Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt (https://www.trojaner-board.de/117711-redirector-adware-tracking-cookie-krieg-geloescht-microsoft-se-rundll-32-geblockt.html)

danke 21.06.2012 15:18
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt
 
Hallo Ihr Lieben,

Das hier ist mein erster Forum Post also entschuldige ich mich hier schonmal für alle Rechtschreibfehler und andere Fehler.

Ich nutze Windows 7 Ultimate 64 bit Service pack 1

Ich habe große Probleme mit meinem Computer.

vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben.

Nach dem doppelklick verschwand die datei und bei jedem Start von windows sah man kurz die eingabeaufforderung mit der Überschrift : amd accelerated video transcoding device initialisation

habe das dann über den catalyst deinstalliert hat aber nichts gebracht.

Ich kann mit sicherheit sagen das ich einen Redirector habe und bestimmt noch mehr...

Benutze Opera und von google aus redirected der mich immer

wenn der pc hochfährt ist Microsoft Security Essentials nicht geöffnet...

wenn ich im task manager bei prozesse rundll 32 hostprotzess beende lässt sich Microsoft Security Essentials starten ansonsten schliesst es sich sofort wieder.

Zusätzlich kann ich in mein Lieblings Onlinerollenspiel Eden Eternal nicht mehr connecten.

Vor ein Paar monaten hatte ich schonmal einen redirector den ich aber erfolgreich mit TDSS Killer gekillt habe.

Ich habe Malwarebytes anti malware mehrmals durchlaufen lassen das findet nichts mehr.

Nur superantispyware findet nach jedem neustart erneut Adware Tracking cookie.

Ich habe auch verschiedene Online Scans durchlaufen lassen

Ich habe schonmal ein paar logfiles vorbereitet ich hoffe ich poste die hier richtig.

Jetzt kommts Malwarebytes anti Malware Quarantäne:

hxxp://www10.pic-upload.de/21.06.12/wjpsm322i9ap.png



OTL Log:OTL Logfile:
Code:
OTL logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\GUILD WARS\Gw.exe (ArenaNet)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Fab\AppData\Local\Temp\GwA6494.tmp ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COM Service) -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Tosrfhid) -- C:\Windows\SysWOW64\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbd) -- C:\Windows\SysWOW64\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\SysWOW64\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\SysWOW64\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\SysWOW64\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\SysWOW64\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\SysWOW64\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\SysWOW64\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4
FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M]
 
[2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions
[2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.19 22:00:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe
[2012.06.18 23:05:55 | 000,171,176 | ---- | C] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll
[2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2012.06.14 17:45:30 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 17:45:30 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 17:45:09 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 17:45:09 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 17:43:29 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe
[2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41
[2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package
[2012.05.22 00:14:58 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Local\Aeria Games
[2012.05.22 00:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.05.22 00:10:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.05.22 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 22:06:12 | 000,026,786 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.19 22:06:12 | 000,005,598 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.19 22:06:12 | 000,004,382 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.19 22:01:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 14:36:50 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.06.19 14:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 14:36:01 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 06:19:47 | 002,109,032 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:42:30 | 000,171,176 | ---- | M] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll
[2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 22:04:17 | 000,850,383 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.14 17:44:44 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 17:44:44 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 17:44:44 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 17:44:43 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 17:44:43 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.14 17:43:38 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe
[2012.06.14 17:32:20 | 001,624,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.14 17:32:20 | 000,709,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:32:20 | 000,662,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:32:20 | 000,153,626 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:32:20 | 000,125,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 17:32:06 | 001,624,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 01:27:30 | 007,214,239 | ---- | M] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar
[2012.06.13 03:00:37 | 000,000,612 | ---- | M] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.13 01:24:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.13 01:24:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.05.29 10:47:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:36:53 | 000,026,786 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.19 14:36:53 | 000,005,598 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.19 14:36:53 | 000,004,382 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.19 06:19:42 | 002,109,032 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat
[2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 22:04:14 | 000,850,383 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.14 01:27:28 | 007,214,239 | ---- | C] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar
[2012.06.13 03:00:37 | 000,000,612 | ---- | C] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg
[2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini
[2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini
[2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif
[2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start
[2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd
[2011.03.29 22:37:47 | 001,624,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe
[2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe
[2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe
[2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat
[2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat
[2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe
[2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2011.04.09 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.01.28 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.05.19 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job
[2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---







OTL Extras Log:OTL Logfile:
Code:
OTL Extras logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EF41B0-CAB2-470A-BE02-58C62994F8B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C03FC63-0AE1-4FAE-8B81-B033A73F7447}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11F7058B-800D-4970-BFFA-D9F2751EE613}" = lport=139 | protocol=6 | dir=in | app=system |
"{178588F0-1F8A-42B4-B530-56DCB7D4DB6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A6427FB-ADAB-4E9C-A376-6BEC986C5471}" = lport=137 | protocol=17 | dir=in | app=system |
"{266A12B9-1295-4127-97FD-5E9F018B181A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26DE9AA3-E51D-4051-B540-B90F870ED3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{581D7069-049E-4F1D-8D60-2A60EBA251A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6585C237-A68E-41E1-803D-F08C0B0C7BAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{690B3DB0-23FC-4355-A09C-828065EFD61A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{741F91D2-7ABC-41C5-8EEB-D62C2DDE513A}" = rport=139 | protocol=6 | dir=out | app=system |
"{98D1F993-70B2-4699-B120-0DC1E49B31C2}" = lport=3389 | protocol=6 | dir=in | app=system |
"{A23EC258-F84B-4401-885C-97668D10EE82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5C51AC0-E014-44BB-87A6-D51D1404C544}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD6027F0-DB44-4EA6-8898-418E6B8D1DCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADBC0A2E-2EE9-43BF-A4D0-52D9AC8EAFB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADCC6908-15FF-450B-83D5-B32C1E7EB813}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C959795E-BC98-40DD-81D0-719775323F43}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9A11643-2764-4CFF-9701-AC4540B04984}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD9042B4-AC28-4145-8957-A0DDF32D9AE1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{CD9D8EE6-65EA-4564-8D0A-FBE30B8535CA}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface |
"{D623C146-4ECE-400C-9C21-113D52E4E56B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8922840-E9CF-4867-B6E2-53B52091C955}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E14974BC-2AE1-4AE2-9DC7-8B5B26E37EB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E4E4443E-65A3-4C4C-83FD-1B551A8F324F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6D05149-14A8-4164-BF50-27753EC84CFE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EC0D9165-2E7D-4A06-9A34-EEA1249BC416}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{ECE92AFE-B286-47AA-B5FC-382536AECA50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EED8BC73-0341-42F9-9DFC-D34DAFF9B84D}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |
"{F03203A7-463C-477A-BCD9-4B207C8AA7E4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0C8BA13-109F-4CEC-AD5F-0B94ED493C3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC383E-E754-43D0-8325-9257E063AF59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{09F746B0-87D8-4B32-A609-7DD7179DB6A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11FBC199-A243-40C7-843B-D2C1399DBFA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{125091D0-AA6A-4CE7-9368-E8A70077A5CC}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{1379ED50-F62F-431B-BB64-B00F9582B5C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{13A8BD29-D37A-4334-B23B-144BA174AC96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{14D815F2-FE8C-4947-BEFA-D237674DDD60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{176BCD48-06F9-4EBF-A556-A4F6743683FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17ACC1BA-DBA5-42EB-8FB4-8501F680B2C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1DECC78F-4579-4B6A-B4CA-4A4102B1F4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1F51B874-C061-43DA-ADDD-6FC81646A7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8A2EDB-AD4C-48E9-8FD6-95C9C5F912BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{22EE52EF-C2AA-4871-A14A-3EDD6822FF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{2DEC0B17-E82E-4C3A-9393-55F50D587EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{2EA01679-A5BB-43C6-A9A9-3FC5E00BF97F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{38306820-5691-4862-9C06-11BA08ED269D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{385BB579-8E89-4188-8B8F-488E3B0B42D8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40F25EA6-B2D1-4244-A1B2-FDA9C51F524C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{416DFF77-5D8F-4EB0-B117-7254F21F1768}" = protocol=6 | dir=out | app=system |
"{4377EDCB-EFD6-4F68-AF14-79DEB1B093E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4764E023-B81C-4ED3-8A74-25FE49CA366B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49682710-7B59-4970-B69A-0AD196DA637B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C227F96-4237-4069-BA5C-61824F85D807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C566F24-1F77-4F7E-9B2A-A09A6E1BBDD6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{4C7A56C3-B0B0-466E-911A-06EF46342BCA}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{4D37F240-74AF-4B2F-9FEC-8E306C7A655E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{4F61D0E1-7C66-4E00-A4AE-FD8245997048}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{563DE42C-FA31-4CAA-83E6-8440CD98FFD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3986C7-A275-49DE-9BD8-3A9CC5A6B7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{5F3DFFA2-1F95-471B-BB95-16212902DDFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64CE7BC5-53A8-4C35-A7D3-118C58CD5286}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68D012D4-EC77-4722-B628-F96C7CEFA910}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{6B774879-3A14-44F2-A16B-88B9A340E1E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CB74588-476F-40E4-936D-53B2AB371457}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6E1202A1-8315-4788-9BB6-035C206EE951}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{75198A66-70C1-4128-BA36-5E9E007D668C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{75D02F41-5F26-4D97-9C55-40A83B1566CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7ADB45AD-022B-474B-8129-12D5522E5EA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{7D52E935-95CE-4A8D-98B6-7BF9F493AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe |
"{7F8B91C0-CA76-46E4-A1EE-2FED8CB2BE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FC2A7B1-7646-4F6D-BE1B-0742B3B64DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe |
"{7FEED177-8664-4D08-BFC3-AFC571021C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{84CF5879-B40B-47FB-96B5-F78462163A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{873D9CDE-CCC0-4D36-BD12-FAD47F6B533E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88142BA3-7B75-4CBB-8B8D-0EB93E1585E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E9C6E54-0DC7-4AA5-828C-A0071C05934A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{90A79170-E002-4EE6-95A5-F1BB8FC2BBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{94434C26-1448-4B8A-8044-B593957808A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{953D439F-765F-494E-A2B5-FBBD285B82CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{9AC8D63F-49FD-4B8B-881B-AD71479312E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9F2CBEA9-F6E0-4004-955F-247903196534}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5DBD9DE-F67B-4EC9-A570-8B614D30F988}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A9CC0F2A-5545-48D3-A1DA-6BFDC2DF7A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{AF62CEBA-2114-4959-B847-B3A225AD8EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{AF92B122-BC71-4CB2-A1EC-48C2486A3D27}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AFC9D55A-F513-46B4-A00C-F7D1CBB7BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B0AEAE3F-0F78-4BF4-94DD-15296BCA2A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B4E06326-5D8D-4D3D-B8FA-8DFA1CC4B64B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9FD189F-C4AB-4E31-919B-E3CB9AA5EF8A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{BA1E0A5D-9A38-4F27-8734-58CBB7223921}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{C79F3D64-D5ED-415E-8CAC-35A7C5057251}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CB5F2B29-43AA-4FE2-8146-50EA06ED5F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{CC86ECB0-DC4B-4350-967F-8A1B69B445BA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CD732F82-EA33-42BA-958D-CC3BA86559DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1B75B1C-DB22-4A24-912A-D352BA54D669}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{D7862D59-C2BF-42E1-89EC-4B2B7920DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{D8228A9D-5651-4515-A4E1-18D585B6C5AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D8909193-565D-418F-B443-4E6E530D72DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E1713D19-A052-4DDF-B509-01D90FC85B39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E190C9C8-AA75-4B8C-8E19-54FF669CA775}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E4B72983-D2B5-4561-B9CF-76366D5998F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5CF9753-F3E6-4B36-A167-A9E352B953FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E7D8D36F-F577-4413-B8D7-C09F30187A68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EA78ED9E-7028-4749-9F8F-154475A4A8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{ED96ADED-92DF-4C35-8BA2-93041AC7E730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{EDF229CB-26F4-402B-A241-11AC4BD39994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F733AF3C-2149-42A2-BEF4-A536999C66AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9BEC370-8756-4966-B98B-1B6DD8863FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{FC80EB70-127E-4964-868B-550095424FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{02EC41FD-6434-4D47-9251-3574A2D8AC10}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe |
"TCP Query User{180F4CDE-D0E6-4FE6-A744-12A97C0DDB82}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe |
"TCP Query User{186D5C6B-08CA-40F4-B3C6-DFB6355886F9}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe |
"TCP Query User{19FA06A6-7EA0-4BF5-9A94-033E8A10BDFC}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{254F1699-BDD7-4122-BBEF-2E6EB28CCE15}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe |
"TCP Query User{265C4279-8513-4F61-83C4-2D428E3F9694}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe |
"TCP Query User{29F09BA2-03FE-41E3-B8F0-C8E5117966DD}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe |
"TCP Query User{360102C7-ADFE-41FA-AC1B-592B28EB6965}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe |
"TCP Query User{397E11B9-713D-4FB8-9AA7-E30CE9DAE587}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe |
"TCP Query User{4261E750-B22B-432C-A586-E1DD4BC6D4B3}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe |
"TCP Query User{4AC25604-EE34-48F9-92C5-8DB18A8FFBF6}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe |
"TCP Query User{5364CCD5-942C-45E0-AFD4-E3527413D92C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{58E1807B-2D0E-4F5F-BDEC-1638E39588F2}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{7016029C-CA4B-4717-8F5B-46E773F00E82}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{833DA657-F368-49D9-8ACD-37526A312ECB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{8CBE8C06-B119-4392-9CFD-40C5007947CF}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe |
"TCP Query User{8D6C454B-1E36-4549-98F6-E8B0F3E2CCAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{9496B09A-C614-4EAD-B854-63BB23D97453}C:\program files (x86)\remote mouse\server\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"TCP Query User{96A9022F-8DF6-447F-9A67-ECD4AA6335BE}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe |
"TCP Query User{9DFB931E-1C7B-44A3-B705-2422B384F580}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe |
"TCP Query User{AB7EDAB9-9C0E-4CE0-975C-9B2D62CCFB84}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe |
"TCP Query User{AE493C6E-835F-4B33-9A3C-E3C790017511}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe |
"TCP Query User{C8CACC9F-3DC6-49C2-8217-C25523EFA949}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"TCP Query User{CACB0CAC-74D0-4A9B-AF1F-90DA9DAF6442}C:\users\fab\desktop\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe |
"TCP Query User{DEDC8EFA-2309-4AB3-AD62-F4AE9213FD98}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E69B075C-2517-4878-9F27-CB3130FE9630}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{E6FC5A01-738C-43AD-84AC-AA40793B61AD}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{E92686C1-2B94-45F5-BF14-72CBC81B8D02}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe |
"TCP Query User{EC969529-1FDB-4411-BC54-950829EBE66C}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe |
"TCP Query User{EE5360FB-5A16-4363-962D-401FCC0B7CF8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F4DE1879-0BBD-47F4-83BC-1053DBF142A3}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe |
"TCP Query User{FA17EBC4-A2DA-418F-9F75-0C1C1AFD6DE8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{FB711252-9C33-454C-AA34-1E60703E5CC3}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe |
"UDP Query User{003BEF24-FF28-431B-BF90-3AF2C4EE2E4B}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe |
"UDP Query User{14058421-C4C2-4043-B4D5-A3051E3A381B}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe |
"UDP Query User{1C607A23-4F2D-471B-A6CD-BFA3063F205F}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe |
"UDP Query User{2A9A22E5-9A37-492E-9504-4A66E3817AFB}C:\program files (x86)\remote mouse\server\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"UDP Query User{304F0CBE-33AA-4FBD-8905-945767F6A003}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe |
"UDP Query User{46FC53D3-94F7-44BC-A6FB-CF2DF93B2687}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe |
"UDP Query User{47EBB217-68F8-4A6E-ADB4-F104569E08EF}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"UDP Query User{4C57B7D2-E759-46FC-A269-8366FA072B54}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe |
"UDP Query User{583D3BC1-DED6-4724-B647-01D4237DA918}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe |
"UDP Query User{5A5D7C04-C593-425F-A1CA-B7B7A8E77900}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe |
"UDP Query User{5AD7CE38-FDB9-491F-94A4-8115B9C1FA54}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe |
"UDP Query User{6D130F13-9607-4588-81A8-EE963CA79A52}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe |
"UDP Query User{73CA9FC0-97BF-4DE2-B87C-CF951C63A6B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{75E6717A-00FC-4E60-A894-E659AB4DD2F5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{7DEFCA12-A216-44B1-964C-688C60D81A0E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{8F01742C-B5E9-4F1F-ABEA-A9AAF657A749}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe |
"UDP Query User{90BBCE7C-65DB-4D67-8015-504CF4660BAD}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{99B5D779-0EB7-41F3-9622-F0D73971349A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9E97F6CC-26DA-4AD2-886B-E2F87F1516BD}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe |
"UDP Query User{A6F5E34F-B467-4740-985B-43525ADB877E}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe |
"UDP Query User{A973F2B1-824F-4871-BA58-A50267AEBEE6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{AF1FF237-AA74-4520-BBD7-50B5E097D43E}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe |
"UDP Query User{C63538EF-A25B-4C5B-9401-B2327455306B}C:\users\fab\desktop\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe |
"UDP Query User{C95F16B5-125A-4EE5-BBEF-3E6663590AC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{D60028DB-70B4-43B5-BFC9-929BCEF5003E}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe |
"UDP Query User{D6E22DED-1CE4-4FFB-94ED-CA4FD9810C77}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe |
"UDP Query User{E0C6DE29-8E54-4221-80F2-F1FE4BA7A969}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E90F21D2-7515-45C4-B370-131E72C6A784}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{EA06166C-0A6B-4FED-9BD1-12549902A997}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe |
"UDP Query User{F51E0B3D-303E-46C9-AC75-D002C5A06D98}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{F6E293D4-D798-404D-9331-17F2D59A5037}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe |
"UDP Query User{FCF14D18-C50A-4D07-9970-BDCF60C14EF2}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe |
"UDP Query User{FEBBA1AD-5FE6-4FA2-AE19-7D5BA80EF5AA}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.08
"DivX Setup" = DivX-Setup
"DriverCD" = DriverCD
"Eden Eternal" = Eden Eternal
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117
"G.O.M" = G.O.M
"Guild Wars" = GUILD WARS
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"Silkroad" = Silkroad
"Steam App 10" = Counter-Strike
"Steam App 113400" = APB Reloaded
"Steam App 200210" = Realm of the Mad God
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 3.0.9042
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248456 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248472 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248344 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 15.06.2012 13:31:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel:
 0x4fd8b9f9  Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel:
 0x4fd8b9f9  Ausnahmecode: 0x40000015  Fehleroffset: 0x005dff0a  ID des fehlerhaften Prozesses:
 0x11f4  Startzeit der fehlerhaften Anwendung: 0x01cd4b1b62acf8e7  Pfad der fehlerhaften
 Anwendung: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app  Pfad des fehlerhaften
 Moduls: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app  Berichtskennung: 01b8d1a8-b710-11e1-9120-00241d2232b9
 
