Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 03.12.2012, 14:21   #1
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Hallo,

ich bin auch Opfer des Polizei-Trojaners geworden: Ich werde mit einem Logo der österreichischen Polizei aufgefordert, EUR 100 zum entspreren meines Rechners zu zahlen.

Ist das erste Mal unvermittelt aufgetaucht, das zweite Mal beim Starten, war nach Neustart dann aber wieder OK.

Anbei Malwarebytes Anti-Malware Log. Funde habe ich wie gebeten nicht gelöscht (sind die damit automatisch in Quarantäne?). XXX ist meiner Zensur zum Opfer gefallen...:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX [Administrator]

03.12.2012 12:23:09
mbam-log-2012-12-03 (14-04-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 467899
Laufzeit: 1 Stunde(n), 38 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
Ich habe standardmäßig noch avast! Antivirus laufen, hat aber nicht alarmiert.

Vielen Dank für die Hilfe!
Tom

Alt 03.12.2012, 15:54   #2
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.12.2012, 17:04   #3
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Hallo,

danke für die rasche Antwort!

OLT.txt:

Code:
ATTFilter
OTL logfile created on: 03.12.2012 15:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,63% Memory free
6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 249,89 Gb Free Space | 56,06% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,56 Gb Free Space | 47,81% Space Free | Partition Type: FAT32
Drive Z: | 1832,31 Gb Total Space | 236,12 Gb Free Space | 12,89% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 15:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.10.26 15:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program 

Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.09.18 16:18:16 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.09.10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.08.29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.03.23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011.08.04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.03.14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.01.15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.08.15 20:40:19 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe
PRC - [2010.08.06 17:52:18 | 000,636,272 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\VideoBrowser\CameraMonitor.exe
PRC - [2010.02.11 09:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009.11.04 14:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.12 07:31:10 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.09.12 13:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.09.12 13:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.08.15 20:40:13 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2010.07.01 19:27:10 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\VideoBrowser\pxl_m17n_tool.dll
MOD - [2010.02.11 09:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2009.09.03 10:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.21 01:38:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance 

Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! 

Antivirus)
SRV - [2012.10.14 20:34:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32

\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE 

-- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- 

(AllShare)
SRV - [2009.11.04 14:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2009.09.27 17:55:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision 

Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.09.12 13:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 

-- (IAANTMON)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\1741.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (atikmdag)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- 

(aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- 

(aswFsBlk)
DRV - [2011.05.17 15:44:44 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32

\drivers\libusb0.sys -- (libusb0)
DRV - [2011.03.30 12:54:32 | 001,073,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- 

(BCMH43XX)
DRV - [2010.09.07 13:27:22 | 000,028,672 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32

\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- 

(nvlddmkm)
DRV - [2009.10.20 09:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- 

(NVHDA)
DRV - [2009.06.18 11:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009.04.10 21:06:28 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- 

(WSDScan)
DRV - [2008.11.21 08:53:44 | 000,220,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- 

(e1yexpress)
DRV - [2008.07.28 18:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys 

-- (athrusb)
DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- 

(WSDPrintDevice)
DRV - [2007.10.11 10:40:00 | 000,022,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV - [2007.01.19 17:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32

\drivers\SCMNdisP.sys -- (SCMNdisP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 4D C4 6B 31 D1 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_deAT340
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.4.8.6
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.3
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.1.1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 

(Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.13 23:16:10 | 

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:38:52 | 

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 01:38:52 | 

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | 

---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 01:38:52 | 

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | 

---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:38:52 | 

000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 

| ---D | M]
 
[2009.08.12 23:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.12.03 15:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions
[2012.10.27 07:34:40 | 000,000,000 | ---D | M] (Garmin Communicator) -- 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.16 15:47:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.15 06:03:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.10.26 14:38:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.12.03 15:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged
[2011.06.17 19:02:16 | 000,330,316 | ---- | M] () (No name found) -- 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\personas@christopher.beard.xpi
[2012.11.12 13:53:43 | 000,342,379 | ---- | M] () (No name found) -- 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.03 10:54:05 | 000,035,785 | ---- | M] () (No name found) -- 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.03 15:08:52 | 000,344,610 | ---- | M] () (No name found) -- 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.03 15:08:51 | 000,035,614 | ---- | M] () (No name found) -- 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\staged\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.21 01:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.21 01:38:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.24 16:55:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.24 16:55:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 16:55:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 16:55:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 16:55:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems 

Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft 

Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll 

(Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft 

Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 

Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe 

Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Polar Sync]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program 

Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 

94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 

Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 

Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 

Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File 

not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft 

Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll 

(Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll 

(Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14

\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program 

Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program 

Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CCF756F-10CF-4D36-B786-1E3093552477}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FDBF888-4408-4BBC-A906-BB97E26FA47D}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4192B15E-52CF-4ACF-AC53-1BCEE47113EE}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BE7AF8A-FAD4-40FE-85A6-950352AB9CCC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B7F60EF-5E7F-4675-A364-46B916C30733}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122CC82-279E-4949-AA9C-F6BC3BAE5C13}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-

8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a621dc1-fb43-11e0-9ee1-0026f25911e4}\Shell - "" = AutoRun
O33 - MountPoints2\{3a621dc1-fb43-11e0-9ee1-0026f25911e4}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{3a621ddb-fb43-11e0-9ee1-00261865aa1f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a621ddb-fb43-11e0-9ee1-00261865aa1f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{8207a51b-8a4c-11de-a56f-00261865aa1f}\Shell - "" = AutoRun
O33 - MountPoints2\{8207a51b-8a4c-11de-a56f-00261865aa1f}\Shell\AutoRun\command - "" = J:\laucher.exe
O33 - MountPoints2\{e3ca6d05-49f7-11df-bb49-00261865aa1f}\Shell - "" = AutoRun
O33 - MountPoints2\{e3ca6d05-49f7-11df-bb49-00261865aa1f}\Shell\AutoRun\command - "" = J:\laucher.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0D70DB0C-ADFD-B541-A147-04822989C0B9} - 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {88802E62-4167-E049-E4DA-A422BEA2B05B} - Browser Customizations
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.03 15:57:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.11.21 01:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.19 22:28:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.19 21:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012.11.13 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Mail_20121113
[2012.11.08 18:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.03 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 15:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.12.03 15:23:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.03 15:07:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.03 14:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 14:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 13:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.12.03 10:22:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.03 10:22:49 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.03 10:22:49 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.03 10:22:49 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.03 10:21:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.03 10:18:53 | 000,035,957 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.12.03 10:18:52 | 000,035,957 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.03 10:18:35 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 10:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 10:18:01 | 3211,972,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.03 10:14:58 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.21 01:17:36 | 000,205,824 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.19 22:28:10 | 000,000,782 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.18 18:40:04 | 001,725,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.13 23:16:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.03 22:56:26 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.19 22:28:10 | 000,000,782 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.19 22:28:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.03 22:56:26 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.25 09:56:03 | 000,002,048 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\cyberlabDESIGNER Prefs
[2012.03.16 21:56:36 | 000,047,104 | ---- | C] () -- C:\Windows\System32\AntUsbCIv2.dll
[2011.11.25 21:35:53 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Local\PUTTY.RND
[2010.12.18 16:27:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.08.08 18:24:22 | 000,001,356 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2010.06.20 20:22:00 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat
[2010.04.10 18:35:53 | 000,024,206 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\UserTile.png
[2009.10.05 22:25:00 | 000,001,024 | ---- | C] () -- C:\Users\XXX\.rnd
[2009.08.13 00:35:33 | 000,205,824 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.13 09:33:43 | 000,035,957 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.13 09:33:43 | 000,035,957 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.10.04 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AccumulatedSummary
[2009.09.02 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Aventail
[2011.12.26 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\becker
[2011.01.16 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CalculatedFieldsPlugin
[2012.10.02 22:20:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon
[2012.08.25 09:55:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\cyberlabDESIGNER
[2010.12.04 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.26 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla
[2012.11.21 01:11:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Free Download Manager
[2012.05.24 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GARMIN
[2010.06.28 18:36:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Geogrid
[2010.03.01 23:31:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HighScorePlugin
[2012.11.04 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JOSM
[2010.12.04 09:59:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mp3tag
[2009.12.08 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mquadr.at
[2011.05.12 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Open XML Editor
[2009.09.29 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OverlayPlugin
[2010.04.10 18:35:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PeerNetworking
[2009.09.29 21:18:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PerformancePredictorPlugin
[2012.01.31 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Scan2PDF
[2009.08.16 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.08.12 08:32:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.06.02 09:58:21 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.08.12 08:28:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.06.02 10:09:15 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.02 16:26:08 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.06.26 18:17:14 | 000,000,000 | ---D | M] -- C:\PCShareManagerUpload
[2012.12.03 10:53:52 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.12.03 10:14:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.08.12 08:28:24 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.07 23:34:46 | 000,000,000 | RHSD | M] -- C:\RECYCLER
[2012.12.03 16:01:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.08.12 08:32:22 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.13 23:16:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.10 22:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.08.13 06:19:07 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.08.13 06:19:07 | 000,001,118 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.03.28 18:10:08 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2012.10.14 20:34:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32

\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32

\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32

\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32

\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-

cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.09.12 12:48:26 | 000,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Program Files\Intel\Intel Matrix Storage 

Manager\driver64\IaStor.sys
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files\Intel\Intel Matrix Storage 

Manager\driver\IaStor.sys
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32

\DriverStore\FileRepository\iaahci.inf_3c4af4a0\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32

