhdmp - ok
19:36:22.0350 1588        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:36:22.0360 1588        viaide - ok
19:36:22.0378 1588        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:36:22.0401 1588        vmbus - ok
19:36:22.0420 1588        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:36:22.0452 1588        VMBusHID - ok
19:36:22.0482 1588        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:36:22.0493 1588        volmgr - ok
19:36:22.0547 1588        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:36:22.0568 1588        volmgrx - ok
19:36:22.0617 1588        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:36:22.0640 1588        volsnap - ok
19:36:22.0673 1588        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:22.0688 1588        vsmraid - ok
19:36:22.0773 1588        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:36:22.0854 1588        VSS - ok
19:36:22.0941 1588        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:36:22.0971 1588        vwifibus - ok
19:36:23.0017 1588        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:36:23.0056 1588        W32Time - ok
19:36:23.0074 1588        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:36:23.0085 1588        WacomPen - ok
19:36:23.0131 1588        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:23.0166 1588        WANARP - ok
19:36:23.0176 1588        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:23.0203 1588        Wanarpv6 - ok
19:36:23.0292 1588        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:36:23.0349 1588        wbengine - ok
19:36:23.0442 1588        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:36:23.0469 1588        WbioSrvc - ok
19:36:23.0522 1588        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:36:23.0558 1588        wcncsvc - ok
19:36:23.0573 1588        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:36:23.0597 1588        WcsPlugInService - ok
19:36:23.0620 1588        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:36:23.0630 1588        Wd - ok
19:36:23.0665 1588        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:36:23.0694 1588        Wdf01000 - ok
19:36:23.0705 1588        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:23.0806 1588        WdiServiceHost - ok
19:36:23.0809 1588        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:23.0826 1588        WdiSystemHost - ok
19:36:23.0872 1588        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:36:23.0916 1588        WebClient - ok
19:36:23.0958 1588        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:36:24.0018 1588        Wecsvc - ok
19:36:24.0045 1588        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:36:24.0080 1588        wercplsupport - ok
19:36:24.0108 1588        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:36:24.0161 1588        WerSvc - ok
19:36:24.0218 1588        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:24.0247 1588        WfpLwf - ok
19:36:24.0263 1588        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:36:24.0273 1588        WIMMount - ok
19:36:24.0300 1588        WinDefend - ok
19:36:24.0313 1588        WinHttpAutoProxySvc - ok
19:36:24.0353 1588        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:36:24.0398 1588        Winmgmt - ok
19:36:24.0495 1588        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:36:24.0577 1588        WinRM - ok
19:36:24.0694 1588        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:24.0860 1588        WinUsb - ok
19:36:25.0072 1588        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:36:25.0117 1588        Wlansvc - ok
19:36:25.0277 1588        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:25.0350 1588        wlidsvc - ok
19:36:25.0471 1588        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:36:25.0484 1588        WmiAcpi - ok
19:36:25.0532 1588        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:25.0558 1588        wmiApSrv - ok
19:36:25.0603 1588        WMPNetworkSvc - ok
19:36:25.0629 1588        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:36:25.0645 1588        WPCSvc - ok
19:36:25.0693 1588        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:36:25.0710 1588        WPDBusEnum - ok
19:36:25.0734 1588        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:25.0766 1588        ws2ifsl - ok
19:36:25.0770 1588        WSearch - ok
19:36:25.0861 1588        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:36:25.0976 1588        wuauserv - ok
19:36:26.0100 1588        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:36:26.0136 1588        WudfPf - ok
19:36:26.0171 1588        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:26.0214 1588        WUDFRd - ok
19:36:26.0254 1588        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:36:26.0284 1588        wudfsvc - ok
19:36:26.0305 1588        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:36:26.0337 1588        WwanSvc - ok
19:36:26.0391 1588        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:36:26.0527 1588        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:36:26.0527 1588        \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:36:26.0532 1588        MBR (0x1B8)    (245e3dcf979ac3adbf815ab0a12c59cb) \Device\Harddisk1\DR1
19:37:29.0731 1588        \Device\Harddisk1\DR1 - ok
19:37:29.0740 1588        MBR (0x1B8)    (42b02a2a0140f4274d69783b59fead9f) \Device\Harddisk2\DR2
19:37:36.0587 1588        \Device\Harddisk2\DR2 - ok
19:37:36.0623 1588        Boot (0x1200)  (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0
19:37:36.0624 1588        \Device\Harddisk0\DR0\Partition0 - ok
19:37:36.0632 1588        Boot (0x1200)  (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1
19:37:36.0633 1588        \Device\Harddisk0\DR0\Partition1 - ok
19:37:36.0633 1588        ============================================================
19:37:36.0633 1588        Scan finished
19:37:36.0633 1588        ============================================================
19:37:36.0648 4264        Detected object count: 2
19:37:36.0648 4264        Actual detected object count: 2
19:37:40.0996 4264        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:40.0996 4264        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:40.0998 4264        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:37:40.0998 4264        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:46 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131