Error - 17.06.2012 21:45:59 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4fd10cda  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00425cd2  ID des fehlerhaften Prozesses:
 0x13bc  Startzeit der fehlerhaften Anwendung: 0x01cd4cee65b87207  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
 2\tf\bin\client.dll  Berichtskennung: 5a1a16ed-b8e7-11e1-a634-00241d2232b9
 
Error - 18.06.2012 14:47:42 | Computer Name = FAB | Source = Application Hang | ID = 1002
Description = Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd8    Startzeit:
01cd4d7fb4c985b9    Endzeit: 920    Anwendungspfad: UNKNOWN    Berichts-ID: 0fa1d30a-b976-11e1-a634-00241d2232b9

 
Error - 18.06.2012 15:11:53 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fd10baa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6a2de3c9
ID
 des fehlerhaften Prozesses: 0x1710  Startzeit der fehlerhaften Anwendung: 0x01cd4d82000e2711
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
 fortress 2\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 76078f3c-b979-11e1-a634-00241d2232b9
 
Error - 18.06.2012 16:05:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4fd10cda  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00425cd2  ID des fehlerhaften Prozesses:
 0x11cc  Startzeit der fehlerhaften Anwendung: 0x01cd4d868cd2cff2  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
 2\tf\bin\client.dll  Berichtskennung: 044e84d4-b981-11e1-a634-00241d2232b9
 
Error - 18.06.2012 16:58:50 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: QuickTime.qts, Version: 7.71.80.42, Zeitstempel:
 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ae14  ID des fehlerhaften Prozesses:
 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01cd4d9523bd6df7  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
Berichtskennung:
 676c3506-b988-11e1-8e46-00241d2232b9
 
Error - 18.06.2012 18:29:23 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fd10baa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67e3e3c9
ID
 des fehlerhaften Prozesses: 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cd4da0da41c80e
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
 fortress 2\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 0d38cf2c-b995-11e1-8e46-00241d2232b9
 
[ System Events ]
Error - 19.06.2012 08:35:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = SNMP | ID = 16713180
Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration
 ist ein Fehler aufgetreten.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:22 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:39 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 09:12:02 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 09:12:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
--- --- ---



Hijackthis LOG:


HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:43:39, on 19.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Fab\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Internet Explorer.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9380 bytes
--- --- ---



Super Anti Spyware Logs:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 12:56 PM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 00:10:25

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 839
Memory threats detected : 0
Registry items scanned : 66166
Registry threats detected : 0
File items scanned : 9540
File threats detected : 13

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\X0KWUPYL.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R5B0WU9L.txt [ /ads.creative-serving.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\J0Q9W314.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IAFDSU0E.txt [ /nextag.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DGTR8UQJ.txt [ /overture.com ]
C:\USERS\FAB\Cookies\X0KWUPYL.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\J0Q9W314.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\IAFDSU0E.txt [ Cookie:fab@nextag.de/ ]
C:\USERS\FAB\Cookies\DGTR8UQJ.txt [ Cookie:fab@overture.com/ ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BPZ7AME3.txt [ /find.safeseeking.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HAA0QI0W.txt [ /click.get-answers-fast.com ]
C:\USERS\FAB\Cookies\BPZ7AME3.txt [ Cookie:fab@find.safeseeking.com/ ]
C:\USERS\FAB\Cookies\HAA0QI0W.txt [ Cookie:fab@click.get-answers-fast.com/ads-clicktrack/click/ ]




NR 2


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 03:42 AM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 01:11:16

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 887
Memory threats detected : 0
Registry items scanned : 66312
Registry threats detected : 0
File items scanned : 97496
File threats detected : 17

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BENLAHXH.txt [ /unitymedia.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OSUXMJNC.txt [ /tracking.quisma.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\KPKOF9KE.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\2X2JB7N1.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9VOJXJAA.txt [ /adfarm1.adition.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1PD7DNRT.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\XPMCY3CS.txt [ /xml.trafficno.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6FMFEULI.txt [ /overture.com ]
C:\USERS\FAB\Cookies\BENLAHXH.txt [ Cookie:fab@unitymedia.de/ ]
C:\USERS\FAB\Cookies\OSUXMJNC.txt [ Cookie:fab@tracking.quisma.com/ ]
C:\USERS\FAB\Cookies\2X2JB7N1.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\1PD7DNRT.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\6FMFEULI.txt [ Cookie:fab@overture.com/ ]

PUP.MyWebSearch
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[2].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[3].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E27O6YM\api[2].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6UK21F7\api[1].htm [ cache:mywebsearch.com ]






Nr 3




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 04:40 PM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Custom Scan
Total Scan Time : 00:13:20

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 895
Memory threats detected : 0
Registry items scanned : 66282
Registry threats detected : 0
File items scanned : 7427
File threats detected : 42

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6PC2B5SS.txt [ /traffictrack.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TYMTHD69.txt [ /ads.bleepingcomputer.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DD560O3Z.txt [ /mm.chitika.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\H5GC1A3D.txt [ /mediaplex.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4ICSKNBG.txt [ /at.atwola.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4JDY54JE.txt [ /ru4.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EBPQXRYF.txt [ /kaspersky.122.2o7.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HMT1VKCJ.txt [ /kontera.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\V75N6P28.txt [ /atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LRRS5APJ.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5ML59VHB.txt [ /lucidmedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RVZWAWZB.txt [ /c.atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IUEHJVQ4.txt [ /www.traffictrack.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\WQUJ46J7.txt [ /247realmedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3WXSENB5.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1OH8RXFV.txt [ /apmebf.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R1PHNFTF.txt [ /advertising.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\Y5PAYXJH.txt [ /tracking.3gnet.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LVRKYT79.txt [ /serving-sys.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EPB71HKS.txt [ /adbrite.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SUXFQZIS.txt [ /www.googleadservices.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\A77HX2ZV.txt [ /invitemedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5EG5BUIH.txt [ /ad.360yield.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5R6XKKH3.txt [ /media6degrees.com ]
C:\USERS\FAB\Cookies\6PC2B5SS.txt [ Cookie:fab@traffictrack.de/ ]
C:\USERS\FAB\Cookies\H5GC1A3D.txt [ Cookie:fab@mediaplex.com/ ]
C:\USERS\FAB\Cookies\4ICSKNBG.txt [ Cookie:fab@at.atwola.com/ ]
C:\USERS\FAB\Cookies\4JDY54JE.txt [ Cookie:fab@ru4.com/ ]
C:\USERS\FAB\Cookies\EBPQXRYF.txt [ Cookie:fab@kaspersky.122.2o7.net/ ]
C:\USERS\FAB\Cookies\HMT1VKCJ.txt [ Cookie:fab@kontera.com/ ]
C:\USERS\FAB\Cookies\V75N6P28.txt [ Cookie:fab@atdmt.com/ ]
C:\USERS\FAB\Cookies\5ML59VHB.txt [ Cookie:fab@lucidmedia.com/ ]
C:\USERS\FAB\Cookies\RVZWAWZB.txt [ Cookie:fab@c.atdmt.com/ ]
C:\USERS\FAB\Cookies\IUEHJVQ4.txt [ Cookie:fab@www.traffictrack.de/ ]
C:\USERS\FAB\Cookies\WQUJ46J7.txt [ Cookie:fab@247realmedia.com/ ]
C:\USERS\FAB\Cookies\3WXSENB5.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\1OH8RXFV.txt [ Cookie:fab@apmebf.com/ ]
C:\USERS\FAB\Cookies\R1PHNFTF.txt [ Cookie:fab@advertising.com/ ]
C:\USERS\FAB\Cookies\Y5PAYXJH.txt [ Cookie:fab@tracking.3gnet.de/ ]
C:\USERS\FAB\Cookies\LVRKYT79.txt [ Cookie:fab@serving-sys.com/ ]
C:\USERS\FAB\Cookies\EPB71HKS.txt [ Cookie:fab@adbrite.com/ ]
C:\USERS\FAB\Cookies\A77HX2ZV.txt [ Cookie:fab@invitemedia.com/ ]


NR 4


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 02:48 AM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 01:22:02

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 842
Memory threats detected : 0
Registry items scanned : 66217
Registry threats detected : 0
File items scanned : 95542
File threats detected : 3

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\QGWPO1R8.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3UTKQ21H.txt [ /adfarm1.adition.com ]
C:\USERS\FAB\Cookies\QGWPO1R8.txt [ Cookie:fab@adtech.de/ ]



Es tut mir wirklich leid euch mit soviel zu belästigen.

Ich glaube ich habe alles falsch gemacht was man überhaupt falschmachen kann...

Ich habe nämlich TDSS Killer benutzt und die roten sachen gelöscht war das sehr schlimm? XD ^^

Es wäre nett wenn mir jemand helfen könnte .
:headbang:

cosinus 24.06.2012 18:31
Zitat:
vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben.
geht das auch konkreter? Dateiname, Sinn, Zweck und Quelle dieser exe Datei?

Die Logs von Malwarebytes bitte in Textform posten! So ein riesiges Bild von Malwarebytes ist sinnfrei, die anderen Logs hast du doch auch normal gepostet!
Ich mach aus dem riesigen Bild mal nur einen normalen Link.

danke 25.06.2012 16:23
Ja die datei war eine exe datei die einen x box 360 controller emulieren sollte habe nur einen speedlink die datei hiess x360ce is aber irrelevant da sie nicht das gewünschte programm war sondern sich nach dem doppelklick in luft auflöste ...
ich habe die datei bei google gesucht dann in google auf einen link geklickt und schon kam der download

Ja die Malware logs zeigen alle 0 funde an ... komisch

cosinus 25.06.2012 19:32
Du solltest alle Logs von Malwarebytes in Textform posten

danke 27.06.2012 13:21
Ok Sorry hier sind alle von alt nach neu geordnet

und ich sehe grade das im task manager ganz of opera_plugin_wrapper.exe*32 geöffnet ist das war voher nicht der prozess ist mehr als 30 mal geöffnet


MBAM LOGS:

nr 1

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6822

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.06.2011 04:07:42
mbam-log-2011-06-10 (04-07-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 299117
Laufzeit: 1 Stunde(n), 13 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> 852 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray2 (Backdoor.Agent) -> Value: tray2 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\Fab\Desktop\agbot.package\agBot.exe (Trojan.Scar) -> Quarantined and deleted successfully.
c:\Users\Fab\Desktop\agbot.package\nuconnector9.26.exe (Trojan.Scar) -> Quarantined and deleted successfully.




nr 2


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8209

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 18:38:39
mbam-log-2011-12-07 (18-38-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 20851
Laufzeit: 18 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Fab\AppData\Local\Temp\0.4891385984227795.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\0.6793807639939748.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\0.840330846978053.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\dwme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


nr 3



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8209

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 21:00:30
mbam-log-2011-12-07 (21-00-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 337375
Laufzeit: 1 Stunde(n), 59 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XbbbF4m5QJ6dE8R8234A (Trojan.FakeAlert.CLGen) -> Value: XbbbF4m5QJ6dE8R8234A -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



nr 4



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8329

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 21:23:50
mbam-log-2011-12-07 (21-23-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 20637
Laufzeit: 15 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012 (Rogue.CloudAV2012) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Fab\AppData\Roaming\ahst.lni (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012\cloud av 2012.lnk (Rogue.CloudAV2012) -> Quarantined and deleted successfully.



nr 5


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

Schutz: Aktiviert

20.01.2012 17:50:53
mbam-log-2012-01-20 (17-50-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345500
Laufzeit: 1 Stunde(n), 27 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray3 (Trojan.Agent) -> Daten: C:\Windows\system32\RecvMessage.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\RecvMessage.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)



nr 6

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

Schutz: Aktiviert

27.02.2012 22:05:23
mbam-log-2012-02-27 (22-05-23).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Fab\Downloads\kool_savas__kool_savas__aura__2011_itunes__deluxe_edition___bonus.exe (PUP.BundleInstaller.MG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



nr 7


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.19.01

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

19.06.2012 02:13:19
mbam-log-2012-06-19 (02-13-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433060
Laufzeit: 1 Stunde(n), 25 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\TDSSKiller_Quarantine\19.06.2012_01.56.59\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



nr 8 is alles clean

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

22.06.2012 08:47:07
mbam-log-2012-06-22 (08-47-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426910
Laufzeit: 3 Stunde(n), 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 28.06.2012 09:21
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

danke 28.06.2012 21:56
oh da is wohl was durch java gekommen



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=54bc3c8726ca0140bfc455ac965c2838
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 05:03:37
# local_time=2012-06-28 07:03:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 38945570 92522711 0 0
# compatibility_mode=8192 67108863 100 0 753176 753176 0 0
# scanned=227176
# found=3
# cleaned=0
# scan_time=10157
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\63353b17-556bb6e2 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\510abf60-34023288 Java/TrojanDownloader.Agent.NDR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\fd299c9-7fe2b229 multiple threats (unable to clean) 00000000000000000000000000000000 I

cosinus 29.06.2012 12:07
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

danke 29.06.2012 14:01
OTL Logfile:
Code:
OTL logfile created on: 29.06.2012 14:34:53 - Run 2
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,98% Memory free
11,90 Gb Paging File | 9,95 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 21,73 Gb Free Space | 9,33% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01  [binary data]
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4
FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M]
 