\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 

C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32

\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-

security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32

\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32

\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 

C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-

user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-

userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-

w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2009.10.05 22:25:02 | 000,001,024 | ---- | M] () -- C:\Users\XXX\.rnd
[2012.12.03 15:59:30 | 005,767,168 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2012.12.03 15:59:30 | 000,262,144 | -H-- | M] () -- C:\Users\XXX\ntuser.dat.LOG1
[2009.08.12 08:32:23 | 000,000,000 | -H-- | M] () -- C:\Users\XXX\ntuser.dat.LOG2
[2012.12.03 10:15:12 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.12.03 10:15:12 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-

ms
[2009.08.12 08:33:09 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-

ms
[2009.08.12 08:32:23 | 000,000,020 | -HS- | M] () -- C:\Users\XXX\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
		USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows 

SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 

ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 03.12.2012 15:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,63% Memory free
6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 249,89 Gb Free Space | 56,06% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,56 Gb Free Space | 47,81% Space Free | Partition Type: FAT32
Drive Z: | 1832,31 Gb Total Space | 236,12 Gb Free Space | 12,89% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Saturn Picture Center] -- "C:\Program Files\Saturn\Saturn Picture Center\Saturn Picture Center.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7

\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7

\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02216ECA-F0BD-47AE-A7E0-59906D24F4FC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4DB720EF-2D95-477E-8382-7904BE5489E3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5467AE89-C88C-4401-AFEE-C6C879C0BE29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{59D0B8FB-9550-4237-A990-35208A68B3CB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5F748D5F-EB2F-4E4B-A5D8-2D50236F707F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{67C815EE-0548-47DF-B611-8D45E06EEB7D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6A5AFF9F-3F56-490A-B160-20CD5C532A90}" = rport=138 | protocol=17 | dir=out | app=system | 
"{78B0D2B2-9B77-431F-8EB6-8F0A21BCF4CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A738D662-A040-4F6B-916A-F957A4980F7F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C07E89B5-B71A-442F-8FAA-D3485AC0476B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{C88796E8-61A9-4588-B87D-4B31B590931A}" = lport=4004 | protocol=6 | dir=in | name=medienmanager tcp port | 
"{C9D585EB-DF2F-4694-A4E6-BEA9B34BC6C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D369CB1F-8EB0-4E87-BD41-38849211A8D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E75CD32D-8863-455F-B0A9-3E9413F66C3C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EBEC3F50-DC74-4D9C-8C6B-72934460FBF0}" = lport=1900 | protocol=17 | dir=in | name=medienmanager upnp broadcast | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BA13BA-84FF-414F-9E76-7A895DFB8745}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\rescue.exe | 
"{17686534-6664-4944-9527-44C98E90A5E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3861E82F-997E-4FA0-B36F-2206F10FFB79}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe 

| 
"{536DAFAC-341C-476F-8586-00F12970C713}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{54184224-55EA-406D-84F0-F1D8C79E64F3}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe 

| 
"{5B135F37-79F3-4030-82F3-2D237BE42582}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{60ECD0FD-A078-4D36-B751-87A1839DB7C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6338BDB5-1C23-4539-B897-7F5309827C01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{63DCC56F-2601-4D34-99A3-531B2770C6A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6C7CC989-02E3-47AE-88AB-8CCE7D22161A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D4FE27D-D3CF-4204-9A4E-95614EAE19CB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6DE0AC03-7D54-4C4A-85E0-D7B8562E3BB1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{76F50E97-8B5A-4499-86C3-3A1867314BA4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{80118167-EBA5-4B9F-9E05-01E477988076}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\rescue.exe | 
"{87DB2A85-FE93-426A-AF46-3575C8228655}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8A43B7B4-AE58-4240-8F2C-B48A0C346B6C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{8CED8582-53A0-4A52-8D81-5073D83FE13E}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\qiswizard.exe | 
"{8CF7402F-27AC-4E0B-ADB8-F00CC1A428B2}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480

\program\logitechdesktopmessenger.exe | 
"{8D06FD49-23CB-45DE-B15D-8B3A41A252EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{90398EC4-6B96-4628-BDD7-2905BA8F672E}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\qiswizard.exe | 
"{9A4F847C-E120-4D25-AA07-1C0EC55DB03A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480

\program\logitechdesktopmessenger.exe | 
"{9CDD64E5-6578-4570-8860-AD0EED42C5EB}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\discovery.exe | 
"{AC541F4A-B9A3-45C5-AA83-759114556CBF}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\discovery.exe | 
"{ADC49351-0F12-493C-86D4-60B893A2C7EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B291244A-9340-44E2-B9C0-CF8C99957484}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{BFC87E5E-2FB9-4A66-B573-BF2852CF2EBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CD3C9DEA-42C5-4CFB-9E32-4904F6A8433D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{F9096CE8-DEC5-4851-A301-AA8FDD82F363}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FD3F4062-D454-4E84-B49C-5BF6A6615282}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"TCP Query User{021B1ADE-632F-42C8-A270-87D8193F3358}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet 

explorer\iexplore.exe | 
"TCP Query User{0BC970A0-E7D1-4A87-B314-555E8A346200}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6

\bin\javaw.exe | 
"TCP Query User{2FF3D845-FD9A-407D-B76E-DEF2F3EB4B21}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe 

| 
"TCP Query User{595AB770-E329-47E9-85A1-B30FF2C5E8BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6

\bin\javaw.exe | 
"TCP Query User{8170F382-BADA-4C2C-AB04-E914D8516511}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free 

download manager\fdm.exe | 
"TCP Query User{92B83349-FE36-4EC0-B1FB-984581D895A4}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free 

download manager\fdm.exe | 
"TCP Query User{C2FF3E64-3ECB-4961-BB38-41A3B45B2227}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6

\bin\java.exe | 
"TCP Query User{CC48E522-83BD-4704-ABB0-F1D3F3256C64}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program 

files\qnap\finder\finder.exe | 
"TCP Query User{F2C01355-2752-416C-ABC6-220FF2283874}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7

\bin\javaw.exe | 
"TCP Query User{F5D3E301-B51C-4ECD-8318-7F0E78005AD4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program 

files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{FD0AC802-5C1E-48B6-B4A4-D0154D7522A5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | 

dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{0820A41C-CD78-46BE-90FA-63A3B8446F53}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6

\bin\javaw.exe | 
"UDP Query User{1F962526-C1E5-4D07-995D-6364DBE5625B}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program 

files\qnap\finder\finder.exe | 
"UDP Query User{218C8C0A-84F6-4306-A355-DB00A5C2F2B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6

\bin\javaw.exe | 
"UDP Query User{281B65D9-8879-45F1-B93C-F88416E30C42}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program 

files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2CE647DF-6669-47C5-B1CC-9DBC3125E8F5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program 

files\videolan\vlc\vlc.exe | 
"UDP Query User{34C4ED0B-DBB3-4EC4-A66F-CFB0DF92079A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6

\bin\java.exe | 
"UDP Query User{5C52D926-3385-4AD0-930E-BF376D928ED0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet 

explorer\iexplore.exe | 
"UDP Query User{61A6C1B7-4312-4570-A8E7-DC8F6C990005}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free 

download manager\fdm.exe | 
"UDP Query User{7F95743E-958C-49DA-BDD0-EC22E13013E5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 

| dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{9279885D-4AE5-4ADA-8C90-2B8EF676C7B9}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free 

download manager\fdm.exe | 
"UDP Query User{A20271DA-771F-4AB7-A030-FF3AE590A9FE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7

\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{38365E47-3DD2-41F4-827B-F4CF7C8EF8B3}" = Garmin BaseCamp
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}" = Garmin MapInstall
"{617FB820-123E-4A9C-A97F-9238B5878487}" = AMap Fly 5.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{88CA8932-7987-4D7A-BEE3-227BDB3CA888}" = ASUS RT-N66U Wireless Router Utilities
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 

(SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 

(SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6D17D97-44CE-402E-BBF2-B38492CBFED7}" = Garmin ANT Agent
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C7ECF049-5398-4D99-A733-6D67052308CC}" = Geogrid®-Viewer
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D79DC615-EC9F-4EFA-9482-5911168D8F32}" = VideoBrowser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F57DADA5-BF42-4AA8-9992-2F6B63F4F3AB}" = Garmin Training Center
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"AC3ACM" = AC-3 ACM Codec
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"avast" = avast! Free Antivirus
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6200 series Benutzerregistrierung" = Canon MG6200 series Benutzerregistrierung
"Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CobBackup10" = Cobian Backup 10
"Content Manager 2" = Content Manager 2
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Updater" = Google Updater
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Mp3tag" = Mp3tag v2.47b
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Open XML Editor" = Open XML Editor
"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 13.5.32.0
"QNAP_FINDER" = QNAP Finder
"QNAP_NASNetBak" = QNAP NetBak Replicator
"Saturn Picture Center" = Saturn Picture Center
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"cyberlabDESIGNER" = cyberlabDESIGNER
"JOSM" = JOSM
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:13 | Computer Name = XXX| Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description = 
 
[ Cobian Backup Boletus VSC Service Events ]
Error - 17.11.2010 20:24:43 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
 
Error - 17.12.2010 20:03:54 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The creation of a shadow copy is already in progress.
 