[2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions
[2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions
[2012.06.26 16:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.06.26 16:23:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: 39480465.sys - Driver
SafeBootMin:64bit: 95626647.sys - Driver
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin: 39480465.sys - Driver
SafeBootMin: 95626647.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 39480465.sys - Driver
SafeBootNet:64bit: 95626647.sys - Driver
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet: 39480465.sys - Driver
SafeBootNet: 95626647.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 14:20:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.28 06:01:44 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
[2012.06.28 06:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drakensang Online
[2012.06.21 12:57:16 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe
[2012.06.21 00:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.21 00:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.06.20 04:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.06.20 04:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.06.20 03:19:37 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\f-secure
[2012.06.20 03:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.06.20 03:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2012.06.20 03:05:03 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.06.20 03:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.20 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\osam
[2012.06.20 01:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.20 01:39:33 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe
[2012.06.19 23:12:07 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.19 23:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.19 23:11:12 | 017,937,032 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe
[2012.06.19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.19 22:43:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe
[2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe
[2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41
[2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 14:41:31 | 000,027,268 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.29 14:41:31 | 000,006,355 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.29 14:41:31 | 000,005,224 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.29 14:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 14:30:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 14:20:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.28 06:01:44 | 000,001,972 | ---- | M] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk
[2012.06.22 08:31:36 | 001,648,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.22 08:31:36 | 000,709,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.22 08:31:36 | 000,663,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.22 08:31:36 | 000,153,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.22 08:31:36 | 000,126,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.22 08:30:28 | 000,094,909 | ---- | M] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf
[2012.06.22 08:28:42 | 000,000,005 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan
[2012.06.21 15:57:30 | 000,834,855 | ---- | M] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png
[2012.06.21 12:57:42 | 002,109,806 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.21 00:45:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.21 00:45:43 | 001,669,766 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.21 00:30:46 | 000,294,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe
[2012.06.20 10:44:20 | 005,745,269 | ---- | M] () -- C:\Users\Fab\AppData\Local\census.cache
[2012.06.20 10:38:42 | 000,102,417 | ---- | M] () -- C:\Users\Fab\AppData\Local\ars.cache
[2012.06.20 05:09:53 | 001,294,411 | ---- | M] () -- C:\Windows\umcat_01.db
[2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.20 03:10:18 | 000,000,036 | ---- | M] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache
[2012.06.20 02:29:01 | 004,272,474 | ---- | M] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.20 01:56:29 | 000,112,660 | ---- | M] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg
[2012.06.20 01:41:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.20 01:39:34 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe
[2012.06.19 23:11:40 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.19 23:11:22 | 017,937,032 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe
[2012.06.19 22:43:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe
[2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.29 14:31:24 | 000,027,266 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.29 14:31:24 | 000,006,355 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.29 14:31:24 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.26 16:10:41 | 000,001,972 | ---- | C] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk
[2012.06.22 08:30:28 | 000,094,909 | ---- | C] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf
[2012.06.22 08:28:42 | 000,000,005 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan
[2012.06.21 15:57:45 | 000,834,855 | ---- | C] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png
[2012.06.21 00:45:47 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.20 10:44:20 | 005,745,269 | ---- | C] () -- C:\Users\Fab\AppData\Local\census.cache
[2012.06.20 10:38:42 | 000,102,417 | ---- | C] () -- C:\Users\Fab\AppData\Local\ars.cache
[2012.06.20 05:09:13 | 001,294,411 | ---- | C] () -- C:\Windows\umcat_01.db
[2012.06.20 04:13:02 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.20 04:12:57 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.20 03:10:18 | 000,000,036 | ---- | C] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache
[2012.06.20 02:29:01 | 004,272,474 | ---- | C] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.20 01:56:20 | 000,112,660 | ---- | C] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg
[2012.06.20 01:41:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.19 23:11:40 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 06:19:42 | 002,109,806 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat
[2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg
[2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini
[2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini
[2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.07 09:20:12 | 000,078,083 | ---- | C] () -- C:\Users\Fab\gw profi makro g 13.xml
[2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.27 22:17:18 | 000,015,119 | ---- | C] () -- C:\Users\Fab\steiger hdm.jpg
[2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif
[2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start
[2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd
[2011.03.29 22:37:47 | 001,669,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe
[2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe
[2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe
[2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat
[2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat
[2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe
[2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job
[2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.29 03:56:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Adobe
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.04.29 13:22:26 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Apple Computer
[2011.03.29 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ATI
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.04.14 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DivX
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure
[2011.10.19 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\FastStone
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.03.29 21:31:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Identities
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2011.03.29 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Macromedia
[2011.06.09 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Media Center Programs
[2012.04.27 12:41:46 | 000,000,000 | --SD | M] -- C:\Users\Fab\AppData\Roaming\Microsoft
[2012.04.12 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Mozilla
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2012.06.19 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com
[2011.06.24 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\teamspeak2
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Ventrilo
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2011.12.29 02:39:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.02.29 03:55:51 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.29 03:55:46 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.09.02 20:25:21 | 000,008,854 | R--- | M] () -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys
[2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\BootDrv\SB750V\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\BootDrv\SB750V\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\fdBthk.dll
[2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
<          >

< End of report >
--- --- ---
[/code]

cosinus 29.06.2012 14:37
Zitat:
-- C:\TDSSKiller_Quarantine
Die Logs vom TDSS-Killer müssen auch gepostet werden
Bitte nicht wild und v.a. nicht ohne Absprache alles einfach an Tools ausprobieren, du machst es dadurch nur noch schlimmer!

danke 29.06.2012 15:32
wie finde ich die logs ? und ich werde seit neustem von google bei suche wieder zu google weitergeleitet

cosinus 29.06.2012 23:36
Siehste, sowas ist kontraproduktiv. Du spielst mit Tools ohne Anleitung rum ohne zu wissen was du da machst oder die Logs gespeichert sind. Deswegen seh ich das überhaupt nicht gerne wenn solche Spezialtools schon ausgeführt wurden, weil ich eine dafür eine ganz bestimmte defenierte Instruktion zu habe! Das wurde natürlich nicht von mir vorher erwähnt, nur poste ich das als Warnung und Hinweise jetzt für dich und evtl. Mitleser.

Ok wollen wir mal weiter machen, die Logs vom TDSS-Killer sind direkt auf C:
Bitte alles posten

danke 30.06.2012 04:54
Hallo, Ich Entschuldige mich wegen dem rumgedocktore aber nachdem ich hier angemeldet war habe ich nichtmehr rumgedocktort.

Ich habe die logs als anhang beigefügt da es sonst viel zu viele zeichen sind Sorry.

cosinus 01.07.2012 15:19
Sehr unübersichtlich, zudem hast du da leider ziemlich ohne echten Sinn und Verstand da drauflosgefixt :(

Bitte ein neues Log (im normalen Windows-Modus) mit dem TDSS-Killer machen und posten, lade das Tool bitte neu runter damit du wirklich eine aktuelle Version verwendest
Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

danke 01.07.2012 18:38
Code:
19:35:33.0408 2972        TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
19:35:33.0447 2972        ============================================================
19:35:33.0447 2972        Current date / time: 2012/07/01 19:35:33.0447
19:35:33.0447 2972        SystemInfo:
19:35:33.0447 2972       
19:35:33.0447 2972        OS Version: 6.1.7601 ServicePack: 1.0
19:35:33.0447 2972        Product type: Workstation
19:35:33.0447 2972        ComputerName: FAB
19:35:33.0447 2972        UserName: Fab
19:35:33.0447 2972        Windows directory: C:\Windows
19:35:33.0447 2972        System windows directory: C:\Windows
19:35:33.0447 2972        Running under WOW64
19:35:33.0447 2972        Processor architecture: Intel x64
19:35:33.0447 2972        Number of processors: 2
19:35:33.0447 2972        Page size: 0x1000
19:35:33.0447 2972        Boot type: Normal boot
19:35:33.0447 2972        ============================================================
19:35:34.0345 2972        Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:35:34.0353 2972        Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:34.0361 2972        Drive \Device\Harddisk2\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:34.0370 2972        ============================================================
19:35:34.0370 2972        \Device\Harddisk0\DR0:
19:35:34.0378 2972        MBR partitions:
19:35:34.0378 2972        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:35:34.0378 2972        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
19:35:34.0378 2972        \Device\Harddisk1\DR1:
19:35:34.0379 2972        MBR partitions:
19:35:34.0379 2972        \Device\Harddisk2\DR2:
19:35:34.0380 2972        MBR partitions:
19:35:34.0380 2972        ============================================================
19:35:34.0412 2972        C: <-> \Device\Harddisk0\DR0\Partition1
19:35:34.0420 2972        B: <-> \Device\Harddisk0\DR0\Partition0
19:35:34.0420 2972        ============================================================
19:35:34.0420 2972        Initialize success
19:35:34.0420 2972        ============================================================
19:35:49.0271 1588        ============================================================
19:35:49.0271 1588        Scan started
19:35:49.0271 1588        Mode: Manual; SigCheck; TDLFS;
19:35:49.0271 1588        ============================================================
19:35:49.0579 1588        !SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:35:49.0707 1588        !SASCORE - ok
19:35:50.0129 1588        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:35:50.0177 1588        1394ohci - ok
19:35:50.0229 1588        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:35:50.0250 1588        ACPI - ok
19:35:50.0270 1588        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:35:50.0326 1588        AcpiPmi - ok
19:35:50.0445 1588        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:50.0461 1588        AdobeARMservice - ok
19:35:50.0512 1588        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:50.0540 1588        adp94xx - ok
19:35:50.0580 1588        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:35:50.0602 1588        adpahci - ok
19:35:50.0619 1588        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:35:50.0634 1588        adpu320 - ok
19:35:50.0675 1588        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:35:50.0772 1588        AeLookupSvc - ok
19:35:50.0840 1588        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:35:50.0906 1588        AFD - ok
19:35:50.0966 1588        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:35:50.0978 1588        agp440 - ok
19:35:51.0001 1588        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:35:51.0060 1588        ALG - ok
19:35:51.0084 1588        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:35:51.0095 1588        aliide - ok
19:35:51.0149 1588        AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
19:35:51.0288 1588        AMD External Events Utility - ok
19:35:51.0383 1588        AMD FUEL Service - ok
19:35:51.0432 1588        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:35:51.0443 1588        amdide - ok
19:35:51.0472 1588        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:35:51.0924 1588        amdiox64 - ok
19:35:52.0192 1588        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:35:52.0210 1588        AmdK8 - ok
19:35:52.0584 1588        amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:52.0877 1588        amdkmdag - ok
19:35:53.0007 1588        amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:35:53.0039 1588        amdkmdap - ok
19:35:53.0055 1588        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:35:53.0070 1588        AmdPPM - ok
19:35:53.0129 1588        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:35:53.0156 1588        amdsata - ok
19:35:53.0185 1588        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:53.0210 1588        amdsbs - ok
19:35:53.0251 1588        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:35:53.0261 1588        amdxata - ok
19:35:53.0373 1588        AODDriver4.0    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:35:53.0388 1588        AODDriver4.0 - ok
19:35:53.0447 1588        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:35:53.0713 1588        AppID - ok
19:35:53.0731 1588        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:35:53.0767 1588        AppIDSvc - ok
19:35:53.0827 1588        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:35:53.0861 1588        Appinfo - ok
19:35:53.0976 1588        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:53.0993 1588        Apple Mobile Device - ok
19:35:54.0030 1588        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:35:54.0090 1588        AppMgmt - ok
19:35:54.0125 1588        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:35:54.0142 1588        arc - ok
19:35:54.0159 1588        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:35:54.0176 1588        arcsas - ok
19:35:54.0313 1588        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:35:54.0351 1588        aspnet_state - ok
19:35:54.0376 1588        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:54.0410 1588        AsyncMac - ok
19:35:54.0454 1588        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:35:54.0464 1588        atapi - ok
19:35:55.0075 1588        atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:55.0200 1588        atikmdag - ok
19:35:55.0336 1588        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:35:55.0385 1588        AudioEndpointBuilder - ok
19:35:55.0391 1588        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:35:55.0426 1588        AudioSrv - ok
19:35:55.0483 1588        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:35:55.0570 1588        AxInstSV - ok
19:35:55.0644 1588        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:55.0690 1588        b06bdrv - ok
19:35:55.0726 1588        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:55.0750 1588        b57nd60a - ok
19:35:55.0807 1588        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:35:55.0837 1588        BDESVC - ok
19:35:55.0880 1588        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:35:55.0926 1588        Beep - ok
19:35:56.0010 1588        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:35:56.0054 1588        BFE - ok
19:35:56.0123 1588        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:35:56.0218 1588        BITS - ok
19:35:56.0267 1588        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:56.0305 1588        blbdrive - ok
19:35:56.0415 1588        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:35:56.0438 1588        Bonjour Service - ok
19:35:56.0495 1588        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:35:56.0531 1588        bowser - ok
19:35:56.0551 1588        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:56.0568 1588        BrFiltLo - ok
19:35:56.0592 1588        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:56.0605 1588        BrFiltUp - ok
19:35:56.0655 1588        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:35:56.0723 1588        Browser - ok
19:35:56.0771 1588        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:35:56.0806 1588        Brserid - ok
19:35:56.0818 1588        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:56.0863 1588        BrSerWdm - ok
19:35:56.0886 1588        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:56.0901 1588        BrUsbMdm - ok
19:35:56.0914 1588        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:56.0946 1588        BrUsbSer - ok
19:35:57.0009 1588        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:35:57.0071 1588        BthEnum - ok
19:35:57.0088 1588        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:57.0118 1588        BTHMODEM - ok
19:35:57.0157 1588        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:35:57.0194 1588        BthPan - ok
19:35:57.0236 1588        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:35:57.0282 1588        BTHPORT - ok
19:35:57.0316 1588        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:35:57.0368 1588        bthserv - ok
19:35:57.0388 1588        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:35:57.0419 1588        BTHUSB - ok
19:35:57.0456 1588        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:57.0496 1588        cdfs - ok
19:35:57.0550 1588        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:57.0577 1588        cdrom - ok
19:35:57.0630 1588        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:35:57.0687 1588        CertPropSvc - ok
19:35:57.0726 1588        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:35:57.0750 1588        circlass - ok
19:35:57.0776 1588        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:35:57.0798 1588        CLFS - ok
19:35:57.0859 1588        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:57.0869 1588        clr_optimization_v2.0.50727_32 - ok
19:35:57.0912 1588        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:57.0932 1588        clr_optimization_v2.0.50727_64 - ok
19:35:58.0026 1588        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:58.0080 1588        clr_optimization_v4.0.30319_32 - ok
19:35:58.0148 1588        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:58.0178 1588        clr_optimization_v4.0.30319_64 - ok
19:35:58.0202 1588        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:58.0219 1588        CmBatt - ok
19:35:58.0256 1588        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:35:58.0268 1588        cmdide - ok
19:35:58.0322 1588        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:35:58.0356 1588        CNG - ok
19:35:58.0384 1588        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:35:58.0396 1588        Compbatt - ok
19:35:58.0441 1588        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:35:58.0460 1588        CompositeBus - ok
19:35:58.0474 1588        COMSysApp - ok
19:35:58.0497 1588        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:58.0508 1588        crcdisk - ok
19:35:58.0568 1588        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:35:58.0609 1588        CryptSvc - ok
19:35:58.0665 1588        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:35:58.0741 1588        CSC - ok
19:35:58.0775 1588        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:35:58.0806 1588        CscService - ok
19:35:58.0865 1588        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:35:58.0913 1588        DcomLaunch - ok
19:35:58.0939 1588        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:35:58.0981 1588        defragsvc - ok
19:35:59.0041 1588        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:35:59.0078 1588        DfsC - ok
19:35:59.0137 1588        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:35:59.0179 1588        Dhcp - ok
19:35:59.0200 1588        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:35:59.0239 1588        discache - ok
19:35:59.0272 1588        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:35:59.0283 1588        Disk - ok
19:35:59.0323 1588        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:35:59.0355 1588        Dnscache - ok
19:35:59.0404 1588        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:35:59.0448 1588        dot3svc - ok
19:35:59.0495 1588        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:35:59.0549 1588        DPS - ok
19:35:59.0583 1588        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:35:59.0618 1588        drmkaud - ok
19:35:59.0670 1588        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:35:59.0690 1588        dtsoftbus01 - ok
19:35:59.0760 1588        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:59.0796 1588        DXGKrnl - ok
19:35:59.0894 1588        E1G60          (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:35:59.0919 1588        E1G60 - ok
19:36:00.0056 1588        EagleX64 - ok
19:36:00.0078 1588        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:36:00.0117 1588        EapHost - ok
19:36:00.0271 1588        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:36:00.0371 1588        ebdrv - ok
19:36:00.0514 1588        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:36:00.0576 1588        EFS - ok
19:36:00.0666 1588        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:36:00.0730 1588        ehRecvr - ok
19:36:00.0762 1588        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:36:00.0781 1588        ehSched - ok
19:36:00.0869 1588        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:36:00.0895 1588        elxstor - ok
19:36:00.0934 1588        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:36:00.0947 1588        ErrDev - ok
19:36:01.0036 1588        etdrv          (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:36:01.0056 1588        etdrv - ok
19:36:01.0091 1588        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:36:01.0151 1588        EventSystem - ok
19:36:01.0195 1588        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:36:01.0232 1588        exfat - ok
19:36:01.0251 1588        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:36:01.0293 1588        fastfat - ok
19:36:01.0370 1588        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:36:01.0433 1588        Fax - ok
19:36:01.0444 1588        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:36:01.0459 1588        fdc - ok
19:36:01.0490 1588        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:36:01.0526 1588        fdPHost - ok
19:36:01.0538 1588        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:36:01.0572 1588        FDResPub - ok
19:36:01.0598 1588        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:36:01.0611 1588        FileInfo - ok
19:36:01.0625 1588        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:36:01.0657 1588        Filetrace - ok
19:36:01.0666 1588        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:01.0677 1588        flpydisk - ok
19:36:01.0731 1588        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:36:01.0755 1588        FltMgr - ok
19:36:01.0809 1588        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:36:01.0852 1588        FontCache - ok
19:36:01.0943 1588        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:01.0957 1588        FontCache3.0.0.0 - ok
19:36:02.0001 1588        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:36:02.0012 1588        FsDepends - ok
19:36:02.0037 1588        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:02.0047 1588        Fs_Rec - ok
19:36:02.0098 1588        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:02.0123 1588        fvevol - ok
19:36:02.0148 1588        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:02.0158 1588        gagp30kx - ok
19:36:02.0210 1588        gdrv            (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
19:36:02.0229 1588        gdrv - ok
19:36:02.0268 1588        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:36:02.0278 1588        GEARAspiWDM - ok
19:36:02.0342 1588        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:36:02.0395 1588        gpsvc - ok
19:36:02.0448 1588        GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:36:02.0469 1588        GVTDrv64 - ok
19:36:02.0490 1588        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:36:02.0520 1588        hcw85cir - ok
19:36:02.0579 1588        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:36:02.0603 1588        HdAudAddService - ok
19:36:02.0642 1588        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:36:02.0662 1588        HDAudBus - ok
19:36:02.0681 1588        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:02.0695 1588        HidBatt - ok
19:36:02.0747 1588        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:36:02.0769 1588        HidBth - ok
19:36:02.0785 1588        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:36:02.0800 1588        HidIr - ok
19:36:02.0823 1588        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:36:02.0857 1588        hidserv - ok
19:36:02.0909 1588        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:36:02.0921 1588        HidUsb - ok
19:36:02.0964 1588        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:36:03.0000 1588        hkmsvc - ok
19:36:03.0045 1588        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:36:03.0082 1588        HomeGroupListener - ok
19:36:03.0131 1588        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:36:03.0154 1588        HomeGroupProvider - ok
19:36:03.0203 1588        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:36:03.0213 1588        HpSAMD - ok
19:36:03.0294 1588        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:36:03.0344 1588        HTTP - ok
19:36:03.0381 1588        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:36:03.0392 1588        hwpolicy - ok
19:36:03.0436 1588        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:36:03.0452 1588        i8042prt - ok
19:36:03.0512 1588        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:36:03.0535 1588        iaStorV - ok
19:36:03.0622 1588        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:03.0631 1588        IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:36:03.0631 1588        IDriverT - detected UnsignedFile.Multi.Generic (1)
19:36:03.0741 1588        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:36:03.0780 1588        idsvc - ok
19:36:03.0862 1588        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:36:03.0872 1588        iirsp - ok
19:36:03.0936 1588        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:36:03.0990 1588        IKEEXT - ok
19:36:04.0066 1588        IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
19:36:04.0120 1588        IntcAzAudAddService - ok
19:36:04.0235 1588        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:36:04.0245 1588        intelide - ok
19:36:04.0273 1588        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:04.0301 1588        intelppm - ok
19:36:04.0331 1588        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:36:04.0384 1588        IPBusEnum - ok
19:36:04.0418 1588        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:04.0472 1588        IpFilterDriver - ok
19:36:04.0517 1588        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:36:04.0563 1588        iphlpsvc - ok
19:36:04.0603 1588        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:36:04.0635 1588        IPMIDRV - ok
19:36:04.0672 1588        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:36:04.0707 1588        IPNAT - ok
19:36:04.0783 1588        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:36:04.0815 1588        iPod Service - ok
19:36:04.0847 1588        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:36:04.0883 1588        IRENUM - ok
19:36:04.0915 1588        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:36:04.0925 1588        isapnp - ok
19:36:04.0972 1588        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:36:05.0001 1588        iScsiPrt - ok
19:36:05.0165 1588        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:05.0178 1588        kbdclass - ok
19:36:05.0189 1588        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:05.0225 1588        kbdhid - ok
19:36:05.0263 1588        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:05.0273 1588        KeyIso - ok
19:36:05.0290 1588        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:36:05.0308 1588        KSecDD - ok
19:36:05.0323 1588        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:05.0338 1588        KSecPkg - ok
19:36:05.0368 1588        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:36:05.0404 1588        ksthunk - ok
19:36:05.0439 1588        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:36:05.0500 1588        KtmRm - ok
19:36:05.0566 1588        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:36:05.0607 1588        LanmanServer - ok
19:36:05.0651 1588        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:36:05.0689 1588        LanmanWorkstation - ok
19:36:05.0752 1588        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:36:05.0762 1588        LGBusEnum - ok
19:36:05.0785 1588        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:36:05.0796 1588        LGVirHid - ok
19:36:05.0826 1588        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:05.0859 1588        lltdio - ok
19:36:05.0895 1588        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:36:05.0940 1588        lltdsvc - ok
19:36:05.0958 1588        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:36:05.0989 1588        lmhosts - ok
19:36:06.0021 1588        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:06.0036 1588        LSI_FC - ok
19:36:06.0054 1588        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:06.0069 1588        LSI_SAS - ok
19:36:06.0083 1588        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:06.0095 1588        LSI_SAS2 - ok
19:36:06.0111 1588        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:06.0127 1588        LSI_SCSI - ok
19:36:06.0150 1588        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:36:06.0188 1588        luafv - ok
19:36:06.0294 1588        McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
19:36:06.0317 1588        McComponentHostService - ok
19:36:06.0359 1588        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:36:06.0395 1588        Mcx2Svc - ok
19:36:06.0428 1588        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:36:06.0438 1588        megasas - ok
19:36:06.0467 1588        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:06.0488 1588        MegaSR - ok
19:36:06.0539 1588        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:06.0588 1588        MMCSS - ok
19:36:06.0610 1588        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:36:06.0660 1588        Modem - ok
19:36:06.0687 1588        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:36:06.0701 1588        monitor - ok
19:36:06.0757 1588        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:36:06.0768 1588        mouclass - ok
19:36:06.0786 1588        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:06.0800 1588        mouhid - ok
19:36:06.0842 1588        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:36:06.0858 1588        mountmgr - ok
19:36:06.0912 1588        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:36:06.0929 1588        MpFilter - ok
19:36:06.0973 1588        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:36:06.0987 1588        mpio - ok
19:36:07.0017 1588        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:36:07.0046 1588        mpsdrv - ok
19:36:07.0111 1588        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:36:07.0162 1588        MpsSvc - ok
19:36:07.0200 1588        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:36:07.0242 1588        MRxDAV - ok
19:36:07.0280 1588        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:07.0307 1588        mrxsmb - ok
19:36:07.0363 1588        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:07.0384 1588        mrxsmb10 - ok
19:36:07.0398 1588        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:07.0416 1588        mrxsmb20 - ok
19:36:07.0458 1588        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:36:07.0469 1588        msahci - ok
19:36:07.0510 1588        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:36:07.0527 1588        msdsm - ok
19:36:07.0549 1588        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:36:07.0590 1588        MSDTC - ok
19:36:07.0630 1588        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:36:07.0659 1588        Msfs - ok
19:36:07.0669 1588        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:07.0701 1588        mshidkmdf - ok
19:36:07.0734 1588        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:36:07.0744 1588        msisadrv - ok
19:36:07.0778 1588        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:36:07.0815 1588        MSiSCSI - ok
19:36:07.0819 1588        msiserver - ok
19:36:07.0855 1588        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:07.0887 1588        MSKSSRV - ok
19:36:07.0986 1588        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:36:07.0998 1588        MsMpSvc - ok
19:36:08.0026 1588        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:08.0078 1588        MSPCLOCK - ok
19:36:08.0104 1588        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:36:08.0135 1588        MSPQM - ok
19:36:08.0186 1588        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:36:08.0212 1588        MsRPC - ok
19:36:08.0254 1588        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:36:08.0263 1588        mssmbios - ok
19:36:08.0286 1588        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:36:08.0335 1588        MSTEE - ok
19:36:08.0361 1588        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:08.0375 1588        MTConfig - ok
19:36:08.0399 1588        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:36:08.0409 1588        Mup - ok
19:36:08.0476 1588        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:36:08.0522 1588        napagent - ok
19:36:08.0570 1588        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:08.0596 1588        NativeWifiP - ok
19:36:08.0660 1588        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:36:08.0699 1588        NDIS - ok
19:36:08.0728 1588        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:08.0760 1588        NdisCap - ok
19:36:08.0819 1588        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:08.0850 1588        NdisTapi - ok
19:36:08.0912 1588        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:08.0945 1588        Ndisuio - ok
19:36:08.0996 1588        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:09.0040 1588        NdisWan - ok
19:36:09.0082 1588        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:36:09.0113 1588        NDProxy - ok
19:36:09.0135 1588        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:36:09.0166 1588        NetBIOS - ok
19:36:09.0212 1588        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:36:09.0255 1588        NetBT - ok
19:36:09.0295 1588        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:09.0305 1588        Netlogon - ok
19:36:09.0346 1588        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:36:09.0389 1588        Netman - ok
19:36:09.0517 1588        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0531 1588        NetMsmqActivator - ok
19:36:09.0536 1588        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0545 1588        NetPipeActivator - ok
19:36:09.0582 1588        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:36:09.0630 1588        netprofm - ok
19:36:09.0635 1588        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0643 1588        NetTcpActivator - ok
19:36:09.0647 1588        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0656 1588        NetTcpPortSharing - ok
19:36:09.0701 1588        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:09.0711 1588        nfrd960 - ok
19:36:09.0744 1588        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:36:09.0759 1588        NisDrv - ok
19:36:09.0864 1588        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:36:09.0888 1588        NisSrv - ok
19:36:09.0987 1588        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:36:10.0034 1588        NlaSvc - ok
19:36:10.0064 1588        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:36:10.0093 1588        Npfs - ok
19:36:10.0112 1588        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:36:10.0145 1588        nsi - ok
19:36:10.0155 1588        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:36:10.0187 1588        nsiproxy - ok
19:36:10.0276 1588        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:36:10.0339 1588        Ntfs - ok
19:36:10.0446 1588        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:36:10.0478 1588        Null - ok
19:36:10.0549 1588        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:36:10.0564 1588        nvraid - ok
19:36:10.0593 1588        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:36:10.0607 1588        nvstor - ok
19:36:10.0669 1588        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:36:10.0684 1588        nv_agp - ok
19:36:10.0696 1588        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:36:10.0741 1588        ohci1394 - ok
19:36:10.0795 1588        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:10.0828 1588        p2pimsvc - ok
19:36:10.0852 1588        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:36:10.0881 1588        p2psvc - ok
19:36:10.0902 1588        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:36:10.0918 1588        Parport - ok
19:36:10.0956 1588        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:36:10.0967 1588        partmgr - ok
19:36:10.0997 1588        pavboot        (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
19:36:11.0010 1588        pavboot - ok
19:36:11.0036 1588        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:36:11.0085 1588        PcaSvc - ok
19:36:11.0123 1588        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:36:11.0137 1588        pci - ok
19:36:11.0150 1588        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:36:11.0160 1588        pciide - ok
19:36:11.0185 1588        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:11.0208 1588        pcmcia - ok
19:36:11.0224 1588        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:36:11.0236 1588        pcw - ok
19:36:11.0266 1588        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:36:11.0316 1588        PEAUTH - ok
19:36:11.0382 1588        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:36:11.0463 1588        PeerDistSvc - ok
19:36:11.0530 1588        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:36:11.0545 1588        PerfHost - ok
19:36:11.0669 1588        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:36:11.0733 1588        pla - ok
19:36:11.0800 1588        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:36:11.0830 1588        PlugPlay - ok
19:36:11.0872 1588        PnkBstrA - ok
19:36:11.0894 1588        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:36:11.0905 1588        PNRPAutoReg - ok
19:36:11.0925 1588        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:11.0938 1588        PNRPsvc - ok
19:36:11.0988 1588        Point64        (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
19:36:11.0997 1588        Point64 - ok
19:36:12.0048 1588        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:36:12.0097 1588        PolicyAgent - ok
19:36:12.0128 1588        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:36:12.0174 1588        Power - ok
19:36:12.0228 1588        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:12.0287 1588        PptpMiniport - ok
19:36:12.0315 1588        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:36:12.0350 1588        Processor - ok
19:36:12.0409 1588        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:36:12.0484 1588        ProfSvc - ok
19:36:12.0527 1588        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:12.0537 1588        ProtectedStorage - ok
19:36:12.0590 1588        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:36:12.0627 1588        Psched - ok
19:36:12.0704 1588        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:36:12.0757 1588        ql2300 - ok
19:36:12.0847 1588        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:12.0863 1588        ql40xx - ok
19:36:12.0893 1588        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:36:12.0940 1588        QWAVE - ok
19:36:12.0963 1588        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:36:13.0026 1588        QWAVEdrv - ok
19:36:13.0048 1588        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:13.0077 1588        RasAcd - ok
19:36:13.0107 1588        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:13.0137 1588        RasAgileVpn - ok
19:36:13.0157 1588        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:36:13.0212 1588        RasAuto - ok
19:36:13.0255 1588        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:13.0309 1588        Rasl2tp - ok
19:36:13.0340 1588        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:36:13.0384 1588        RasMan - ok
19:36:13.0414 1588        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:13.0452 1588        RasPppoe - ok
19:36:13.0468 1588        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:13.0504 1588        RasSstp - ok
19:36:13.0555 1588        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:13.0599 1588        rdbss - ok
19:36:13.0612 1588        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:13.0629 1588        rdpbus - ok
19:36:13.0639 1588        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:13.0692 1588        RDPCDD - ok
19:36:13.0732 1588        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:36:13.0766 1588        RDPDR - ok
19:36:13.0797 1588        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:36:13.0831 1588        RDPENCDD - ok
19:36:13.0839 1588        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:36:13.0869 1588        RDPREFMP - ok
19:36:13.0921 1588        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:36:13.0947 1588        RdpVideoMiniport - ok
19:36:13.0971 1588        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:36:13.0996 1588        RDPWD - ok
19:36:14.0051 1588        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:36:14.0066 1588        rdyboost - ok
19:36:14.0097 1588        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:36:14.0135 1588        RemoteAccess - ok
19:36:14.0159 1588        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:36:14.0194 1588        RemoteRegistry - ok
19:36:14.0226 1588        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:36:14.0255 1588        RFCOMM - ok
19:36:14.0281 1588        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:36:14.0319 1588        RpcEptMapper - ok
19:36:14.0341 1588        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:36:14.0356 1588        RpcLocator - ok
19:36:14.0408 1588        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:36:14.0444 1588        RpcSs - ok
19:36:14.0467 1588        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:14.0498 1588        rspndr - ok
19:36:14.0537 1588        RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
19:36:14.0558 1588        RTHDMIAzAudService - ok
19:36:14.0602 1588        RTL8167        (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:36:14.0658 1588        RTL8167 - ok
19:36:14.0700 1588        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:36:14.0727 1588        s3cap - ok
19:36:14.0767 1588        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:14.0778 1588        SamSs - ok
19:36:14.0983 1588        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:36:15.0034 1588        SASDIFSV - ok
19:36:15.0091 1588        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:36:15.0099 1588        SASKUTIL - ok
19:36:15.0150 1588        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:36:15.0165 1588        sbp2port - ok
19:36:15.0195 1588        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:36:15.0241 1588        SCardSvr - ok
19:36:15.0276 1588        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:15.0309 1588        scfilter - ok
19:36:15.0382 1588        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:36:15.0442 1588        Schedule - ok
19:36:15.0490 1588        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:36:15.0518 1588        SCPolicySvc - ok
19:36:15.0561 1588        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:36:15.0584 1588        SDRSVC - ok
19:36:15.0638 1588        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:36:15.0669 1588        secdrv - ok
19:36:15.0708 1588        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:36:15.0740 1588        seclogon - ok
19:36:15.0762 1588        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:36:15.0800 1588        SENS - ok
19:36:15.0809 1588        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:36:15.0830 1588        SensrSvc - ok
19:36:15.0850 1588        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:36:15.0862 1588        Serenum - ok
19:36:15.0886 1588        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:36:15.0905 1588        Serial - ok
19:36:15.0967 1588        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:36:15.0980 1588        sermouse - ok
19:36:16.0030 1588        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:36:16.0065 1588        SessionEnv - ok
19:36:16.0107 1588        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:36:16.0123 1588        sffdisk - ok
19:36:16.0134 1588        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:36:16.0165 1588        sffp_mmc - ok
19:36:16.0190 1588        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:36:16.0225 1588        sffp_sd - ok
19:36:16.0255 1588        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:16.0266 1588        sfloppy - ok
19:36:16.0298 1588        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:36:16.0342 1588        SharedAccess - ok
19:36:16.0392 1588        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:36:16.0457 1588        ShellHWDetection - ok
19:36:16.0491 1588        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:16.0502 1588        SiSRaid2 - ok
19:36:16.0514 1588        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:16.0525 1588        SiSRaid4 - ok
19:36:16.0633 1588        sj              (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
19:36:16.0642 1588        sj - ok
19:36:16.0669 1588        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:36:16.0709 1588        Smb - ok
19:36:16.0760 1588        SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
19:36:16.0787 1588        SNMP - ok
19:36:16.0811 1588        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:36:16.0827 1588        SNMPTRAP - ok
19:36:16.0835 1588        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:36:16.0845 1588        spldr - ok
19:36:16.0905 1588        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:36:16.0949 1588        Spooler - ok
19:36:17.0088 1588        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:36:17.0212 1588        sppsvc - ok
19:36:17.0294 1588        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:36:17.0331 1588        sppuinotify - ok
19:36:17.0404 1588        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:36:17.0459 1588        srv - ok
19:36:17.0521 1588        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:36:17.0572 1588        srv2 - ok
19:36:17.0609 1588        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:17.0641 1588        srvnet - ok
19:36:17.0686 1588        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:36:17.0732 1588        SSDPSRV - ok
19:36:17.0741 1588        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:36:17.0773 1588        SstpSvc - ok
19:36:17.0854 1588        Steam Client Service - ok
19:36:17.0885 1588        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:36:17.0895 1588        stexstor - ok
19:36:17.0957 1588        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:36:17.0991 1588        stisvc - ok
19:36:18.0028 1588        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:36:18.0039 1588        storflt - ok
19:36:18.0059 1588        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:36:18.0070 1588        storvsc - ok
19:36:18.0110 1588        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:36:18.0122 1588        swenum - ok
19:36:18.0159 1588        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:36:18.0210 1588        swprv - ok
19:36:18.0220 1588        Synth3dVsc - ok
19:36:18.0314 1588        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:36:18.0377 1588        SysMain - ok
19:36:18.0478 1588        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:36:18.0501 1588        TabletInputService - ok
19:36:18.0520 1588        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:36:18.0562 1588        TapiSrv - ok
19:36:18.0587 1588        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:36:18.0623 1588        TBS - ok
19:36:18.0734 1588        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:36:18.0805 1588        Tcpip - ok
19:36:18.0985 1588        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:19.0016 1588        TCPIP6 - ok
19:36:19.0092 1588        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:36:19.0123 1588        tcpipreg - ok
19:36:19.0150 1588        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:36:19.0165 1588        TDPIPE - ok
19:36:19.0208 1588        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:36:19.0220 1588        TDTCP - ok
19:36:19.0278 1588        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:36:19.0312 1588        tdx - ok
19:36:19.0473 1588        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:36:19.0554 1588        TeamViewer7 - ok
19:36:19.0675 1588        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:36:19.0684 1588        teamviewervpn - ok
19:36:19.0729 1588        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:36:19.0741 1588        TermDD - ok
19:36:19.0797 1588        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:36:19.0860 1588        TermService - ok
19:36:19.0892 1588        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:36:19.0913 1588        Themes - ok
19:36:20.0051 1588        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:20.0084 1588        THREADORDER - ok
19:36:20.0112 1588        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:36:20.0150 1588        TrkWks - ok
19:36:20.0226 1588        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:36:20.0290 1588        TrustedInstaller - ok
19:36:20.0326 1588        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:20.0357 1588        tssecsrv - ok
19:36:20.0414 1588        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:36:20.0478 1588        TsUsbFlt - ok
19:36:20.0481 1588        tsusbhub - ok
19:36:20.0536 1588        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:20.0594 1588        tunnel - ok
19:36:20.0625 1588        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:36:20.0635 1588        uagp35 - ok
19:36:20.0689 1588        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:36:20.0764 1588        udfs - ok
19:36:20.0810 1588        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:36:20.0828 1588        UI0Detect - ok
19:36:20.0885 1588        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:36:20.0896 1588        uliagpkx - ok
19:36:20.0929 1588        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:36:20.0943 1588        umbus - ok
19:36:20.0975 1588        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:36:20.0987 1588        UmPass - ok
19:36:21.0032 1588        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:36:21.0080 1588        UmRdpService - ok
19:36:21.0123 1588        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:36:21.0201 1588        upnphost - ok
19:36:21.0269 1588        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:36:21.0282 1588        USBAAPL64 - ok
19:36:21.0328 1588        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:21.0348 1588        usbccgp - ok
19:36:21.0400 1588        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:36:21.0418 1588        usbcir - ok
19:36:21.0442 1588        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:36:21.0471 1588        usbehci - ok
19:36:21.0518 1588        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:36:21.0541 1588        usbhub - ok
19:36:21.0554 1588        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:36:21.0567 1588        usbohci - ok
19:36:21.0593 1588        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:36:21.0626 1588        usbprint - ok
19:36:21.0663 1588        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
19:36:21.0685 1588        USBSTOR - ok
19:36:21.0695 1588        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:21.0709 1588        usbuhci - ok
19:36:21.0826 1588        usj            (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
19:36:21.0838 1588        usj - ok
19:36:21.0863 1588        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:36:21.0897 1588        UxSms - ok
19:36:21.0940 1588        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:21.0950 1588        VaultSvc - ok
19:36:22.0001 1588        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:36:22.0011 1588        vdrvroot - ok
19:36:22.0073 1588        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:36:22.0139 1588        vds - ok
19:36:22.0179 1588        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:22.0192 1588        vga - ok
19:36:22.0209 1588        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:36:22.0240 1588        VgaSave - ok
19:36:22.0243 1588        VGPU - ok
19:36:22.0290 1588        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:36:22.0313 1588        vhdmp - ok
19:36:22.0350 1588        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:36:22.0360 1588        viaide - ok
19:36:22.0378 1588        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:36:22.0401 1588        vmbus - ok
19:36:22.0420 1588        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:36:22.0452 1588        VMBusHID - ok
19:36:22.0482 1588        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:36:22.0493 1588        volmgr - ok
19:36:22.0547 1588        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:36:22.0568 1588        volmgrx - ok
19:36:22.0617 1588        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:36:22.0640 1588        volsnap - ok
19:36:22.0673 1588        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:22.0688 1588        vsmraid - ok
19:36:22.0773 1588        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:36:22.0854 1588        VSS - ok
19:36:22.0941 1588        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:36:22.0971 1588        vwifibus - ok
19:36:23.0017 1588        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:36:23.0056 1588        W32Time - ok
19:36:23.0074 1588        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:36:23.0085 1588        WacomPen - ok
19:36:23.0131 1588        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:23.0166 1588        WANARP - ok
19:36:23.0176 1588        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:23.0203 1588        Wanarpv6 - ok
19:36:23.0292 1588        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:36:23.0349 1588        wbengine - ok
19:36:23.0442 1588        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:36:23.0469 1588        WbioSrvc - ok
19:36:23.0522 1588        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:36:23.0558 1588        wcncsvc - ok
19:36:23.0573 1588        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:36:23.0597 1588        WcsPlugInService - ok
19:36:23.0620 1588        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:36:23.0630 1588        Wd - ok
19:36:23.0665 1588        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:36:23.0694 1588        Wdf01000 - ok
19:36:23.0705 1588        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:23.0806 1588        WdiServiceHost - ok
19:36:23.0809 1588        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:23.0826 1588        WdiSystemHost - ok
19:36:23.0872 1588        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:36:23.0916 1588        WebClient - ok
19:36:23.0958 1588        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:36:24.0018 1588        Wecsvc - ok
19:36:24.0045 1588        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:36:24.0080 1588        wercplsupport - ok
19:36:24.0108 1588        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:36:24.0161 1588        WerSvc - ok
19:36:24.0218 1588        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:24.0247 1588        WfpLwf - ok
19:36:24.0263 1588        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:36:24.0273 1588        WIMMount - ok
19:36:24.0300 1588        WinDefend - ok
19:36:24.0313 1588        WinHttpAutoProxySvc - ok
19:36:24.0353 1588        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:36:24.0398 1588        Winmgmt - ok
19:36:24.0495 1588        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:36:24.0577 1588        WinRM - ok
19:36:24.0694 1588        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:24.0860 1588        WinUsb - ok
19:36:25.0072 1588        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:36:25.0117 1588        Wlansvc - ok
19:36:25.0277 1588        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:25.0350 1588        wlidsvc - ok
19:36:25.0471 1588        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:36:25.0484 1588        WmiAcpi - ok
19:36:25.0532 1588        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:25.0558 1588        wmiApSrv - ok
19:36:25.0603 1588        WMPNetworkSvc - ok
19:36:25.0629 1588        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:36:25.0645 1588        WPCSvc - ok
19:36:25.0693 1588        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:36:25.0710 1588        WPDBusEnum - ok
19:36:25.0734 1588        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:25.0766 1588        ws2ifsl - ok
19:36:25.0770 1588        WSearch - ok
19:36:25.0861 1588        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:36:25.0976 1588        wuauserv - ok
19:36:26.0100 1588        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:36:26.0136 1588        WudfPf - ok
19:36:26.0171 1588        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:26.0214 1588        WUDFRd - ok
19:36:26.0254 1588        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:36:26.0284 1588        wudfsvc - ok
19:36:26.0305 1588        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:36:26.0337 1588        WwanSvc - ok
19:36:26.0391 1588        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:36:26.0527 1588        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:36:26.0527 1588        \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:36:26.0532 1588        MBR (0x1B8)    (245e3dcf979ac3adbf815ab0a12c59cb) \Device\Harddisk1\DR1
19:37:29.0731 1588        \Device\Harddisk1\DR1 - ok
19:37:29.0740 1588        MBR (0x1B8)    (42b02a2a0140f4274d69783b59fead9f) \Device\Harddisk2\DR2
19:37:36.0587 1588        \Device\Harddisk2\DR2 - ok
19:37:36.0623 1588        Boot (0x1200)  (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0
19:37:36.0624 1588        \Device\Harddisk0\DR0\Partition0 - ok
19:37:36.0632 1588        Boot (0x1200)  (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1
19:37:36.0633 1588        \Device\Harddisk0\DR0\Partition1 - ok
19:37:36.0633 1588        ============================================================
19:37:36.0633 1588        Scan finished
19:37:36.0633 1588        ============================================================
19:37:36.0648 4264        Detected object count: 2
19:37:36.0648 4264        Actual detected object count: 2
19:37:40.0996 4264        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:40.0996 4264        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:40.0998 4264        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:37:40.0998 4264        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus 02.07.2012 10:34
Code:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Diesen Eintrag => TDSS File System <= bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