Error - 10.01.2011 20:23:51 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
 
[ System Events ]
Error - 16.11.2012 10:35:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.11.2012 10:35:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.11.2012 10:41:23 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.11.2012 10:41:23 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.11.2012 13:39:32 | Computer Name = XXX | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00261865AA1F zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%258. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 18.11.2012 13:40:44 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = 
 
Error - 03.12.2012 04:36:43 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = 
 
Error - 03.12.2012 04:36:44 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = 
 
Error - 03.12.2012 05:19:30 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = 
 
Error - 03.12.2012 05:19:40 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Vielen Dank Tom
__________________

Alt 04.12.2012, 16:58   #4
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.12.2012, 23:45   #5
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Vielen Dank, hier ist der Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56516 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Flash cache emptied: 58694 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 199002653 bytes
->Temporary Internet Files folder emptied: 236191057 bytes
->Java cache emptied: 16550337 bytes
->FireFox cache emptied: 69706060 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27183370 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 523,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12042012_230929

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ich habe mir jetzt auch noch die letzten Logs angesehen und frage mich was mit
Code:
ATTFilter
[2012.11.19 22:28:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
         
ist? Gehört die evtl. auch entfernt? Sorry für die viell. unqualifizierte Frage.

Danke Tom


Alt 06.12.2012, 16:44   #6
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...

Alt 06.12.2012, 20:42   #7
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Vielen Dank.

Hier der Log:

Code:
ATTFilter
ComboFix 12-12-04.01 - *** 06.12.2012  20:02:15.1.8 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3062.1508 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\***\AppData\Local\assembly\tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-06 bis 2012-12-06  ))))))))))))))))))))))))))))))
.
.
2012-12-06 19:11 . 2012-12-06 19:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-05 01:19 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{590802BB-B754-4EE6-9FF5-07F87AB11D6E}\mpengine.dll
2012-12-04 22:09 . 2012-12-04 22:09	--------	d-----w-	C:\_OTL
2012-11-16 05:14 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 05:13 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-08 17:04 . 2012-11-08 17:04	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-03-30 05:17	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-01-23 18:21	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-01-23 18:21	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-01-23 18:21	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-01-23 18:21	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-01-23 18:21	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-01-23 18:20	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-01-23 18:20	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-10-14 19:58 . 2012-10-14 19:58	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-14 19:57 . 2012-10-14 19:59	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-14 19:57 . 2011-09-18 17:22	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-14 19:34 . 2012-04-16 18:41	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-14 19:34 . 2011-06-17 18:10	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2009-08-16 21:19	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 10:43	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-21 00:38 . 2012-11-21 00:38	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-29 981656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-2-4 25214]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-8-15 66864]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-10-9 3280896]
VideoBrowser Camera Monitor.lnk - c:\program files\PIXELA\VideoBrowser\CameraMonitor.exe [2012-6-17 636272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:34]
.
2012-12-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-12 19:19]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 05:15]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 05:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\
FF - ExtSQL: !HIDDEN! 2009-07-02 17:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Polar Sync - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-06 20:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Polar Sync = ?:\program files\polar\polar sync\????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1741.tmp"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-06  20:20:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-06 19:20
.
Vor Suchlauf: 7 Verzeichnis(se), 268.525.289.472 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 268.424.744.960 Bytes frei
.
- - End Of File - - DD136DA883D5FCEDA6D949DAACE293A7
         

Alt 06.12.2012, 21:11   #8
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Hi,
Anmerkung, bin von Morgen, bis Mittwoch im Urlaub.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 21:29   #9
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Danke danke danke.