danke 02.07.2012 17:22
hi,

Ich bekomme imemrnoch redirects von google aus und beim start von windows muss ich rundll 32 im task manager schliessen um microsoft SE zum laufen zu bringen hier das Log


Code:
18:15:35.0646 4948        TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
18:15:35.0708 4948        ============================================================
18:15:35.0708 4948        Current date / time: 2012/07/02 18:15:35.0708
18:15:35.0708 4948        SystemInfo:
18:15:35.0708 4948       
18:15:35.0708 4948        OS Version: 6.1.7601 ServicePack: 1.0
18:15:35.0708 4948        Product type: Workstation
18:15:35.0708 4948        ComputerName: FAB
18:15:35.0708 4948        UserName: Fab
18:15:35.0708 4948        Windows directory: C:\Windows
18:15:35.0708 4948        System windows directory: C:\Windows
18:15:35.0708 4948        Running under WOW64
18:15:35.0708 4948        Processor architecture: Intel x64
18:15:35.0708 4948        Number of processors: 2
18:15:35.0708 4948        Page size: 0x1000
18:15:35.0708 4948        Boot type: Normal boot
18:15:35.0708 4948        ============================================================
18:15:40.0404 4948        Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:15:40.0562 4948        Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:15:40.0562 4948        ============================================================
18:15:40.0562 4948        \Device\Harddisk0\DR0:
18:15:40.0594 4948        MBR partitions:
18:15:40.0594 4948        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:15:40.0594 4948        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
18:15:40.0594 4948        \Device\Harddisk1\DR1:
18:15:40.0594 4948        MBR partitions:
18:15:40.0594 4948        ============================================================
18:15:40.0968 4948        C: <-> \Device\Harddisk0\DR0\Partition1
18:15:40.0999 4948        B: <-> \Device\Harddisk0\DR0\Partition0
18:15:40.0999 4948        ============================================================
18:15:40.0999 4948        Initialize success
18:15:40.0999 4948        ============================================================
18:15:51.0992 4520        ============================================================
18:15:51.0992 4520        Scan started
18:15:51.0992 4520        Mode: Manual; SigCheck; TDLFS;
18:15:51.0992 4520        ============================================================
18:15:53.0939 4520        !SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:15:53.0969 4520        !SASCORE - ok
18:15:55.0064 4520        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:15:55.0111 4520        1394ohci - ok
18:15:55.0272 4520        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:15:55.0285 4520        ACPI - ok
18:15:55.0881 4520        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:15:56.0788 4520        AcpiPmi - ok
18:15:57.0031 4520        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:57.0044 4520        AdobeARMservice - ok
18:15:57.0456 4520        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:15:57.0491 4520        adp94xx - ok
18:15:57.0859 4520        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:15:57.0904 4520        adpahci - ok
18:15:57.0939 4520        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:15:57.0951 4520        adpu320 - ok
18:15:58.0044 4520        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:15:58.0336 4520        AeLookupSvc - ok
18:15:58.0524 4520        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:15:58.0777 4520        AFD - ok
18:15:58.0868 4520        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:15:58.0896 4520        agp440 - ok
18:15:58.0928 4520        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:15:59.0001 4520        ALG - ok
18:15:59.0023 4520        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:15:59.0033 4520        aliide - ok
18:15:59.0093 4520        AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:15:59.0201 4520        AMD External Events Utility - ok
18:15:59.0303 4520        AMD FUEL Service - ok
18:15:59.0409 4520        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:15:59.0417 4520        amdide - ok
18:15:59.0482 4520        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:15:59.0494 4520        amdiox64 - ok
18:15:59.0778 4520        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:15:59.0858 4520        AmdK8 - ok
18:16:02.0181 4520        amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:02.0495 4520        amdkmdag - ok
18:16:02.0735 4520        amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:16:02.0795 4520        amdkmdap - ok
18:16:02.0860 4520        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:16:02.0907 4520        AmdPPM - ok
18:16:03.0147 4520        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:16:03.0180 4520        amdsata - ok
18:16:03.0293 4520        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:16:03.0311 4520        amdsbs - ok
18:16:03.0403 4520        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:16:03.0411 4520        amdxata - ok
18:16:03.0742 4520        AODDriver4.0    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:16:03.0807 4520        AODDriver4.0 - ok
18:16:03.0997 4520        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:16:05.0020 4520        AppID - ok
18:16:05.0048 4520        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:16:05.0108 4520        AppIDSvc - ok
18:16:05.0190 4520        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:16:05.0222 4520        Appinfo - ok
18:16:05.0407 4520        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:16:05.0417 4520        Apple Mobile Device - ok
18:16:07.0170 4520        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:16:07.0250 4520        AppMgmt - ok
18:16:07.0307 4520        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:16:07.0322 4520        arc - ok
18:16:07.0392 4520        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:16:07.0402 4520        arcsas - ok
18:16:07.0797 4520        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:16:08.0002 4520        aspnet_state - ok
18:16:08.0067 4520        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:16:08.0185 4520        AsyncMac - ok
18:16:08.0287 4520        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:16:08.0297 4520        atapi - ok
18:16:09.0537 4520        atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:09.0655 4520        atikmdag - ok
18:16:10.0127 4520        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:16:10.0192 4520        AudioEndpointBuilder - ok
18:16:10.0197 4520        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:16:10.0230 4520        AudioSrv - ok
18:16:10.0282 4520        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:16:10.0577 4520        AxInstSV - ok
18:16:10.0695 4520        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:16:10.0790 4520        b06bdrv - ok
18:16:10.0827 4520        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:16:10.0870 4520        b57nd60a - ok
18:16:10.0915 4520        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:16:10.0970 4520        BDESVC - ok
18:16:10.0980 4520        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:16:11.0032 4520        Beep - ok
18:16:11.0120 4520        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:16:11.0167 4520        BFE - ok
18:16:11.0237 4520        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:16:11.0312 4520        BITS - ok
18:16:11.0375 4520        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:16:11.0402 4520        blbdrive - ok
18:16:11.0517 4520        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:16:11.0537 4520        Bonjour Service - ok
18:16:11.0602 4520        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:16:11.0655 4520        bowser - ok
18:16:11.0710 4520        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:16:11.0740 4520        BrFiltLo - ok
18:16:11.0757 4520        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:16:11.0770 4520        BrFiltUp - ok
18:16:11.0813 4520        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:16:11.0870 4520        Browser - ok
18:16:11.0903 4520        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:16:11.0968 4520        Brserid - ok
18:16:11.0985 4520        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:16:12.0020 4520        BrSerWdm - ok
18:16:12.0045 4520        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:16:12.0075 4520        BrUsbMdm - ok
18:16:12.0078 4520        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:16:12.0095 4520        BrUsbSer - ok
18:16:12.0158 4520        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:16:12.0203 4520        BthEnum - ok
18:16:12.0220 4520        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:16:12.0250 4520        BTHMODEM - ok
18:16:12.0283 4520        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:16:12.0305 4520        BthPan - ok
18:16:12.0364 4520        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:16:12.0406 4520        BTHPORT - ok
18:16:12.0431 4520        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:16:12.0484 4520        bthserv - ok
18:16:12.0504 4520        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:16:12.0526 4520        BTHUSB - ok
18:16:12.0564 4520        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:16:12.0626 4520        cdfs - ok
18:16:12.0699 4520        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:16:12.0739 4520        cdrom - ok
18:16:12.0806 4520        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:16:12.0861 4520        CertPropSvc - ok
18:16:12.0901 4520        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:16:12.0936 4520        circlass - ok
18:16:12.0976 4520        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:16:12.0996 4520        CLFS - ok
18:16:13.0051 4520        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:13.0061 4520        clr_optimization_v2.0.50727_32 - ok
18:16:13.0104 4520        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:16:13.0114 4520        clr_optimization_v2.0.50727_64 - ok
18:16:13.0224 4520        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:16:13.0287 4520        clr_optimization_v4.0.30319_32 - ok
18:16:13.0347 4520        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:16:13.0362 4520        clr_optimization_v4.0.30319_64 - ok
18:16:13.0384 4520        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:16:13.0412 4520        CmBatt - ok
18:16:13.0439 4520        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:16:13.0447 4520        cmdide - ok
18:16:13.0502 4520        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:16:13.0529 4520        CNG - ok
18:16:13.0567 4520        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:16:13.0574 4520        Compbatt - ok
18:16:13.0634 4520        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:16:13.0664 4520        CompositeBus - ok
18:16:13.0707 4520        COMSysApp - ok
18:16:13.0722 4520        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:16:13.0732 4520        crcdisk - ok
18:16:13.0787 4520        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:16:13.0834 4520        CryptSvc - ok
18:16:13.0882 4520        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:16:13.0962 4520        CSC - ok
18:16:13.0999 4520        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:16:14.0049 4520        CscService - ok
18:16:14.0122 4520        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:16:14.0194 4520        DcomLaunch - ok
18:16:14.0239 4520        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:16:14.0302 4520        defragsvc - ok
18:16:14.0382 4520        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:16:14.0434 4520        DfsC - ok
18:16:14.0504 4520        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:16:14.0567 4520        Dhcp - ok
18:16:14.0649 4520        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:16:14.0702 4520        discache - ok
18:16:14.0747 4520        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:16:14.0757 4520        Disk - ok
18:16:14.0839 4520        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:16:14.0914 4520        Dnscache - ok
18:16:14.0974 4520        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:16:15.0042 4520        dot3svc - ok
18:16:15.0097 4520        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:16:15.0157 4520        DPS - ok
18:16:15.0192 4520        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:16:15.0204 4520        drmkaud - ok
18:16:15.0247 4520        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:16:15.0257 4520        dtsoftbus01 - ok
18:16:15.0604 4520        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:16:15.0624 4520        DXGKrnl - ok
18:16:15.0674 4520        E1G60          (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:16:15.0722 4520        E1G60 - ok
18:16:15.0814 4520        EagleX64 - ok
18:16:15.0927 4520        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:16:15.0979 4520        EapHost - ok
18:16:16.0149 4520        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:16:16.0272 4520        ebdrv - ok
18:16:16.0389 4520        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:16:16.0437 4520        EFS - ok
18:16:16.0522 4520        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:16:16.0604 4520        ehRecvr - ok
18:16:16.0679 4520        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:16:16.0729 4520        ehSched - ok
18:16:16.0817 4520        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:16:16.0847 4520        elxstor - ok
18:16:16.0909 4520        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:16:16.0937 4520        ErrDev - ok
18:16:17.0027 4520        etdrv          (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
18:16:17.0034 4520        etdrv - ok
18:16:17.0067 4520        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:16:17.0124 4520        EventSystem - ok
18:16:17.0159 4520        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:16:17.0214 4520        exfat - ok
18:16:17.0239 4520        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:16:17.0289 4520        fastfat - ok
18:16:17.0449 4520        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:16:17.0522 4520        Fax - ok
18:16:17.0560 4520        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:16:17.0570 4520        fdc - ok
18:16:17.0605 4520        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:16:17.0660 4520        fdPHost - ok
18:16:17.0687 4520        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:16:17.0737 4520        FDResPub - ok
18:16:17.0855 4520        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:16:17.0865 4520        FileInfo - ok
18:16:17.0890 4520        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:16:17.0942 4520        Filetrace - ok
18:16:17.0982 4520        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:16:17.0992 4520        flpydisk - ok
18:16:18.0042 4520        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:16:18.0062 4520        FltMgr - ok
18:16:18.0125 4520        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:16:18.0205 4520        FontCache - ok
18:16:18.0292 4520        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:16:18.0300 4520        FontCache3.0.0.0 - ok
18:16:18.0350 4520        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:16:18.0362 4520        FsDepends - ok
18:16:18.0392 4520        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:16:18.0400 4520        Fs_Rec - ok
18:16:18.0455 4520        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:16:18.0472 4520        fvevol - ok
18:16:18.0497 4520        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:16:18.0507 4520        gagp30kx - ok
18:16:18.0557 4520        gdrv            (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
18:16:18.0562 4520        gdrv - ok
18:16:18.0642 4520        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:16:18.0647 4520        GEARAspiWDM - ok
18:16:18.0750 4520        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:16:18.0822 4520        gpsvc - ok
18:16:18.0887 4520        GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
18:16:18.0897 4520        GVTDrv64 - ok
18:16:18.0922 4520        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:16:18.0970 4520        hcw85cir - ok
18:16:19.0027 4520        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:16:19.0050 4520        HdAudAddService - ok
18:16:19.0082 4520        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:16:19.0122 4520        HDAudBus - ok
18:16:19.0155 4520        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:16:19.0187 4520        HidBatt - ok
18:16:19.0245 4520        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:16:19.0282 4520        HidBth - ok
18:16:19.0310 4520        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:16:19.0342 4520        HidIr - ok
18:16:19.0382 4520        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:16:19.0445 4520        hidserv - ok
18:16:19.0520 4520        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:16:19.0527 4520        HidUsb - ok
18:16:19.0585 4520        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:16:19.0642 4520        hkmsvc - ok
18:16:19.0695 4520        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:16:19.0755 4520        HomeGroupListener - ok
18:16:19.0805 4520        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:16:19.0827 4520        HomeGroupProvider - ok
18:16:19.0877 4520        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:16:19.0890 4520        HpSAMD - ok
18:16:19.0962 4520        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:16:20.0027 4520        HTTP - ok
18:16:20.0070 4520        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:16:20.0080 4520        hwpolicy - ok
18:16:20.0140 4520        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:16:20.0165 4520        i8042prt - ok
18:16:20.0230 4520        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:16:20.0250 4520        iaStorV - ok
18:16:20.0328 4520        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:16:20.0358 4520        IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:16:20.0358 4520        IDriverT - detected UnsignedFile.Multi.Generic (1)
18:16:20.0583 4520        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:16:20.0618 4520        idsvc - ok
18:16:20.0728 4520        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:16:20.0738 4520        iirsp - ok
18:16:20.0801 4520        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:16:20.0871 4520        IKEEXT - ok
18:16:20.0953 4520        IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
18:16:20.0976 4520        IntcAzAudAddService - ok
18:16:21.0101 4520        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:16:21.0108 4520        intelide - ok
18:16:21.0146 4520        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:16:21.0176 4520        intelppm - ok
18:16:21.0206 4520        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:16:21.0256 4520        IPBusEnum - ok
18:16:21.0298 4520        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:16:21.0333 4520        IpFilterDriver - ok
18:16:21.0393 4520        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:16:21.0436 4520        iphlpsvc - ok
18:16:21.0478 4520        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:16:21.0508 4520        IPMIDRV - ok
18:16:21.0546 4520        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:16:21.0583 4520        IPNAT - ok
18:16:21.0700 4520        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:16:21.0732 4520        iPod Service - ok
18:16:21.0765 4520        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:16:21.0797 4520        IRENUM - ok
18:16:21.0855 4520        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:16:21.0865 4520        isapnp - ok
18:16:21.0923 4520        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:16:21.0943 4520        iScsiPrt - ok
18:16:21.0998 4520        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:16:22.0005 4520        kbdclass - ok
18:16:22.0030 4520        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:16:22.0038 4520        kbdhid - ok
18:16:22.0078 4520        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:22.0088 4520        KeyIso - ok
18:16:22.0098 4520        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:16:22.0113 4520        KSecDD - ok
18:16:22.0123 4520        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:16:22.0135 4520        KSecPkg - ok
18:16:22.0150 4520        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:16:22.0198 4520        ksthunk - ok
18:16:22.0233 4520        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:16:22.0306 4520        KtmRm - ok
18:16:22.0389 4520        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:16:22.0449 4520        LanmanServer - ok
18:16:22.0516 4520        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:16:22.0566 4520        LanmanWorkstation - ok
18:16:22.0634 4520        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
18:16:22.0641 4520        LGBusEnum - ok
18:16:22.0691 4520        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
18:16:22.0699 4520        LGVirHid - ok
18:16:22.0731 4520        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:16:22.0786 4520        lltdio - ok
18:16:22.0831 4520        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:16:22.0886 4520        lltdsvc - ok
18:16:22.0916 4520        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:16:22.0944 4520        lmhosts - ok
18:16:22.0979 4520        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:16:22.0994 4520        LSI_FC - ok
18:16:23.0011 4520        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:16:23.0026 4520        LSI_SAS - ok
18:16:23.0041 4520        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:16:23.0049 4520        LSI_SAS2 - ok
18:16:23.0084 4520        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:16:23.0101 4520        LSI_SCSI - ok
18:16:23.0124 4520        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:16:23.0184 4520        luafv - ok
18:16:23.0351 4520        McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
18:16:23.0371 4520        McComponentHostService - ok
18:16:23.0409 4520        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:16:23.0444 4520        Mcx2Svc - ok
18:16:23.0476 4520        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:16:23.0486 4520        megasas - ok
18:16:23.0506 4520        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:16:23.0529 4520        MegaSR - ok
18:16:23.0554 4520        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:16:23.0604 4520        MMCSS - ok
18:16:23.0634 4520        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:16:23.0684 4520        Modem - ok
18:16:23.0711 4520        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:16:23.0746 4520        monitor - ok
18:16:23.0806 4520        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:16:23.0816 4520        mouclass - ok
18:16:23.0821 4520        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:16:23.0856 4520        mouhid - ok
18:16:23.0891 4520        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:16:23.0906 4520        mountmgr - ok
18:16:23.0961 4520        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:16:23.0976 4520        MpFilter - ok
18:16:24.0021 4520        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:16:24.0036 4520        mpio - ok
18:16:24.0066 4520        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:16:24.0094 4520        mpsdrv - ok
18:16:24.0159 4520        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:16:24.0216 4520        MpsSvc - ok
18:16:24.0256 4520        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:16:24.0299 4520        MRxDAV - ok
18:16:24.0336 4520        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:16:24.0389 4520        mrxsmb - ok
18:16:24.0441 4520        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:16:24.0479 4520        mrxsmb10 - ok
18:16:24.0506 4520        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:16:24.0544 4520        mrxsmb20 - ok
18:16:24.0589 4520        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:16:24.0596 4520        msahci - ok
18:16:24.0641 4520        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:16:24.0659 4520        msdsm - ok
18:16:24.0684 4520        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:16:24.0739 4520        MSDTC - ok
18:16:24.0779 4520        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:16:24.0816 4520        Msfs - ok
18:16:24.0831 4520        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:16:24.0881 4520        mshidkmdf - ok
18:16:24.0924 4520        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:16:24.0934 4520        msisadrv - ok
18:16:24.0961 4520        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:16:25.0014 4520        MSiSCSI - ok
18:16:25.0016 4520        msiserver - ok
18:16:25.0061 4520        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:16:25.0111 4520        MSKSSRV - ok
18:16:25.0226 4520        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:16:25.0236 4520        MsMpSvc - ok
18:16:25.0266 4520        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:16:25.0316 4520        MSPCLOCK - ok
18:16:25.0344 4520        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:16:25.0389 4520        MSPQM - ok
18:16:25.0456 4520        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:16:25.0476 4520        MsRPC - ok
18:16:25.0519 4520        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:16:25.0529 4520        mssmbios - ok
18:16:25.0559 4520        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:16:25.0609 4520        MSTEE - ok
18:16:25.0644 4520        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:16:25.0651 4520        MTConfig - ok
18:16:25.0671 4520        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:16:25.0681 4520        Mup - ok
18:16:25.0739 4520        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:16:25.0806 4520        napagent - ok
18:16:25.0849 4520        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:16:25.0899 4520        NativeWifiP - ok
18:16:25.0999 4520        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:16:26.0039 4520        NDIS - ok
18:16:26.0084 4520        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:16:26.0134 4520        NdisCap - ok
18:16:26.0169 4520        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:16:26.0214 4520        NdisTapi - ok
18:16:26.0261 4520        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:16:26.0309 4520        Ndisuio - ok
18:16:26.0361 4520        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:16:26.0394 4520        NdisWan - ok
18:16:26.0431 4520        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:16:26.0481 4520        NDProxy - ok
18:16:26.0509 4520        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:16:26.0557 4520        NetBIOS - ok
18:16:26.0612 4520        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:16:26.0667 4520        NetBT - ok
18:16:26.0719 4520        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:26.0727 4520        Netlogon - ok
18:16:26.0772 4520        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:16:26.0834 4520        Netman - ok
18:16:26.0967 4520        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0012 4520        NetMsmqActivator - ok
18:16:27.0014 4520        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0024 4520        NetPipeActivator - ok
18:16:27.0067 4520        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:16:27.0132 4520        netprofm - ok
18:16:27.0137 4520        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0144 4520        NetTcpActivator - ok
18:16:27.0147 4520        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0154 4520        NetTcpPortSharing - ok
18:16:27.0199 4520        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:16:27.0209 4520        nfrd960 - ok
18:16:27.0242 4520        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:16:27.0257 4520        NisDrv - ok
18:16:27.0359 4520        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:16:27.0382 4520        NisSrv - ok
18:16:27.0449 4520        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:16:27.0509 4520        NlaSvc - ok
18:16:27.0547 4520        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:16:27.0574 4520        Npfs - ok
18:16:27.0594 4520        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:16:27.0639 4520        nsi - ok
18:16:27.0679 4520        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:16:27.0724 4520        nsiproxy - ok
18:16:27.0809 4520        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:16:27.0872 4520        Ntfs - ok
18:16:27.0962 4520        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:16:28.0007 4520        Null - ok
18:16:28.0072 4520        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:16:28.0087 4520        nvraid - ok
18:16:28.0117 4520        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:16:28.0129 4520        nvstor - ok
18:16:28.0184 4520        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:16:28.0199 4520        nv_agp - ok
18:16:28.0212 4520        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:16:28.0239 4520        ohci1394 - ok
18:16:28.0282 4520        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:16:28.0344 4520        p2pimsvc - ok
18:16:28.0367 4520        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:16:28.0387 4520        p2psvc - ok
18:16:28.0409 4520        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:16:28.0424 4520        Parport - ok
18:16:28.0464 4520        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:16:28.0472 4520        partmgr - ok
18:16:28.0504 4520        pavboot        (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
18:16:28.0512 4520        pavboot - ok
18:16:28.0534 4520        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:16:28.0574 4520        PcaSvc - ok
18:16:28.0614 4520        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:16:28.0627 4520        pci - ok
18:16:28.0639 4520        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:16:28.0649 4520        pciide - ok
18:16:28.0699 4520        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:28.0724 4520        pcmcia - ok
18:16:28.0739 4520        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:16:28.0747 4520        pcw - ok
18:16:28.0787 4520        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:16:28.0857 4520        PEAUTH - ok
18:16:28.0929 4520        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:16:29.0014 4520        PeerDistSvc - ok
18:16:29.0069 4520        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:16:29.0094 4520        PerfHost - ok
18:16:29.0225 4520        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:16:29.0315 4520        pla - ok
18:16:29.0411 4520        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:16:29.0446 4520        PlugPlay - ok
18:16:29.0474 4520        PnkBstrA - ok
18:16:29.0510 4520        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:16:29.0510 4520        PNRPAutoReg - ok
18:16:29.0540 4520        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:16:29.0555 4520        PNRPsvc - ok
18:16:29.0611 4520        Point64        (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
18:16:29.0618 4520        Point64 - ok
18:16:29.0729 4520        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:16:29.0817 4520        PolicyAgent - ok
18:16:29.0854 4520        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:16:29.0919 4520        Power - ok
18:16:29.0980 4520        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:30.0051 4520        PptpMiniport - ok
18:16:30.0081 4520        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:16:30.0114 4520        Processor - ok
18:16:30.0149 4520        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:16:30.0206 4520        ProfSvc - ok
18:16:30.0266 4520        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:30.0276 4520        ProtectedStorage - ok
18:16:30.0670 4520        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:16:30.0718 4520        Psched - ok
18:16:30.0790 4520        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:16:30.0836 4520        ql2300 - ok
18:16:30.0954 4520        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:16:30.0969 4520        ql40xx - ok
18:16:30.0992 4520        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:16:31.0039 4520        QWAVE - ok
18:16:31.0062 4520        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:16:31.0099 4520        QWAVEdrv - ok
18:16:31.0122 4520        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:31.0164 4520        RasAcd - ok
18:16:31.0207 4520        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:16:31.0234 4520        RasAgileVpn - ok
18:16:31.0257 4520        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:16:31.0309 4520        RasAuto - ok
18:16:31.0369 4520        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:31.0421 4520        Rasl2tp - ok
18:16:31.0464 4520        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:16:31.0504 4520        RasMan - ok
18:16:31.0551 4520        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:31.0604 4520        RasPppoe - ok
18:16:31.0641 4520        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:31.0676 4520        RasSstp - ok
18:16:31.0734 4520        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:31.0804 4520        rdbss - ok
18:16:31.0829 4520        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:16:31.0861 4520        rdpbus - ok
18:16:31.0889 4520        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:31.0931 4520        RDPCDD - ok
18:16:31.0971 4520        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:16:31.0989 4520        RDPDR - ok
18:16:32.0004 4520        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:16:32.0051 4520        RDPENCDD - ok
18:16:32.0079 4520        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:16:32.0106 4520        RDPREFMP - ok
18:16:32.0161 4520        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:16:32.0204 4520        RdpVideoMiniport - ok
18:16:32.0237 4520        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:16:32.0259 4520        RDPWD - ok
18:16:32.0317 4520        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:16:32.0329 4520        rdyboost - ok
18:16:32.0354 4520        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:16:32.0404 4520        RemoteAccess - ok
18:16:32.0442 4520        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:16:32.0474 4520        RemoteRegistry - ok
18:16:32.0507 4520        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:16:32.0542 4520        RFCOMM - ok
18:16:32.0572 4520        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:16:32.0627 4520        RpcEptMapper - ok
18:16:32.0664 4520        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:16:32.0694 4520        RpcLocator - ok
18:16:32.0742 4520        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:16:32.0774 4520        RpcSs - ok
18:16:32.0799 4520        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:32.0829 4520        rspndr - ok
18:16:32.0869 4520        RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
18:16:32.0877 4520        RTHDMIAzAudService - ok
18:16:32.0919 4520        RTL8167        (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:16:32.0959 4520        RTL8167 - ok
18:16:32.0999 4520        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:16:33.0047 4520        s3cap - ok
18:16:33.0092 4520        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:33.0099 4520        SamSs - ok
18:16:33.0224 4520        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:16:33.0232 4520        SASDIFSV - ok
18:16:33.0249 4520        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:16:33.0257 4520        SASKUTIL - ok
18:16:33.0302 4520        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:16:33.0317 4520        sbp2port - ok
18:16:33.0360 4520        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:16:33.0418 4520        SCardSvr - ok
18:16:33.0450 4520        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:16:33.0495 4520        scfilter - ok
18:16:33.0553 4520        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:16:33.0603 4520        Schedule - ok
18:16:33.0655 4520        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:16:33.0683 4520        SCPolicySvc - ok
18:16:33.0728 4520        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:16:33.0753 4520        SDRSVC - ok
18:16:33.0795 4520        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:16:33.0845 4520        secdrv - ok
18:16:33.0873 4520        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:16:33.0918 4520        seclogon - ok
18:16:33.0943 4520        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:16:33.0990 4520        SENS - ok
18:16:34.0015 4520        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:16:34.0035 4520        SensrSvc - ok
18:16:34.0055 4520        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:16:34.0083 4520        Serenum - ok
18:16:34.0116 4520        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:16:34.0155 4520        Serial - ok
18:16:34.0192 4520        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:16:34.0200 4520        sermouse - ok
18:16:34.0252 4520        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:16:34.0307 4520        SessionEnv - ok
18:16:34.0330 4520        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:16:34.0360 4520        sffdisk - ok
18:16:34.0382 4520        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:16:34.0415 4520        sffp_mmc - ok
18:16:34.0440 4520        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:16:34.0472 4520        sffp_sd - ok
18:16:34.0502 4520        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:16:34.0512 4520        sfloppy - ok
18:16:34.0547 4520        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:16:34.0607 4520        SharedAccess - ok
18:16:34.0665 4520        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:16:34.0727 4520        ShellHWDetection - ok
18:16:34.0765 4520        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:16:34.0775 4520        SiSRaid2 - ok
18:16:34.0787 4520        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:16:34.0797 4520        SiSRaid4 - ok
18:16:34.0907 4520        sj              (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
18:16:34.0915 4520        sj - ok
18:16:34.0945 4520        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:16:34.0997 4520        Smb - ok
18:16:35.0067 4520        SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
18:16:35.0087 4520        SNMP - ok
18:16:35.0102 4520        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:16:35.0130 4520        SNMPTRAP - ok
18:16:35.0175 4520        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:16:35.0182 4520        spldr - ok
18:16:35.0250 4520        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:16:35.0287 4520        Spooler - ok
18:16:35.0548 4520        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:16:35.0713 4520        sppsvc - ok
18:16:35.0810 4520        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:16:35.0860 4520        sppuinotify - ok
18:16:35.0945 4520        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:16:36.0013 4520        srv - ok
18:16:36.0063 4520        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:16:36.0103 4520        srv2 - ok
18:16:36.0133 4520        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:16:36.0165 4520        srvnet - ok
18:16:36.0210 4520        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:16:36.0273 4520        SSDPSRV - ok
18:16:36.0298 4520        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:16:36.0325 4520        SstpSvc - ok
18:16:36.0435 4520        Steam Client Service - ok
18:16:36.0468 4520        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:16:36.0475 4520        stexstor - ok
18:16:36.0533 4520        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:16:36.0580 4520        stisvc - ok
18:16:36.0610 4520        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:16:36.0618 4520        storflt - ok
18:16:36.0673 4520        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:16:36.0683 4520        storvsc - ok
18:16:36.0725 4520        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:16:36.0733 4520        swenum - ok
18:16:36.0783 4520        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:16:36.0848 4520        swprv - ok
18:16:36.0868 4520        Synth3dVsc - ok
18:16:36.0963 4520        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:16:37.0038 4520        SysMain - ok
18:16:37.0151 4520        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:16:37.0171 4520        TabletInputService - ok
18:16:37.0208 4520        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:16:37.0266 4520        TapiSrv - ok
18:16:37.0301 4520        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:16:37.0348 4520        TBS - ok
18:16:37.0463 4520        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:16:37.0526 4520        Tcpip - ok
18:16:37.0678 4520        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:16:37.0708 4520        TCPIP6 - ok
18:16:37.0798 4520        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:16:37.0843 4520        tcpipreg - ok
18:16:37.0873 4520        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:16:37.0924 4520        TDPIPE - ok
18:16:37.0956 4520        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:16:37.0981 4520        TDTCP - ok
18:16:38.0016 4520        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:16:38.0049 4520        tdx - ok
18:16:38.0219 4520        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:16:38.0256 4520        TeamViewer7 - ok
18:16:38.0389 4520        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
18:16:38.0396 4520        teamviewervpn - ok
18:16:38.0444 4520        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:16:38.0451 4520        TermDD - ok
18:16:38.0509 4520        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:16:38.0571 4520        TermService - ok
18:16:38.0614 4520        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:16:38.0651 4520        Themes - ok
18:16:38.0699 4520        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:16:38.0726 4520        THREADORDER - ok
18:16:38.0734 4520        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:16:38.0789 4520        TrkWks - ok
18:16:38.0856 4520        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:16:38.0904 4520        TrustedInstaller - ok
18:16:38.0941 4520        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:38.0966 4520        tssecsrv - ok
18:16:39.0021 4520        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:16:39.0041 4520        TsUsbFlt - ok
18:16:39.0046 4520        tsusbhub - ok
18:16:39.0101 4520        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:16:39.0149 4520        tunnel - ok
18:16:39.0181 4520        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:16:39.0189 4520        uagp35 - ok
18:16:39.0244 4520        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:16:39.0301 4520        udfs - ok
18:16:39.0341 4520        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:16:39.0376 4520        UI0Detect - ok
18:16:39.0441 4520        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:16:39.0451 4520        uliagpkx - ok
18:16:39.0469 4520        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:16:39.0474 4520        umbus - ok
18:16:39.0499 4520        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:16:39.0507 4520        UmPass - ok
18:16:39.0544 4520        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:16:39.0587 4520        UmRdpService - ok
18:16:39.0629 4520        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:16:39.0707 4520        upnphost - ok
18:16:39.0759 4520        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:16:39.0774 4520        USBAAPL64 - ok
18:16:39.0817 4520        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:39.0844 4520        usbccgp - ok
18:16:39.0899 4520        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:16:39.0914 4520        usbcir - ok
18:16:39.0932 4520        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:16:39.0959 4520        usbehci - ok
18:16:40.0007 4520        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:16:40.0047 4520        usbhub - ok
18:16:40.0069 4520        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:16:40.0097 4520        usbohci - ok
18:16:40.0132 4520        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:16:40.0164 4520        usbprint - ok
18:16:40.0204 4520        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:16:40.0244 4520        USBSTOR - ok
18:16:40.0269 4520        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:16:40.0297 4520        usbuhci - ok
18:16:40.0514 4520        usj            (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
18:16:40.0557 4520        usj - ok
18:16:40.0587 4520        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:16:40.0659 4520        UxSms - ok
18:16:40.0697 4520        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:40.0704 4520        VaultSvc - ok
18:16:40.0757 4520        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:16:40.0764 4520        vdrvroot - ok
18:16:40.0837 4520        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:16:40.0879 4520        vds - ok
18:16:40.0927 4520        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:40.0939 4520        vga - ok
18:16:40.0957 4520        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:16:41.0002 4520        VgaSave - ok
18:16:41.0004 4520        VGPU - ok
18:16:41.0047 4520        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:16:41.0059 4520        vhdmp - ok
18:16:41.0097 4520        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:16:41.0107 4520        viaide - ok
18:16:41.0127 4520        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:16:41.0139 4520        vmbus - ok
18:16:41.0152 4520        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:16:41.0182 4520        VMBusHID - ok
18:16:41.0214 4520        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:16:41.0222 4520        volmgr - ok
18:16:41.0269 4520        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:16:41.0289 4520        volmgrx - ok
18:16:41.0339 4520        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:16:41.0362 4520        volsnap - ok
18:16:41.0397 4520        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:16:41.0409 4520        vsmraid - ok
18:16:41.0495 4520        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:16:41.0585 4520        VSS - ok
18:16:41.0690 4520        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:16:41.0717 4520        vwifibus - ok
18:16:41.0767 4520        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:16:41.0810 4520        W32Time - ok
18:16:41.0830 4520        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:16:41.0840 4520        WacomPen - ok
18:16:41.0895 4520        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:41.0930 4520        WANARP - ok
18:16:41.0940 4520        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:41.0965 4520        Wanarpv6 - ok
18:16:42.0062 4520        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:16:42.0112 4520        wbengine - ok
18:16:42.0190 4520        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:16:42.0215 4520        WbioSrvc - ok
18:16:42.0270 4520        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:16:42.0295 4520        wcncsvc - ok
18:16:42.0305 4520        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:16:42.0357 4520        WcsPlugInService - ok
18:16:42.0385 4520        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:16:42.0395 4520        Wd - ok
18:16:42.0427 4520        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:16:42.0457 4520        Wdf01000 - ok
18:16:42.0470 4520        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:16:42.0537 4520        WdiServiceHost - ok
18:16:42.0542 4520        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:16:42.0555 4520        WdiSystemHost - ok
18:16:42.0612 4520        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:16:42.0687 4520        WebClient - ok
18:16:42.0732 4520        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:16:42.0790 4520        Wecsvc - ok
18:16:42.0817 4520        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:16:42.0852 4520        wercplsupport - ok
18:16:42.0865 4520        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:16:42.0917 4520        WerSvc - ok
18:16:42.0975 4520        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:16:43.0002 4520        WfpLwf - ok
18:16:43.0010 4520        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:16:43.0028 4520        WIMMount - ok
18:16:43.0058 4520        WinDefend - ok
18:16:43.0070 4520        WinHttpAutoProxySvc - ok
18:16:43.0108 4520        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:16:43.0173 4520        Winmgmt - ok
18:16:43.0263 4520        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:16:43.0343 4520        WinRM - ok
18:16:43.0459 4520        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:16:43.0492 4520        WinUsb - ok
18:16:43.0547 4520        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:16:43.0604 4520        Wlansvc - ok
18:16:43.0784 4520        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:16:43.0862 4520        wlidsvc - ok
18:16:43.0987 4520        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:16:44.0019 4520        WmiAcpi - ok
18:16:44.0079 4520        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:16:44.0112 4520        wmiApSrv - ok
18:16:44.0159 4520        WMPNetworkSvc - ok
18:16:44.0187 4520        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:16:44.0204 4520        WPCSvc - ok
18:16:44.0232 4520        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:16:44.0257 4520        WPDBusEnum - ok
18:16:44.0290 4520        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:16:44.0335 4520        ws2ifsl - ok
18:16:44.0340 4520        WSearch - ok
18:16:44.0450 4520        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:16:44.0547 4520        wuauserv - ok
18:16:44.0665 4520        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:16:44.0715 4520        WudfPf - ok
18:16:44.0800 4520        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:44.0872 4520        WUDFRd - ok
18:16:44.0902 4520        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:16:44.0932 4520        wudfsvc - ok
18:16:44.0955 4520        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:16:45.0000 4520        WwanSvc - ok
18:16:45.0057 4520        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:16:45.0210 4520        \Device\Harddisk0\DR0 - ok
18:16:45.0367 4520        MBR (0x1B8)    (f00f65623ce0296e8ef44b4f7eecf685) \Device\Harddisk1\DR1
18:21:50.0086 4520        \Device\Harddisk1\DR1 - ok
18:21:50.0109 4520        Boot (0x1200)  (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0
18:21:50.0134 4520        \Device\Harddisk0\DR0\Partition0 - ok
18:21:50.0149 4520        Boot (0x1200)  (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1
18:21:50.0191 4520        \Device\Harddisk0\DR0\Partition1 - ok
18:21:50.0191 4520        ============================================================
18:21:50.0191 4520        Scan finished
18:21:50.0191 4520        ============================================================
18:21:50.0199 4196        Detected object count: 1
18:21:50.0199 4196        Actual detected object count: 1
18:21:54.0986 4196        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:54.0986 4196        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:00.0397 5780        Deinitialize success