TDSS killer Log

Code:
ATTFilter
21:20:26.0164 0536  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:20:26.0336 0536  ============================================================
21:20:26.0336 0536  Current date / time: 2012/12/06 21:20:26.0336
21:20:26.0336 0536  SystemInfo:
21:20:26.0336 0536  
21:20:26.0336 0536  OS Version: 6.0.6002 ServicePack: 2.0
21:20:26.0336 0536  Product type: Workstation
21:20:26.0336 0536  ComputerName: ***
21:20:26.0336 0536  UserName: ***
21:20:26.0336 0536  Windows directory: C:\Windows
21:20:26.0336 0536  System windows directory: C:\Windows
21:20:26.0336 0536  Processor architecture: Intel x86
21:20:26.0336 0536  Number of processors: 8
21:20:26.0336 0536  Page size: 0x1000
21:20:26.0336 0536  Boot type: Normal boot
21:20:26.0336 0536  ============================================================
21:20:26.0726 0536  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:20:26.0741 0536  Drive \Device\Harddisk1\DR1 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:20:26.0741 0536  ============================================================
21:20:26.0741 0536  \Device\Harddisk0\DR0:
21:20:26.0741 0536  MBR partitions:
21:20:26.0741 0536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B7F800
21:20:26.0772 0536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8030D, BlocksNum 0x2804934
21:20:26.0772 0536  \Device\Harddisk1\DR1:
21:20:26.0772 0536  MBR partitions:
21:20:26.0772 0536  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A0FC1
21:20:26.0772 0536  ============================================================
21:20:26.0835 0536  C: <-> \Device\Harddisk0\DR0\Partition1
21:20:26.0835 0536  D: <-> \Device\Harddisk0\DR0\Partition2
21:20:26.0835 0536  ============================================================
21:20:26.0835 0536  Initialize success
21:20:26.0835 0536  ============================================================
21:20:47.0380 4144  ============================================================
21:20:47.0380 4144  Scan started
21:20:47.0380 4144  Mode: Manual; SigCheck; TDLFS; 
21:20:47.0380 4144  ============================================================
21:20:47.0692 4144  ================ Scan system memory ========================
21:20:47.0692 4144  System memory - ok
21:20:47.0692 4144  ================ Scan services =============================
21:20:48.0378 4144  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:20:48.0488 4144  ACPI - ok
21:20:48.0644 4144  [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:20:48.0675 4144  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:20:48.0675 4144  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:20:48.0753 4144  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:20:48.0768 4144  AdobeFlashPlayerUpdateSvc - ok
21:20:48.0831 4144  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:20:48.0846 4144  adp94xx - ok
21:20:48.0893 4144  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:20:48.0909 4144  adpahci - ok
21:20:48.0924 4144  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:20:48.0940 4144  adpu160m - ok
21:20:48.0956 4144  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:20:48.0971 4144  adpu320 - ok
21:20:49.0002 4144  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:20:49.0034 4144  AeLookupSvc - ok
21:20:49.0080 4144  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
21:20:49.0096 4144  AFD - ok
21:20:49.0158 4144  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:20:49.0174 4144  agp440 - ok
21:20:49.0190 4144  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:20:49.0205 4144  aic78xx - ok
21:20:49.0205 4144  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:20:49.0252 4144  ALG - ok
21:20:49.0268 4144  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:20:49.0283 4144  aliide - ok
21:20:50.0438 4144  [ AAA1F9D4CF4C976C21BCA8AFA2BAE6A4 ] AllShare        C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
21:20:50.0656 4144  AllShare ( UnsignedFile.Multi.Generic ) - warning
21:20:50.0656 4144  AllShare - detected UnsignedFile.Multi.Generic (1)
21:20:50.0703 4144  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:20:50.0703 4144  amdagp - ok
21:20:50.0718 4144  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:20:50.0734 4144  amdide - ok
21:20:50.0781 4144  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:20:50.0812 4144  AmdK7 - ok
21:20:50.0828 4144  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:20:50.0843 4144  AmdK8 - ok
21:20:50.0890 4144  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:20:50.0921 4144  Appinfo - ok
21:20:50.0984 4144  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:20:50.0984 4144  Apple Mobile Device - ok
21:20:51.0015 4144  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:20:51.0030 4144  arc - ok
21:20:51.0046 4144  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:20:51.0062 4144  arcsas - ok
21:20:51.0093 4144  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:20:51.0108 4144  aswFsBlk - ok
21:20:51.0155 4144  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:20:51.0155 4144  aswMonFlt - ok
21:20:51.0186 4144  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
21:20:51.0202 4144  aswRdr - ok
21:20:51.0249 4144  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:20:51.0280 4144  aswSnx - ok
21:20:51.0296 4144  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:20:51.0311 4144  aswSP - ok
21:20:51.0374 4144  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:20:51.0389 4144  aswTdi - ok
21:20:51.0420 4144  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:51.0452 4144  AsyncMac - ok
21:20:51.0498 4144  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:20:51.0498 4144  atapi - ok
21:20:51.0561 4144  [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb         C:\Windows\system32\DRIVERS\athrusb.sys
21:20:51.0608 4144  athrusb - ok
21:20:51.0639 4144  atikmdag - ok
21:20:51.0686 4144  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:20:51.0701 4144  AudioEndpointBuilder - ok
21:20:51.0701 4144  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:20:51.0717 4144  Audiosrv - ok
21:20:51.0779 4144  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
21:20:51.0779 4144  avast! Antivirus - ok
21:20:51.0857 4144  [ BA8494FE6EE119AAD2505A57058B282E ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
21:20:51.0904 4144  BCMH43XX - ok
21:20:51.0966 4144  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:20:52.0044 4144  Beep - ok
21:20:52.0060 4144  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
21:20:52.0107 4144  BFE - ok
21:20:52.0263 4144  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
21:20:52.0310 4144  BITS - ok
21:20:52.0356 4144  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:20:52.0372 4144  blbdrive - ok
21:20:52.0466 4144  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:20:52.0481 4144  Bonjour Service - ok
21:20:52.0528 4144  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:20:52.0544 4144  bowser - ok
21:20:52.0575 4144  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:20:52.0606 4144  BrFiltLo - ok
21:20:52.0606 4144  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:20:52.0668 4144  BrFiltUp - ok
21:20:52.0684 4144  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:20:52.0731 4144  Browser - ok
21:20:52.0731 4144  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:20:52.0824 4144  Brserid - ok
21:20:52.0840 4144  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:20:52.0887 4144  BrSerWdm - ok
21:20:52.0887 4144  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:20:52.0949 4144  BrUsbMdm - ok
21:20:52.0965 4144  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:20:53.0012 4144  BrUsbSer - ok
21:20:53.0027 4144  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:20:53.0058 4144  BTHMODEM - ok
21:20:53.0074 4144  catchme - ok
21:20:53.0105 4144  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:20:53.0136 4144  cdfs - ok
21:20:53.0152 4144  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:20:53.0183 4144  cdrom - ok
21:20:53.0230 4144  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:20:53.0246 4144  CertPropSvc - ok
21:20:53.0261 4144  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
21:20:53.0292 4144  circlass - ok
21:20:53.0308 4144  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
21:20:53.0324 4144  CLFS - ok
21:20:53.0386 4144  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:53.0386 4144  clr_optimization_v2.0.50727_32 - ok
21:20:53.0464 4144  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:53.0464 4144  clr_optimization_v4.0.30319_32 - ok
21:20:53.0495 4144  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:20:53.0495 4144  cmdide - ok
21:20:53.0511 4144  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:20:53.0526 4144  Compbatt - ok
21:20:53.0526 4144  COMSysApp - ok
21:20:53.0526 4144  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:20:53.0542 4144  crcdisk - ok
21:20:53.0542 4144  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:20:53.0573 4144  Crusoe - ok
21:20:53.0620 4144  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:20:53.0651 4144  CryptSvc - ok
21:20:53.0698 4144  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:20:53.0729 4144  DcomLaunch - ok
21:20:53.0760 4144  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:20:53.0807 4144  DfsC - ok
21:20:53.0885 4144  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
21:20:54.0057 4144  DFSR - ok
21:20:54.0166 4144  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:20:54.0182 4144  Dhcp - ok
21:20:54.0228 4144  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
21:20:54.0228 4144  disk - ok
21:20:54.0275 4144  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:20:54.0306 4144  Dnscache - ok
21:20:54.0338 4144  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:20:54.0353 4144  dot3svc - ok
21:20:54.0384 4144  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:20:54.0400 4144  DPS - ok
21:20:54.0447 4144  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:20:54.0478 4144  drmkaud - ok
21:20:54.0525 4144  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:20:54.0540 4144  DXGKrnl - ok
21:20:54.0618 4144  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:20:54.0650 4144  E1G60 - ok
21:20:54.0696 4144  [ 64A6CF14DE229B0EDCD21FDB923E0B03 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
21:20:54.0712 4144  e1yexpress - ok
21:20:54.0759 4144  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:20:54.0790 4144  EapHost - ok
21:20:54.0852 4144  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:20:54.0868 4144  Ecache - ok
21:20:54.0899 4144  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:20:54.0915 4144  ehRecvr - ok
21:20:54.0930 4144  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
21:20:54.0946 4144  ehSched - ok
21:20:54.0962 4144  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
21:20:54.0977 4144  ehstart - ok
21:20:55.0024 4144  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:20:55.0055 4144  elxstor - ok
21:20:55.0118 4144  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:20:55.0164 4144  EMDMgmt - ok
21:20:55.0180 4144  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:20:55.0211 4144  ErrDev - ok
21:20:55.0258 4144  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
21:20:55.0289 4144  EventSystem - ok
21:20:55.0336 4144  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
21:20:55.0352 4144  exfat - ok
21:20:55.0383 4144  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:20:55.0398 4144  fastfat - ok
21:20:55.0445 4144  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:20:55.0461 4144  fdc - ok
21:20:55.0492 4144  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:20:55.0508 4144  fdPHost - ok
21:20:55.0523 4144  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:20:55.0554 4144  FDResPub - ok
21:20:55.0586 4144  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:20:55.0601 4144  FileInfo - ok
21:20:55.0617 4144  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:20:55.0648 4144  Filetrace - ok
21:20:55.0726 4144  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:20:55.0757 4144  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:20:55.0757 4144  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:20:55.0788 4144  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:55.0820 4144  flpydisk - ok
21:20:55.0835 4144  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:20:55.0851 4144  FltMgr - ok
21:20:55.0929 4144  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
21:20:55.0960 4144  FontCache - ok
21:20:56.0022 4144  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:20:56.0038 4144  FontCache3.0.0.0 - ok
21:20:56.0085 4144  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:20:56.0132 4144  Fs_Rec - ok
21:20:56.0147 4144  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:20:56.0163 4144  gagp30kx - ok
21:20:56.0178 4144  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:20:56.0194 4144  GEARAspiWDM - ok
21:20:56.0210 4144  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:20:56.0241 4144  gpsvc - ok
21:20:56.0303 4144  [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
21:20:56.0303 4144  grmnusb - ok
21:20:56.0428 4144  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca1bd5bdf912d C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:56.0444 4144  gupdate1ca1bd5bdf912d - ok
21:20:56.0459 4144  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:56.0475 4144  gupdatem - ok
21:20:56.0506 4144  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:20:56.0522 4144  gusvc - ok
21:20:56.0568 4144  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:20:56.0600 4144  HdAudAddService - ok
21:20:56.0631 4144  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:20:56.0693 4144  HDAudBus - ok
21:20:56.0724 4144  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:20:56.0756 4144  HidBth - ok
21:20:56.0802 4144  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:20:56.0880 4144  HidIr - ok
21:20:56.0943 4144  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
21:20:57.0005 4144  hidserv - ok
21:20:57.0021 4144  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:20:57.0052 4144  HidUsb - ok
21:20:57.0083 4144  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:20:57.0114 4144  hkmsvc - ok
21:20:57.0146 4144  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:20:57.0161 4144  HpCISSs - ok
21:20:57.0192 4144  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:20:57.0224 4144  HTTP - ok
21:20:57.0317 4144  hwdatacard - ok
21:20:57.0348 4144  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:20:57.0364 4144  i2omp - ok
21:20:57.0411 4144  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:20:57.0426 4144  i8042prt - ok
21:20:57.0598 4144  [ 0D16E362B66A0C1D01B015F517129D13 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:20:57.0707 4144  IAANTMON - ok
21:20:57.0879 4144  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:20:57.0894 4144  iaStor - ok
21:20:58.0082 4144  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:20:58.0160 4144  iaStorV - ok
21:20:58.0394 4144  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:58.0472 4144  idsvc - ok
21:20:58.0503 4144  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:20:58.0518 4144  iirsp - ok
21:20:58.0534 4144  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:20:58.0581 4144  IKEEXT - ok
21:20:58.0674 4144  [ 8832E6BE80EDFD3AFCF9241AA982AD3C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:20:58.0877 4144  IntcAzAudAddService - ok
21:20:58.0940 4144  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:20:58.0955 4144  intelide - ok
21:20:59.0018 4144  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:20:59.0080 4144  intelppm - ok
21:20:59.0142 4144  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:20:59.0205 4144  IPBusEnum - ok
21:20:59.0220 4144  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:20:59.0252 4144  IpFilterDriver - ok
21:20:59.0283 4144  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:20:59.0314 4144  iphlpsvc - ok
21:20:59.0314 4144  IpInIp - ok
21:20:59.0345 4144  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:20:59.0376 4144  IPMIDRV - ok
21:20:59.0376 4144  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:20:59.0423 4144  IPNAT - ok
21:20:59.0439 4144  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:20:59.0470 4144  iPod Service - ok
21:20:59.0486 4144  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
21:20:59.0501 4144  irda - ok
21:20:59.0517 4144  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:20:59.0548 4144  IRENUM - ok
21:20:59.0564 4144  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll
21:20:59.0626 4144  Irmon - ok
21:20:59.0657 4144  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:20:59.0673 4144  isapnp - ok
21:20:59.0704 4144  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:20:59.0720 4144  iScsiPrt - ok
21:20:59.0735 4144  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:20:59.0735 4144  iteatapi - ok
21:20:59.0751 4144  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:20:59.0766 4144  iteraid - ok
21:20:59.0782 4144  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:20:59.0782 4144  kbdclass - ok
21:20:59.0813 4144  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:20:59.0844 4144  kbdhid - ok
21:20:59.0876 4144  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
21:20:59.0922 4144  KeyIso - ok
21:20:59.0954 4144  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:20:59.0969 4144  KSecDD - ok
21:21:00.0032 4144  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:21:00.0094 4144  KtmRm - ok
21:21:00.0125 4144  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:21:00.0172 4144  LanmanServer - ok
21:21:00.0234 4144  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:00.0266 4144  LanmanWorkstation - ok
21:21:00.0312 4144  [ CB5D13966F74D7F000724A907F614193 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys
21:21:00.0328 4144  libusb0 - ok
21:21:00.0344 4144  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:21:00.0390 4144  lltdio - ok
21:21:00.0437 4144  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:21:00.0484 4144  lltdsvc - ok
21:21:00.0500 4144  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:21:00.0531 4144  lmhosts - ok
21:21:00.0546 4144  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:21:00.0562 4144  LSI_FC - ok
21:21:00.0578 4144  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:21:00.0578 4144  LSI_SAS - ok
21:21:00.0609 4144  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:21:00.0624 4144  LSI_SCSI - ok
21:21:00.0640 4144  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:21:00.0671 4144  luafv - ok
21:21:00.0687 4144  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:21:00.0718 4144  Mcx2Svc - ok
21:21:00.0734 4144  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:21:00.0749 4144  megasas - ok
21:21:00.0812 4144  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:21:00.0827 4144  MegaSR - ok
21:21:00.0827 4144  MEMSWEEP2 - ok
21:21:01.0217 4144  Microsoft SharePoint Workspace Audit Service - ok
21:21:01.0233 4144  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:21:01.0248 4144  MMCSS - ok
21:21:01.0264 4144  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:21:01.0295 4144  Modem - ok
21:21:01.0342 4144  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:21:01.0373 4144  monitor - ok
21:21:01.0420 4144  [ 9DA04F53C26E75190E394D7C3B4A7456 ] MosIrUsb        C:\Windows\system32\DRIVERS\MosIrUsb.sys
21:21:01.0436 4144  MosIrUsb - ok
21:21:01.0451 4144  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:21:01.0467 4144  mouclass - ok
21:21:01.0482 4144  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:21:01.0498 4144  mouhid - ok
21:21:01.0514 4144  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:21:01.0514 4144  MountMgr - ok
21:21:01.0545 4144  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:21:01.0560 4144  MozillaMaintenance - ok
21:21:01.0592 4144  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:21:01.0607 4144  mpio - ok
21:21:01.0623 4144  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:21:01.0654 4144  mpsdrv - ok
21:21:01.0685 4144  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:21:01.0779 4144  MpsSvc - ok
21:21:01.0841 4144  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:21:01.0857 4144  Mraid35x - ok
21:21:01.0888 4144  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:21:01.0935 4144  MRxDAV - ok
21:21:01.0966 4144  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:01.0997 4144  mrxsmb - ok
21:21:02.0013 4144  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:02.0044 4144  mrxsmb10 - ok
21:21:02.0044 4144  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:02.0075 4144  mrxsmb20 - ok
21:21:02.0122 4144  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:21:02.0138 4144  msahci - ok
21:21:02.0153 4144  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:21:02.0169 4144  msdsm - ok
21:21:02.0184 4144  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:21:02.0216 4144  MSDTC - ok
21:21:02.0231 4144  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:21:02.0262 4144  Msfs - ok
21:21:02.0278 4144  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:21:02.0294 4144  msisadrv - ok
21:21:02.0325 4144  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:21:02.0340 4144  MSiSCSI - ok
21:21:02.0356 4144  msiserver - ok
21:21:02.0372 4144  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:21:02.0403 4144  MSKSSRV - ok
21:21:02.0434 4144  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:02.0481 4144  MSPCLOCK - ok
21:21:02.0496 4144  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:21:02.0512 4144  MSPQM - ok
21:21:02.0528 4144  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:21:02.0543 4144  MsRPC - ok
21:21:02.0559 4144  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:02.0559 4144  mssmbios - ok
21:21:02.0574 4144  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:21:02.0590 4144  MSTEE - ok
21:21:02.0606 4144  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:21:02.0652 4144  Mup - ok
21:21:02.0668 4144  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
21:21:02.0715 4144  napagent - ok
21:21:02.0777 4144  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:21:02.0808 4144  NativeWifiP - ok
21:21:02.0855 4144  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:21:02.0902 4144  NDIS - ok
21:21:02.0933 4144  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:02.0980 4144  NdisTapi - ok
21:21:03.0027 4144  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:03.0042 4144  Ndisuio - ok
21:21:03.0058 4144  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:03.0089 4144  NdisWan - ok
21:21:03.0105 4144  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:21:03.0120 4144  NDProxy - ok
21:21:03.0214 4144  [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:21:03.0245 4144  Nero BackItUp Scheduler 3 - ok
21:21:03.0245 4144  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:21:03.0308 4144  NetBIOS - ok
21:21:03.0323 4144  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:21:03.0354 4144  netbt - ok
21:21:03.0370 4144  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
21:21:03.0386 4144  Netlogon - ok
21:21:03.0401 4144  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:21:03.0432 4144  Netman - ok
21:21:03.0448 4144  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:21:03.0495 4144  netprofm - ok
21:21:03.0510 4144  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:03.0526 4144  NetTcpPortSharing - ok
21:21:03.0542 4144  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:21:03.0557 4144  nfrd960 - ok
21:21:03.0573 4144  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:21:03.0588 4144  NlaSvc - ok
21:21:03.0651 4144  [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:21:03.0713 4144  NMIndexingService - ok
21:21:03.0744 4144  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:21:03.0822 4144  Npfs - ok
21:21:03.0838 4144  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:21:03.0885 4144  nsi - ok
21:21:03.0900 4144  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:21:03.0932 4144  nsiproxy - ok
21:21:03.0963 4144  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:21:03.0994 4144  Ntfs - ok
21:21:04.0041 4144  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:21:04.0088 4144  ntrigdigi - ok
21:21:04.0088 4144  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:21:04.0119 4144  Null - ok
21:21:04.0181 4144  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
21:21:04.0197 4144  NVHDA - ok
21:21:04.0368 4144  [ C8CB6135884CBC2A10225C4C3CEF0F95 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:04.0727 4144  nvlddmkm - ok
21:21:04.0743 4144  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:21:04.0774 4144  nvraid - ok
21:21:04.0805 4144  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:21:04.0821 4144  nvstor - ok
21:21:04.0836 4144  [ C1303870D5F9EAD4BEB68559AAB7A87B ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:21:04.0852 4144  nvsvc - ok
21:21:04.0868 4144  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:21:04.0883 4144  nv_agp - ok
21:21:04.0883 4144  NwlnkFlt - ok
21:21:04.0883 4144  NwlnkFwd - ok
21:21:04.0930 4144  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:21:04.0961 4144  ohci1394 - ok
21:21:05.0055 4144  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:05.0070 4144  ose - ok
21:21:05.0492 4144  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:05.0648 4144  osppsvc - ok
21:21:05.0726 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:21:05.0804 4144  p2pimsvc - ok
21:21:05.0819 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:21:05.0866 4144  p2psvc - ok
21:21:05.0944 4144  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:21:05.0975 4144  Parport - ok
21:21:06.0006 4144  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:21:06.0022 4144  partmgr - ok
21:21:06.0038 4144  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:21:06.0084 4144  Parvdm - ok
21:21:06.0100 4144  [ DD74552152055A8493872930A64E70DC ] PcaSp60         C:\Windows\system32\DRIVERS\PcaSp60.sys
21:21:06.0116 4144  PcaSp60 - ok
21:21:06.0131 4144  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:21:06.0162 4144  PcaSvc - ok
21:21:06.0194 4144  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
21:21:06.0194 4144  pci - ok
21:21:06.0225 4144  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:21:06.0225 4144  pciide - ok
21:21:06.0240 4144  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:21:06.0256 4144  pcmcia - ok
21:21:06.0303 4144  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:21:06.0350 4144  PEAUTH - ok
21:21:06.0662 4144  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:21:06.0802 4144  pla - ok
21:21:06.0849 4144  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:21:06.0864 4144  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:21:06.0864 4144  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:21:06.0911 4144  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:21:06.0974 4144  PlugPlay - ok
21:21:06.0989 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:21:07.0052 4144  PNRPAutoReg - ok
21:21:07.0067 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:21:07.0083 4144  PNRPsvc - ok
21:21:07.0161 4144  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:21:07.0254 4144  PolicyAgent - ok
21:21:07.0286 4144  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:21:07.0317 4144  PptpMiniport - ok
21:21:07.0332 4144  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:21:07.0364 4144  Processor - ok
21:21:07.0395 4144  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:21:07.0410 4144  ProfSvc - ok
21:21:07.0457 4144  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:07.0457 4144  ProtectedStorage - ok
21:21:07.0598 4144  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:21:07.0707 4144  PSched - ok
21:21:07.0738 4144  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:21:07.0738 4144  PxHelp20 - ok
21:21:07.0956 4144  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:21:08.0003 4144  ql2300 - ok
21:21:08.0034 4144  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:21:08.0050 4144  ql40xx - ok
21:21:08.0081 4144  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:21:08.0097 4144  QWAVE - ok
21:21:08.0097 4144  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:21:08.0112 4144  QWAVEdrv - ok
21:21:08.0128 4144  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:21:08.0159 4144  RasAcd - ok
21:21:08.0175 4144  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:21:08.0206 4144  RasAuto - ok
21:21:08.0222 4144  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:08.0253 4144  Rasl2tp - ok
21:21:08.0300 4144  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
21:21:08.0346 4144  RasMan - ok
21:21:08.0362 4144  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:08.0378 4144  RasPppoe - ok
21:21:08.0393 4144  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:21:08.0409 4144  RasSstp - ok
21:21:08.0440 4144  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:21:08.0456 4144  rdbss - ok
21:21:08.0471 4144  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:08.0518 4144  RDPCDD - ok
21:21:08.0534 4144  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:21:08.0549 4144  rdpdr - ok
21:21:08.0565 4144  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:21:08.0580 4144  RDPENCDD - ok
21:21:08.0612 4144  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:21:08.0643 4144  RDPWD - ok
21:21:08.0690 4144  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:21:08.0705 4144  RemoteAccess - ok
21:21:08.0736 4144  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:21:08.0768 4144  RemoteRegistry - ok
21:21:08.0846 4144  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
21:21:08.0877 4144  RimUsb - ok
21:21:08.0908 4144  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:21:08.0924 4144  RpcLocator - ok
21:21:08.0939 4144  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
21:21:08.0955 4144  RpcSs - ok
21:21:09.0002 4144  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:21:09.0033 4144  rspndr - ok
21:21:09.0064 4144  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
21:21:09.0080 4144  SamSs - ok
21:21:09.0095 4144  [ 68DE5B1E82D3DD10F5F6169522C7C88A ] SAVRKBootTasks  C:\Windows\system32\SAVRKBootTasks.sys
21:21:09.0095 4144  SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - warning
21:21:09.0095 4144  SAVRKBootTasks - detected UnsignedFile.Multi.Generic (1)