cosinus 03.07.2012 11:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

danke 03.07.2012 18:54
Combofix Logfile:
Code:
ComboFix 12-07-02.01 - Fab 03.07.2012  19:38:08.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4094.2605 [GMT 2:00]
ausgeführt von:: c:\users\Fab\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\483D\87B9.tmp
c:\users\Fab\AppData\Local\assembly\tmp
c:\users\Fab\AppData\Roaming\edxLabs
c:\users\Fab\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\242409.txt
c:\users\Fab\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\users\Fab\AppData\Roaming\Microsoft\Google
c:\users\Fab\AppData\Roaming\Microsoft\Google\s.txt
c:\users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk
c:\windows\SysWow64\gmail.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-07-03 17:46 . 2012-07-03 17:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-03 17:16 . 2012-07-03 17:16        --------        d-----w-        c:\program files\iPod
2012-07-03 17:16 . 2012-07-03 17:17        --------        d-----w-        c:\program files\iTunes
2012-07-03 17:16 . 2012-07-03 17:17        --------        d-----w-        c:\program files (x86)\iTunes
2012-07-03 16:39 . 2012-06-21 13:16        927800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-03 16:39 . 2012-06-21 13:16        927800        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CF40356-3E0D-4355-9EED-25F7E39E833E}\gapaengine.dll
2012-07-03 16:38 . 2012-05-30 19:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62F42FB6-4614-45F4-8E6A-502739708E61}\mpengine.dll
2012-07-01 16:52 . 2012-05-30 19:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-30 06:52 . 2012-06-30 06:52        --------        d-----w-        c:\program files (x86)\Games
2012-06-30 04:29 . 2012-06-30 04:29        --------        d-----w-        c:\users\Fab\AppData\Local\Macromedia
2012-06-28 04:01 . 2012-06-28 04:01        --------        d-----w-        c:\program files (x86)\Drakensang Online
2012-06-22 07:57 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-22 07:57 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-22 07:57 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-22 07:57 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-22 07:57 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-22 07:57 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-22 07:57 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-22 07:56 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-22 07:56 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-20 22:45 . 2012-06-20 22:45        --------        d-----w-        c:\program files (x86)\Microsoft Security Client
2012-06-20 22:45 . 2012-06-20 22:45        --------        d-----w-        c:\program files\Microsoft Security Client
2012-06-20 14:25 . 2012-05-18 01:59        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-06-20 14:24 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-06-20 14:23 . 2011-03-11 06:41        189824        ----a-w-        c:\windows\system32\drivers\storport.sys
2012-06-20 02:13 . 2012-06-20 02:13        --------        d-----w-        c:\programdata\McAfee Security Scan
2012-06-20 02:12 . 2012-06-20 02:12        --------        d-----w-        c:\program files (x86)\McAfee Security Scan
2012-06-20 02:12 . 2012-06-20 02:12        --------        d-----w-        c:\programdata\McAfee
2012-06-20 01:19 . 2012-06-20 01:19        --------        d-----w-        c:\users\Fab\AppData\Roaming\f-secure
2012-06-20 01:18 . 2012-06-20 01:18        --------        d-----w-        c:\programdata\F-Secure
2012-06-20 01:05 . 2012-06-20 01:05        --------        d-----w-        c:\users\Fab\AppData\Roaming\QuickScan
2012-06-20 01:05 . 2009-06-30 08:37        33800        ----a-w-        c:\windows\system32\drivers\pavboot64.sys
2012-06-20 01:04 . 2012-06-20 01:04        --------        d-----w-        c:\program files (x86)\Panda Security
2012-06-19 23:41 . 2012-06-19 23:41        --------        d-----w-        c:\program files\CCleaner
2012-06-19 21:12 . 2012-06-19 21:12        --------        d-----w-        c:\users\Fab\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 21:11 . 2012-06-19 21:12        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-06-19 21:11 . 2012-06-19 21:11        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-06-19 21:01 . 2012-06-19 21:01        --------        d-----w-        c:\program files (x86)\ESET
2012-06-19 00:12 . 2012-06-19 00:12        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 00:12 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-18 23:58 . 2012-07-02 15:37        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-06-18 22:48 . 2012-06-18 22:48        114688        --sha-r-        c:\windows\SysWow64\fdBthk.dll
2012-06-14 15:52 . 2012-06-14 16:58        --------        d-----w-        c:\program files (x86)\Silkroad
2012-06-14 15:45 . 2012-06-14 15:44        955840        ----a-w-        c:\windows\system32\npDeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:33 . 2011-03-29 20:00        20544        ----a-w-        c:\windows\gdrv.sys
2012-06-30 03:51 . 2012-06-30 03:51        345256        ----a-w-        C:\TDSS Killer Logs.zip
2012-06-27 08:34 . 2012-04-03 12:50        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 08:34 . 2011-05-14 19:29        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 22:11 . 2012-04-30 12:01        281288        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-06-17 22:11 . 2012-04-30 11:42        281288        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-06-14 15:44 . 2011-05-23 18:10        839096        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-30 14:57 . 2011-03-29 20:17        30528        ----a-w-        c:\windows\GVTDrv64.sys
2012-05-29 08:47 . 2011-04-01 14:26        25640        ----a-w-        c:\windows\etdrv.sys
2012-05-09 10:21 . 2012-04-27 12:11        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2011-04-01 14:09        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-30 21:45 . 2012-04-30 11:42        283416        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 11:42 . 2012-04-30 11:42        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22        11174400        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21        909312        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20        1067520        ----a-w-        c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16        503808        ----a-w-        c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16        236544        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13        6800896        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10        26181632        ----a-w-        c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00        64000        ----a-w-        c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59        7479296        ----a-w-        c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50        19753984        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35        1120768        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34        1831424        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34        4731904        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34        6203392        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29        16090624        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25        13764096        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23        7431680        ----a-w-        c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22        4795904        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11        514560        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        360448        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10        343040        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09        41984        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09        44544        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09        32256        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34        74752        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34        64512        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33        16457216        ----a-w-        c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32        13007872        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2006-05-03 11:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-29 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-30 30528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-03-05 47224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-06-07 89560]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-07 254528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-04-01 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-04-01 16008]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\fkykjgjgph.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job
- c:\users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 17:45]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job
- c:\users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-27 6471200]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.klassikradio.de/liveplayer.php
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\jiwpuw59.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-39480465.sys
SafeBoot-95626647.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-G.O.M - c:\windows\system32\usetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*\OpenWithList]
@Class="Shell"
"a"="WORDPAD.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*\OpenWithProgids]
"¦Iï_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000_Classes\.*’%I*ï*]
@Allowed: (Read) (RestrictedCode)
@="¦Iï_auto_file"
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000_Classes\’%I*ï*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-03  19:48:50
ComboFix-quarantined-files.txt  2012-07-03 17:48
.
Vor Suchlauf: 12 Verzeichnis(se), 37.046.099.968 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 38.885.548.032 Bytes frei
.
- - End Of File - - 0E11C4EB33DF6A0988CD800DC266D18D
--- --- ---

cosinus 04.07.2012 16:12
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

danke 04.07.2012 17:41
hier die logs:

gmer log:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 17:51:21
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9401d483                                                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9401d483 (not active ControlSet)                                 
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.¦Iï\OpenWithProgids@\x2019%I\0ï\0_\0a\0u\0t\0o\0_\0f\0i\0l\0e 

---- EOF - GMER 1.0.15 ----
--- --- ---



osam log :


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:54:51 on 04.07.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Opera Software Opera Internet Browser 12.00

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"fkykjgjgph.job" - ? - C:\Windows\SysWOW64\fdBthk.dll  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job" - "Google Inc." - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job" - "Google Inc." - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"AODDriver4.0" (AODDriver4.0) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys  (File not found)
"etdrv" (etdrv) - "Windows (R) Server 2003 DDK provider" - C:\Windows\etdrv.sys
"gdrv" (gdrv) - "Windows (R) Server 2003 DDK provider" - C:\Windows\gdrv.sys
"GVTDrv64" (GVTDrv64) - ? - C:\Windows\GVTDrv64.sys  (File found, but it contains no detailed information)
"pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot64.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"sj" (sj) - ? - C:\AeriaGames\EdenEternal\sjcs64.sys  (File found, but it contains no detailed information)
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"usj" (usj) - ? - C:\AeriaGames\EdenEternal\avital\ussjcs64.sys  (File found, but it contains no detailed information)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" - "Panda Security" - C:\Windows\Downloaded Program Files\as2stubie.dll / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control" - "Bitdefender LLC" - C:\Windows\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
Locked "Locked" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]


aswmbr log:



Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 17:55:53
-----------------------------
17:55:53.155    OS Version: Windows x64 6.1.7601 Service Pack 1
17:55:53.155    Number of processors: 2 586 0x4303
17:55:53.156    ComputerName: FAB  UserName: Fab
17:55:53.787    Initialize success
17:56:44.324    AVAST engine defs: 12070400
17:56:52.077    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:56:52.093    Disk 0 Vendor: MAXTOR_STM3250310AS 4.AAA Size: 238474MB BusType: 3
17:56:52.093    Disk 0 MBR read successfully
17:56:52.109    Disk 0 MBR scan
17:56:52.109    Disk 0 Windows 7 default MBR code
17:56:52.109    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:56:52.124    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      238372 MB offset 206848
17:56:52.140    Disk 0 scanning C:\Windows\system32\drivers
17:57:02.186    Service scanning
17:57:17.493    Modules scanning
17:57:17.493    Disk 0 trace - called modules:
17:57:17.508    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:57:17.524    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004922060]
17:57:17.524    3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> [0xfffffa80047d8520]
17:57:17.524    5 ACPI.sys[fffff88000eda7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047ce680]
17:57:18.257    AVAST engine scan C:\Windows
17:57:21.408    AVAST engine scan C:\Windows\system32
18:00:35.801    AVAST engine scan C:\Windows\system32\drivers
18:00:47.408    AVAST engine scan C:\Users\Fab
18:33:18.743    AVAST engine scan C:\ProgramData
18:34:35.264    Scan finished successfully
18:39:19.013    Disk 0 MBR has been saved successfully to "C:\Users\Fab\Desktop\MBR.dat"
18:39:19.028    The log file has been saved successfully to "C:\Users\Fab\Desktop\aswMBR log.txt"

cosinus 05.07.2012 09:43
Code:
"fkykjgjgph.job" - ? - C:\Windows\SysWOW64\fdBthk.dll  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
Bitte mit OSAM deaktivieren + löschen (delete from storage)
Mach danach einen Neustart und ein neues Log mit OSAM

danke 05.07.2012 13:56
ok das wars danke microsoft se startet nun wieder und bekomme auch keine redirects mehr

aber mir ist jetzt aufgefallen das der windows sicherheitscenterdienst auch die ganze zeit deaktiviert war und sich immernoch nich wieder aktivieren lässt

hier der neue osam log :

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
 Saved at 14:48:09 on 05.07.2012
OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Opera Software Opera Internet Browser 12.00

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
        Risk        Name        Publisher        Full Path        Status
Common
%SystemRoot%\Tasks
        ||||          "GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job"        "Google Inc."        C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe        File exists
        ||||          "GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job"        "Google Inc."        C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe        File exists
Control Panel Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
                      "Pando"        "Pando Networks"        C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl        File exists
                      "QuickTime"        "Apple Inc."        C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl        File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
                      "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub)                C:\Windows\System32\drivers\tsusbhub.sys        File not found
                      "AODDriver4.0" (AODDriver4.0)        "Advanced Micro Devices"        C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys        File exists
                      "catchme" (catchme)                C:\ComboFix\catchme.sys        File not found
                      "EagleX64" (EagleX64)                C:\Windows\system32\drivers\EagleX64.sys        File not found
        ||||||        "etdrv" (etdrv)        "Windows (R) Server 2003 DDK provider"        C:\Windows\etdrv.sys        File exists
        ||||||        "gdrv" (gdrv)        "Windows (R) Server 2003 DDK provider"        C:\Windows\gdrv.sys        File exists
        ||||||        "GVTDrv64" (GVTDrv64)                C:\Windows\GVTDrv64.sys        File found, but it contains no detailed information
        ||||||        "pavboot" (pavboot)        "Panda Security, S.L."        C:\Windows\System32\drivers\pavboot64.sys        File exists
        ||||||        "SASDIFSV" (SASDIFSV)        "SUPERAdBlocker.com and SUPERAntiSpyware.com"        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS        File exists
        ||||||        "SASKUTIL" (SASKUTIL)        "SUPERAdBlocker.com and SUPERAntiSpyware.com"        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS        File exists
                      "sj" (sj)                C:\AeriaGames\EdenEternal\sjcs64.sys        File found, but it contains no detailed information
                      "Synth3dVsc" (Synth3dVsc)                C:\Windows\System32\drivers\synth3dvsc.sys        File not found
                      "usj" (usj)                C:\AeriaGames\EdenEternal\avital\ussjcs64.sys        File found, but it contains no detailed information
                      "VGPU" (VGPU)                C:\Windows\System32\drivers\rdvgkmd.sys        File not found
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
                      {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"        "Adobe Systems, Inc."        C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll        File exists
        ||||||        {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"                C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll        File exists
HKLM\Software\Classes\Protocols\Handler
        ||||          {828030A1-22C1-4009-854F-8E305202313F} "livecall"        "Microsoft Corporation"        C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll        File exists
        ||||          {828030A1-22C1-4009-854F-8E305202313F} "msnim"        "Microsoft Corporation"        C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
                      {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension"                        File not found | COM-object registry key not found
        ||            {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler"        "DivX, Inc."        C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll        File exists
        ||            {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider"        "DivX, Inc."        C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll        File exists
        ||||||        {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"                C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll        File exists
        ||||||        {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"                C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll        File exists
        ||||||        {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler"                C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll        File exists
        ||||||        {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"                C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll        File exists
        ||||||        {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"                C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll        File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
                      ITBar7Height "ITBar7Height"                        File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
        ||||||        {9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class"
hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab        "Panda Security"        C:\Windows\Downloaded Program Files\as2stubie.dll        File exists
                      {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control"
hxxp://quickscan.bitdefender.com/qsax/qsax.cab        "Bitdefender LLC"        C:\Windows\DOWNLO~1\qsax.dll        File exists
                      {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab        "Sun Microsystems, Inc."        C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll        File exists
                      {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab        "Sun Microsystems, Inc."        C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll        File exists
                      {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab        "Sun Microsystems, Inc."        C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll        File exists
                      {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab        "Sun Microsystems, Inc."        C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll        File exists
                      {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control"
hxxp://download.eset.com/special/eos/OnlineScanner.cab        "ESET"        C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX        File exists
                      {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab        "Adobe Systems, Inc."        C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx        File exists
        ||||||        {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner"
hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab        "Symantec Corporation"        C:\Windows\Downloaded Program Files\avsniff.dll        File exists
        ||||||        {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class"
hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab        "Symantec Corporation"        C:\Windows\Downloaded Program Files\rufsi.dll        File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
        ||||          {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600"        "Microsoft Corporation"        C:\Program Files (x86)\Windows Live\Companion\companioncore.dll        File exists
        ||||          "ICQ7.5"        "ICQ, LLC."        C:\Program Files (x86)\ICQ7.5\ICQ.exe        File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
                      Locked "Locked"                        File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
                      {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"        "Adobe Systems Incorporated"        C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll        File exists
                      {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5        "DivX, LLC"        C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll        File exists
                      {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"        "Sun Microsystems, Inc."        C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll        File exists
                      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"        "Sun Microsystems, Inc."        C:\Program Files (x86)\Java\jre6\bin\ssv.dll        File exists
        ||||||        {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm"        "Microsoft Corp."        C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll        File exists
        ||||          {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper"        "Microsoft Corporation"        C:\Program Files (x86)\Windows Live\Companion\companioncore.dll        File exists
LSA Providers
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
        ||||||        "Security Packages"        "Microsoft Corp."        C:\Windows\system32\livessp.dll        File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
        ||||||        "desktop.ini"                C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini        File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
        ||||||        "desktop.ini"                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini        File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        ||||          "DAEMON Tools Lite"        "DT Soft Ltd"        "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun        File exists
        ||||          "ISUSPM Startup"        "InstallShield Software Corporation"        C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup        File exists
                      "MobileDocuments"        "Apple Inc."        C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe        File exists
                      "SUPERAntiSpyware"        "SUPERAntiSpyware.com"        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
        ||||          "Adobe ARM"        "Adobe Systems Incorporated"        "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"        File exists
                      "AppleSyncNotifier"        "Apple Inc."        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe        File exists
                      "APSDaemon"        "Apple Inc."        "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"        File exists
                      "DivXUpdate"                "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW        File exists
        ||||          "ISUSScheduler"        "InstallShield Software Corporation"        "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start        File exists
                      "iTunesHelper"        "Apple Inc."        "C:\Program Files (x86)\iTunes\iTunesHelper.exe"        File exists
                      "QuickTime Task"        "Apple Inc."        "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime        File exists
                      "StartCCC"        "Advanced Micro Devices, Inc."        "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun        File exists
        ||||          "SunJavaUpdateSched"        "Sun Microsystems, Inc."        "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"        File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
                      "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc)                "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"        File not found
                      "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv)        "Microsoft Corporation"        c:\Program Files\Microsoft Security Client\NisSrv.exe        File exists
        ||            "Adobe Acrobat Update Service" (AdobeARMservice)        "Adobe Systems Incorporated"        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe        File exists
                      "AMD FUEL Service" (AMD FUEL Service)        "Advanced Micro Devices, Inc."        C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe        File exists
                      "Apple Mobile Device" (Apple Mobile Device)        "Apple Inc."        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe        File exists
        ||||||        "ASP.NET-Zustandsdienst" (aspnet_state)        "Microsoft Corporation"        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe        File exists
        ||||||        "Dienst "Bonjour"" (Bonjour Service)        "Apple Inc."        C:\Program Files\Bonjour\mDNSResponder.exe        File exists
        ||||          "InstallDriver Table Manager" (IDriverT)        "Macrovision Corporation"        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe        File exists
                      "iPod-Dienst" (iPod Service)        "Apple Inc."        C:\Program Files\iPod\bin\iPodService.exe        File exists
        ||||||        "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64)        "Microsoft Corporation"        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe        File exists
        ||||||        "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)        "Microsoft Corporation"        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe        File exists
                      "Microsoft Antimalware Service" (MsMpSvc)        "Microsoft Corporation"        c:\Program Files\Microsoft Security Client\MsMpEng.exe        File exists
                      "PnkBstrA" (PnkBstrA)                C:\Windows\system32\PnkBstrA.exe        File not found
        ||||||        "SAS Core Service" (!SASCORE)        "SUPERAntiSpyware.com"        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE        File exists
                      "Steam Client Service" (Steam Client Service)        "Valve Corporation"        C:\Program Files (x86)\Common Files\Steam\SteamService.exe        File exists
                      "TeamViewer 7" (TeamViewer7)        "TeamViewer GmbH"        C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe        File exists
        ||||||        "Windows Live ID Sign-in Assistant" (wlidsvc)        "Microsoft Corp."        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE        File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
        ||||||        "mdnsNSP"        "Apple Inc."        C:\Program Files (x86)\Bonjour\mdnsNSP.dll        File exists
        ||||||        "WindowsLive Local NSP"        "Microsoft Corp."        C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL        File exists
        ||||||        "WindowsLive NSP"        "Microsoft Corp."        C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL        File exists


If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
echt klasse

cosinus 05.07.2012 15:57
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

danke 05.07.2012 17:55
super anti spyware zeigt wieder diese tracking coockies an hier das log



Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/05/2012 at 06:52 PM

Application Version : 5.1.1002

Core Rules Database Version : 8848
Trace Rules Database Version: 6660

Scan type      : Complete Scan
Total Scan Time : 01:37:07

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 927
Memory threats detected  : 0
Registry items scanned    : 66179
Registry threats detected : 0
File items scanned        : 100973
File threats detected    : 21

Adware.Tracking Cookie
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SITEZUKU.txt [ /ero-advertising.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\B1X2NJVG.txt [ /track.adform.net ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TB4PPF6B.txt [ /ads.us.e-planning.net ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RWXDKWTH.txt [ /adform.net ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\521M0JME.txt [ /ad.adition.net ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\UNZHMGH4.txt [ /casalemedia.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EVAMZA32.txt [ /atdmt.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OAFO8ED9.txt [ /ad.yieldmanager.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LSRL5VI2.txt [ /adtech.de ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\P2EAPVGW.txt [ /adfarm1.adition.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HGJ71SX6.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\AZUPYLFG.txt [ /ad4.adfarm1.adition.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\VCYH8L98.txt [ /doubleclick.net ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9YDR26WD.txt [ /adbrite.com ]
        C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\0SG124M3.txt [ /ad.360yield.com ]
        C:\USERS\FAB\Cookies\521M0JME.txt [ Cookie:fab@ad.adition.net/ ]
        C:\USERS\FAB\Cookies\EVAMZA32.txt [ Cookie:fab@atdmt.com/ ]
        C:\USERS\FAB\Cookies\LSRL5VI2.txt [ Cookie:fab@adtech.de/ ]
        C:\USERS\FAB\Cookies\AZUPYLFG.txt [ Cookie:fab@ad4.adfarm1.adition.com/ ]
        C:\USERS\FAB\Cookies\VCYH8L98.txt [ Cookie:fab@doubleclick.net/ ]
        C:\USERS\FAB\Cookies\9YDR26WD.txt [ Cookie:fab@adbrite.com/ ]


malwarebytes log :



Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

05.07.2012 15:32:54
mbam-log-2012-07-05 (15-32-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 445818
Laufzeit: 2 Stunde(n), 43 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 05.07.2012 20:06
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

danke 05.07.2012 20:37
es ist alles wieder in ordnung ich kann dir gar nicht genug danken echt hammer das wir es geschafft haben diese blöde sache zu finden.

hdl und hoffe dieser beitrag hilft vielen anderen, und passt auf was ihr downloaded leute.


tschüss

cosinus 05.07.2012 21:00
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131