21:21:09.0126 4144  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:21:09.0142 4144  sbp2port - ok
21:21:09.0189 4144  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:21:09.0204 4144  SCardSvr - ok
21:21:09.0236 4144  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
21:21:09.0282 4144  Schedule - ok
21:21:09.0329 4144  [ 3B68015683C27CB00C7A6B60A37CBCFD ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
21:21:09.0329 4144  SCMNdisP - ok
21:21:09.0376 4144  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:21:09.0392 4144  SCPolicySvc - ok
21:21:09.0407 4144  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:21:09.0423 4144  SDRSVC - ok
21:21:09.0438 4144  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:21:09.0485 4144  secdrv - ok
21:21:09.0501 4144  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:21:09.0532 4144  seclogon - ok
21:21:09.0532 4144  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
21:21:09.0563 4144  SENS - ok
21:21:09.0579 4144  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:21:09.0626 4144  Serenum - ok
21:21:09.0641 4144  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:21:09.0688 4144  Serial - ok
21:21:09.0688 4144  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:21:09.0719 4144  sermouse - ok
21:21:09.0735 4144  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:21:09.0750 4144  SessionEnv - ok
21:21:09.0766 4144  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:21:09.0782 4144  sffdisk - ok
21:21:09.0797 4144  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:21:09.0860 4144  sffp_mmc - ok
21:21:09.0875 4144  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:21:09.0922 4144  sffp_sd - ok
21:21:09.0953 4144  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:21:09.0984 4144  sfloppy - ok
21:21:10.0000 4144  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:21:10.0047 4144  SharedAccess - ok
21:21:10.0062 4144  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:10.0078 4144  ShellHWDetection - ok
21:21:10.0094 4144  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:21:10.0109 4144  sisagp - ok
21:21:10.0125 4144  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:21:10.0140 4144  SiSRaid2 - ok
21:21:10.0156 4144  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:21:10.0172 4144  SiSRaid4 - ok
21:21:10.0234 4144  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
21:21:10.0343 4144  slsvc - ok
21:21:10.0406 4144  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:21:10.0421 4144  SLUINotify - ok
21:21:10.0437 4144  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:21:10.0452 4144  Smb - ok
21:21:10.0484 4144  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:21:10.0499 4144  SNMPTRAP - ok
21:21:10.0515 4144  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:21:10.0530 4144  spldr - ok
21:21:10.0562 4144  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
21:21:10.0593 4144  Spooler - ok
21:21:10.0624 4144  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:21:10.0640 4144  srv - ok
21:21:10.0655 4144  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:21:10.0671 4144  srv2 - ok
21:21:10.0686 4144  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:21:10.0702 4144  srvnet - ok
21:21:10.0733 4144  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:21:10.0749 4144  SSDPSRV - ok
21:21:10.0796 4144  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:21:10.0811 4144  SstpSvc - ok
21:21:10.0889 4144  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:21:10.0920 4144  stisvc - ok
21:21:10.0936 4144  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:21:10.0936 4144  swenum - ok
21:21:10.0998 4144  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
21:21:11.0061 4144  swprv - ok
21:21:11.0076 4144  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:21:11.0076 4144  Symc8xx - ok
21:21:11.0092 4144  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:21:11.0108 4144  Sym_hi - ok
21:21:11.0123 4144  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:21:11.0123 4144  Sym_u3 - ok
21:21:11.0154 4144  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
21:21:11.0201 4144  SysMain - ok
21:21:11.0264 4144  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:11.0295 4144  TabletInputService - ok
21:21:11.0326 4144  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:21:11.0342 4144  TapiSrv - ok
21:21:11.0388 4144  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:21:11.0451 4144  TBS - ok
21:21:11.0498 4144  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:21:11.0513 4144  Tcpip - ok
21:21:11.0529 4144  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:21:11.0591 4144  Tcpip6 - ok
21:21:11.0638 4144  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:21:11.0716 4144  tcpipreg - ok
21:21:11.0794 4144  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:21:11.0841 4144  TDPIPE - ok
21:21:11.0888 4144  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:21:11.0903 4144  TDTCP - ok
21:21:11.0934 4144  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:21:11.0966 4144  tdx - ok
21:21:11.0997 4144  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:21:11.0997 4144  TermDD - ok
21:21:12.0028 4144  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
21:21:12.0075 4144  TermService - ok
21:21:12.0122 4144  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:21:12.0137 4144  Themes - ok
21:21:12.0153 4144  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:21:12.0168 4144  THREADORDER - ok
21:21:12.0278 4144  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:21:12.0356 4144  TrkWks - ok
21:21:12.0449 4144  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:12.0512 4144  TrustedInstaller - ok
21:21:12.0543 4144  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:12.0558 4144  tssecsrv - ok
21:21:12.0574 4144  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:21:12.0605 4144  tunmp - ok
21:21:12.0621 4144  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:21:12.0636 4144  tunnel - ok
21:21:12.0652 4144  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:21:12.0668 4144  uagp35 - ok
21:21:12.0683 4144  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:21:12.0699 4144  udfs - ok
21:21:12.0730 4144  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:21:12.0761 4144  UI0Detect - ok
21:21:12.0777 4144  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:21:12.0792 4144  uliagpkx - ok
21:21:12.0808 4144  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:21:12.0824 4144  uliahci - ok
21:21:12.0839 4144  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:21:12.0855 4144  UlSata - ok
21:21:12.0886 4144  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:21:12.0902 4144  ulsata2 - ok
21:21:12.0933 4144  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:21:12.0948 4144  umbus - ok
21:21:12.0964 4144  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:21:12.0980 4144  upnphost - ok
21:21:13.0026 4144  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:21:13.0058 4144  USBAAPL - ok
21:21:13.0073 4144  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:13.0104 4144  usbccgp - ok
21:21:13.0136 4144  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:21:13.0182 4144  usbcir - ok
21:21:13.0229 4144  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:21:13.0245 4144  usbehci - ok
21:21:13.0260 4144  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:21:13.0292 4144  usbhub - ok
21:21:13.0307 4144  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:21:13.0338 4144  usbohci - ok
21:21:13.0370 4144  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:21:13.0401 4144  usbprint - ok
21:21:13.0432 4144  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:21:13.0448 4144  usbscan - ok
21:21:13.0448 4144  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:13.0463 4144  USBSTOR - ok
21:21:13.0479 4144  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:13.0526 4144  usbuhci - ok
21:21:13.0557 4144  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
21:21:13.0588 4144  UxSms - ok
21:21:13.0604 4144  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
21:21:13.0635 4144  vds - ok
21:21:13.0713 4144  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:13.0744 4144  vga - ok
21:21:13.0775 4144  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:21:13.0791 4144  VgaSave - ok
21:21:13.0806 4144  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:21:13.0822 4144  viaagp - ok
21:21:13.0838 4144  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:21:13.0853 4144  ViaC7 - ok
21:21:13.0900 4144  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:21:13.0916 4144  viaide - ok
21:21:13.0931 4144  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:21:13.0947 4144  volmgr - ok
21:21:13.0962 4144  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:21:13.0978 4144  volmgrx - ok
21:21:13.0978 4144  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:21:13.0994 4144  volsnap - ok
21:21:14.0040 4144  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:21:14.0056 4144  vsmraid - ok
21:21:14.0072 4144  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
21:21:14.0118 4144  VSS - ok
21:21:14.0165 4144  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
21:21:14.0181 4144  W32Time - ok
21:21:14.0196 4144  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:21:14.0228 4144  WacomPen - ok
21:21:14.0243 4144  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:21:14.0274 4144  Wanarp - ok
21:21:14.0274 4144  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:21:14.0290 4144  Wanarpv6 - ok
21:21:14.0306 4144  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:21:14.0352 4144  wcncsvc - ok
21:21:14.0384 4144  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:14.0446 4144  WcsPlugInService - ok
21:21:14.0493 4144  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:21:14.0524 4144  Wd - ok
21:21:14.0555 4144  [ 6D77FF2224D2D3984760ACBDF4024A7B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:21:14.0586 4144  Wdf01000 - ok
21:21:14.0618 4144  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:21:14.0649 4144  WdiServiceHost - ok
21:21:14.0649 4144  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:21:14.0664 4144  WdiSystemHost - ok
21:21:14.0711 4144  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
21:21:14.0742 4144  WebClient - ok
21:21:14.0758 4144  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:21:14.0774 4144  Wecsvc - ok
21:21:14.0789 4144  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:21:14.0820 4144  wercplsupport - ok
21:21:14.0852 4144  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:21:14.0883 4144  WerSvc - ok
21:21:14.0945 4144  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:21:14.0961 4144  WinDefend - ok
21:21:14.0961 4144  WinHttpAutoProxySvc - ok
21:21:14.0992 4144  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:21:15.0023 4144  Winmgmt - ok
21:21:15.0054 4144  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:21:15.0086 4144  WinRM - ok
21:21:15.0148 4144  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:21:15.0195 4144  Wlansvc - ok
21:21:15.0335 4144  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:15.0382 4144  wlidsvc - ok
21:21:15.0429 4144  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:21:15.0444 4144  WmiAcpi - ok
21:21:15.0476 4144  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:21:15.0491 4144  wmiApSrv - ok
21:21:15.0538 4144  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:21:15.0616 4144  WMPNetworkSvc - ok
21:21:15.0632 4144  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:21:15.0647 4144  WPCSvc - ok
21:21:15.0694 4144  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:21:15.0725 4144  WPDBusEnum - ok
21:21:15.0803 4144  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:21:15.0819 4144  WpdUsb - ok
21:21:15.0944 4144  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:21:15.0975 4144  WPFFontCache_v0400 - ok
21:21:15.0990 4144  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:21:16.0037 4144  ws2ifsl - ok
21:21:16.0053 4144  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
21:21:16.0084 4144  wscsvc - ok
21:21:16.0115 4144  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
21:21:16.0131 4144  WSDPrintDevice - ok
21:21:16.0162 4144  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
21:21:16.0193 4144  WSDScan - ok
21:21:16.0193 4144  WSearch - ok
21:21:16.0240 4144  [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100      C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
21:21:16.0256 4144  WSWNDA3100 ( UnsignedFile.Multi.Generic ) - warning
21:21:16.0256 4144  WSWNDA3100 - detected UnsignedFile.Multi.Generic (1)
21:21:16.0318 4144  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:21:16.0380 4144  wuauserv - ok
21:21:16.0443 4144  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:16.0474 4144  WUDFRd - ok
21:21:16.0505 4144  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:21:16.0536 4144  wudfsvc - ok
21:21:16.0568 4144  ================ Scan global ===============================
21:21:16.0599 4144  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:21:16.0630 4144  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:21:16.0646 4144  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:21:16.0677 4144  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:21:16.0677 4144  [Global] - ok
21:21:16.0677 4144  ================ Scan MBR ==================================
21:21:16.0677 4144  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
21:21:20.0982 4144  \Device\Harddisk0\DR0 - ok
21:21:20.0982 4144  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:21:21.0092 4144  \Device\Harddisk1\DR1 - ok
21:21:21.0092 4144  ================ Scan VBR ==================================
21:21:21.0138 4144  [ 0B695A41D49D8B5A30171D2D7FCEB72B ] \Device\Harddisk0\DR0\Partition1
21:21:21.0138 4144  \Device\Harddisk0\DR0\Partition1 - ok
21:21:21.0185 4144  [ 0554D65EA8284662E168D145B98BC792 ] \Device\Harddisk0\DR0\Partition2
21:21:21.0185 4144  \Device\Harddisk0\DR0\Partition2 - ok
21:21:21.0185 4144  [ 1BE18EAB5FDED4D70D79692FEE8D05E9 ] \Device\Harddisk1\DR1\Partition1
21:21:21.0201 4144  \Device\Harddisk1\DR1\Partition1 - ok
21:21:21.0201 4144  ============================================================
21:21:21.0201 4144  Scan finished
21:21:21.0201 4144  ============================================================
21:21:21.0201 4496  Detected object count: 6
21:21:21.0201 4496  Actual detected object count: 6
21:24:33.0408 4496  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:24:33.0408 4496  AllShare ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496  AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:24:33.0408 4496  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:24:33.0408 4496  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:24:33.0424 4496  SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0424 4496  SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:24:33.0424 4496  WSWNDA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0424 4496  WSWNDA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.12.2012, 21:32   #10
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Sehr schön.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 21:50   #11
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Here we go:


Code:
ATTFilter
AC-3 ACM Codec		18.12.2010		unbekannt
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	12.08.2009	14,0MB	unbekannt
Adobe Acrobat 7.1.0 Professional	Adobe Systems	04.02.2010	632MB	7.1.0	notwendig
Adobe AIR	Adobe Systems Incorporated	05.12.2011	37,5MB	3.1.0.4880	unnötig
Adobe Color Common Settings	Adobe Systems Incorporated	16.08.2009		1.0.1	unnötig
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	16.08.2009		2.0.2	unnötig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.10.2012		11.4.402.287	notwendig
Adobe InDesign CS3	Adobe Systems Incorporated	28.09.2009		5.0	unnötig
Adobe Photoshop CS3	Adobe Systems Incorporated	16.08.2009		10.0	notwendig
Adobe Photoshop Lightroom 2.6	Adobe	08.01.2010	101MB	2.6.1	notwendig
Adobe Reader 9.4.7 - Deutsch	Adobe Systems Incorporated	10.01.2012	167MB	9.4.7	notwendig
AMap Fly 5.0	EADS Deutschland GmbH	28.06.2010	41,4MB	6.6.0.0000	notwendig
Apple Application Support	Apple Inc.	08.11.2012	65,0MB	2.3	unbekannt
Apple Mobile Device Support	Apple Inc.	13.09.2012	23,1MB	6.0.0.59	notwendig
Apple Software Update	Apple Inc.	21.10.2011	2,38MB	2.1.3.127	notwendig
ASUS RT-N66U Wireless Router Utilities	ASUS	15.09.2012	12,2MB	4.2.3.9	notwendig
avast! Free Antivirus	AVAST Software	13.11.2012	162MB	7.0.1474.0	notwendig ???
Belkin Wireless USB Utility	Belkin	08.10.2010	1,19MB	6.3.2.16	unnötig
Bonjour	Apple Inc.	21.10.2011	1,02MB	3.0.0.10	notwendig
Canon Easy-PhotoPrint EX		22.05.2012	265MB	notwendig 
Canon Easy-PhotoPrint Pro		22.05.2012	37,0MB	notwendig 
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data		22.05.2012	37,0MB	notwendig 
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data		22.05.2012	11,7MB	notwendig 
Canon Easy-WebPrint EX		22.05.2012	6,81MB	notwendig 
Canon IJ Network Scanner Selector EX		22.05.2012	8,20MB	notwendig 
Canon IJ Network Tool		22.05.2012	2,07MB	notwendig 
CANON IMAGE GATEWAY Registrierungsanleitung	Canon Inc.	17.06.2012	1,50MB	1.0.0.2	notwendig 
Canon MG6200 series Benutzerregistrierung		22.05.2012	2,30MB	notwendig 
Canon MG6200 series MP Drivers		22.05.2012	452MB	notwendig 
Canon MG6200 series On-screen Manual		22.05.2012	26,3MB	notwendig 
Canon MP Navigator EX 5.0		22.05.2012	76,0MB	notwendig 
Canon My Printer		22.05.2012	5,60MB	notwendig 
Canon Solution Menu EX		22.05.2012	16,5MB	notwendig 
CCleaner	Piriform	24.09.2012	2,71MB	3.23	notwendig 
Cobian Backup 10		21.10.2010	28,4MB	unnötig
Compatibility Pack für 2007 Office System	Microsoft Corporation	16.11.2012	70,5MB	12.0.6612.1000	notwendig 
Content Manager 2	NNG Llc.	26.12.2011	32,8MB	3.2.0.15965	unbekannt
cyberlabDESIGNER	Transeo Media Ltd	25.08.2012	44,9MB	cyberlabDESIGNER 2.5.8	unnötig
Debugging Tools for Windows (x86)	Microsoft Corporation	20.08.2009	38,5MB	6.11.1.404	unnötig
Evernote v. 4.5.10	Evernote Corp.	19.11.2012	131MB	4.5.10.7472	notwendig 
ffdshow v1.1.3562 [2010-09-07]		18.12.2010	17,0MB	1.1.3562.0 	unnötig
FileZilla Client 3.2.7.1		25.09.2009	15,7MB	3.2.7.1	notwendig 
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	04.12.2010	3,03MB	
Free Download Manager 3.0	FreeDownloadManager.ORG	13.08.2009	18,5MB		notwendig 
Garmin ANT Agent	Garmin Ltd or its subsidiaries	26.10.2012	16,9MB	2.3.3	notwendig 
Garmin BaseCamp	Garmin Ltd or its subsidiaries	11.11.2012	100MB	4.0.4	notwendig 
Garmin Communicator Plugin	Garmin Ltd or its subsidiaries	16.01.2011	11,6MB	2.9.3	notwendig 
Garmin MapInstall	Garmin Ltd or its subsidiaries	04.11.2012	29,4MB	4.0.3	notwendig 
Garmin MapSource	Garmin Ltd or its subsidiaries	09.01.2012	58,0MB	6.16.3	notwendig 
Garmin Training Center	Garmin Ltd or its subsidiaries	26.10.2012	86,8MB	3.6.5	notwendig 
Garmin USB Drivers	Garmin Ltd or its subsidiaries	26.10.2012	580KB	2.3.1.0	notwendig 
Garmin WebUpdater	Garmin Ltd or its subsidiaries	16.06.2012	15,6MB	2.5.6	notwendig 
Google Earth	Google	20.11.2011	92,7MB	6.1.0.5001	unbekannt
Google Toolbar for Internet Explorer	Google Inc.	19.09.2012	24,3MB	7.4.3230.2052	unnötig
Google Updater	Google Inc.	28.09.2011	4,56MB	2.4.2432.1652	unbekannt
iCloud	Apple Inc.	20.09.2012	47,5MB	2.0.2.187	notwendig 
Intel(R) Network Connections 13.5.32.0	Intel	02.06.2009	53,3MB	13.5.32.0	unbekannt
Intel® Matrix Storage Manager	Intel Corporation	12.08.2009	46,8MB	unbekannt
iTunes	Apple Inc.	13.09.2012	180MB	10.7.0.21	notwendig 
Japanese Fonts Support For Adobe Reader 9	Adobe Systems Incorporated	06.12.2010	16,4MB	9.0.0	unnötig
Java 7 Update 7	Oracle	14.10.2012	128MB	7.0.70	notwendig 
Java(TM) 6 Update 31	Oracle	15.04.2012	95,1MB	6.0.310	unnötig
JOSM	OpenStreetMap	18.06.2012			notwendig 
Logitech Desktop Messenger	Logitech, Inc.	15.08.2010	9,75MB	2.54.11	notwendig 
Logitech Harmony Remote Software 7	Logitech	15.08.2010	88,2MB	7.7.0.0	notwendig 
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	03.12.2012	4,00MB	1.65.1.1000 notwendig ???
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	02.06.2009	37,3MB	unbekannt
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	02.06.2009	37,3MB		unbekannt	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.06.2010	120MB	4.0.30319	unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.06.2010	24,5MB	4.0.30319	unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	19.09.2011	7,95MB	14.0.5130.5003	unbekannt
Microsoft Office Language Pack 2010 - German/Deutsch	Microsoft Corporation	28.06.2012	0,97GB	14.0.6029.1000	notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	26.05.2010	506KB	2.0.4024.1	notwendig
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	16.11.2012	100MB	12.0.6612.1000	notwendig
Microsoft Office Professional Plus 2010	Microsoft Corporation	27.06.2012	0,97GB	14.0.6029.1000	unbekannt
Microsoft Silverlight	Microsoft Corporation	16.05.2012	25,9MB	5.1.10411.0	unbekannt
Microsoft SQL Server 2005 Compact Edition [DEU]	Microsoft Corporation	02.06.2009	332KB	3.1.0000	unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	02.06.2009	1,74MB	3.1.0000	unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	13.10.2009	251KB	8.0.50727.4053	unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.06.2011	294KB	8.0.61001	unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	13.10.2009	199KB	9.0.30729.4148	unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	21.04.2011	592KB	9.0.30729.5570	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	13.08.2009	590KB	9.0.30729	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	23.01.2011	589KB	9.0.30729.4148	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	18.06.2011	594KB	9.0.30729.6161	unbekannt
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	06.12.2012	42,7MB	17.0.1	notwendig	
Mozilla Firefox 4.0.1 (x86 de)	Mozilla	16.06.2011	40,6MB	4.0.1	unnötig
Mozilla Maintenance Service	Mozilla	06.12.2012	216KB	17.0.1	unbekannt
Mp3tag v2.47b	Florian Heidenreich	04.12.2010	6,91MB	v2.47b	notwendig
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	02.06.2009	1,27MB	4.20.9848.0	unbekannt
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	02.06.2009	1,27MB	4.20.9849.0	unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	02.06.2009	1,29MB	4.20.9870.0	unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,34MB	4.20.9876.0	unbekannt
Naviextras Toolbox Prerequesities	NNG Llc.	26.12.2011	4,05MB	1.0.0	unbekannt
Nero 8 Essentials	Nero AG	05.10.2009	1,91GB	8.3.465	notwendig
NETGEAR WNDA3100v2 wireless USB 2.0 adapter	NETGEAR	09.10.2010	23,1MB	1.0.0.133	unnötig
NVIDIA Display Control Panel	NVIDIA Corporation	19.04.2010	19,7MB	6.14.11.9745	notwendig
NVIDIA Drivers	NVIDIA Corporation	19.04.2010	2,88GB	1.10.59.37	notwendig
NVIDIA PhysX	NVIDIA Corporation	13.07.2009	119MB	9.09.0428	notwendig	
Open XML Editor	Dieter Köhler	12.05.2011	3,47MB	unbekannt
OpenStreetMap Plugin V2	Old Man Biking	24.05.2010	2,18MB	1.0.3788.41447 as of 2010-05-16	notwendig
Picasa 3	Google, Inc.	02.01.2011	74,3MB	3.8	notwendig
Polar ProTrainer		29.09.2009	27,5MB	5.10.120	notwendig
QNAP Finder	QNAP Systems, Inc.	23.11.2011	43,0MB	3.4.2.0303	notwendig
QNAP NetBak Replicator		24.11.2011		notwendig
QuickTime	Apple Inc.	08.11.2012	73,1MB	7.73.80.64	notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	02.06.2009	10,0MB	6.0.1.5804	unbekannt
Remote Control USB Driver		15.08.2010	3,61MB	2.3.2.317	notwendig
SAMSUNG PC Share Manager	SAMSUNG	24.06.2011	24,4MB	4.0	unnötig
Saturn Picture Center		26.09.2009	128MB	unnötig
Sophos Anti-Rootkit 1.5.0	Sophos Plc	27.09.2009	2,66MB	1.5.0	unnötig
SportTracks 2.1	Zone Five Software	21.08.2009	6,32MB	2.1.3478 unnötig
SportTracks 3.1	Zone Five Software	09.06.2012	8,46MB	3.1.4518	notwendig
Uninstall 1.0.0.1		04.12.2010	31,3MB	unbekannt
VideoBrowser	PIXELA	17.06.2012	164MB	1.01.100	notwendig
VLC media player 2.0.4	VideoLAN	03.11.2012	72,6MB	2.0.4	notwendig
Winamp	Nullsoft, Inc	02.08.2010	37,7MB	5.581 unnötig
Winamp Erkennungs-Plug-in	Nullsoft, Inc	02.08.2010	132KB	1.0.0.1	unnötig
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)	Dynastream Innovations	26.10.2012		07/07/2009 1.12.2	unbekannt
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)	Garmin	26.10.2012		04/19/2012 2.3.1.0	notwendig
Windows Live Essentials	Microsoft Corporation	02.06.2009	136MB	14.0.8050.1202	unnötig
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	26.05.2010	4,68MB	6.500.3165.0	unnötig
Windows Live Sync	Microsoft Corporation	02.06.2009	2,79MB	14.0.8050.1202	unnötig
Windows Live-Uploadtool	Microsoft Corporation	02.06.2009	225KB	14.0.8014.1029	unnötig
Windows Media Player Firefox Plugin	Microsoft Corp	11.09.2011	296KB	1.0.0.8	notwendig
WinRAR		12.08.2009	3,72MB	notwendig
Xirrus Wi-Fi Inspector	Xirrus	08.10.2010	43,6MB	1.2.0000	unnötig
         

Alt 06.12.2012, 21:55   #12
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Adobe Acrobat 7.1.0 Komplett veraltet, ein Upgrade auf Version 11 ist nötig, schon aus sicherheitstechnischen Gründen!

Deinstaliere:
Adobe : alle für dich unnötigen.
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Cobian
cyberlabDESIGNER
Debugging
ffdshow
Google : alle
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Naviextras
NETGEAR
SAMSUNG
Saturn
Sophos
Windows Live : alle für dich unnötigen
Xirrus

Öffne ccleaner, analysieren starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 23:33   #13
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



puuuh. danke.

also:

Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 06/12/2012 um 23:30:33 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : \\NAS\Download\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [990 octets] - [06/12/2012 23:30:33]

########## EOF - C:\AdwCleaner[R1].txt - [1049 octets] ##########
         

Alt 06.12.2012, 23:34   #14
markusg
/// Malware-holic
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

neustarten, testen wie PC und Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 23:52   #15
tomtheone
 
Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Standard

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...



Thx!

Hier ist der Log:

Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 06/12/2012 um 23:43:02 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - *** -PC
# Bootmodus : Normal
# Ausgeführt unter : \\NAS\Download\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1118 octets] - [06/12/2012 23:30:33]
AdwCleaner[S1].txt - [1052 octets] - [06/12/2012 23:43:02]

########## EOF - C:\AdwCleaner[S1].txt - [1112 octets] ##########
         
Nach erster KURZanalyse scheint alles normal zu laufen.

Antwort

Themen zu Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...
administrator, anti-malware, antivirus, appdata, automatisch, autostart, avast, beim starten, code, computer, dateien, erste mal, explorer, gelöscht, gen, lsass.exe, malwarebytes, microsoft, neustart, quarantäne, roaming, service pack 2, speicher, starten, vista



Ähnliche Themen: Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...


  1. Trojaner eingefangen: Polizei. Warnung. Zugang zu ihrem Brouser wurde gesperrt.
    Log-Analyse und Auswertung - 31.03.2015 (11)
  2. Polizei sperrt Computer (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (17)
  3. Computer gesperrt /Trojaner-Polizei Österreich
    Log-Analyse und Auswertung - 30.08.2013 (9)
  4. Computer wurde gesperrt - "Polizei" Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (15)
  5. Ich Computer wurde gesperrt - Bundesamt für Polizei
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (3)
  6. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (12)
  7. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  8. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (11)
  9. Computer durch Polizei gesperrt inkl. WebCam (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  10. Polizei - Ihr Computer wurde gesperrt - Österreich
    Log-Analyse und Auswertung - 05.11.2012 (18)
  11. Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei
    Log-Analyse und Auswertung - 27.10.2012 (40)
  12. Österreiche Polizei-Virus, Ihr Computer wurde gesperrt....
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (37)
  13. BKA Trojaner? - der computer ist für die verletzung der gesetze der republik österreich gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (15)
  14. Ihr Computer wurde gesperrt - Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  15. Bundespolizei (Österreich) - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 20.07.2012 (9)
  16. Ihr Computer wurde gesperrt + Polizei + Ukash
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. POLIZEI - Ihr Computer wurde gesperrt - 100 Euro Trojaner
    Log-Analyse und Auswertung - 06.06.2012 (3)

Zum Thema Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... - Hallo, ich bin auch Opfer des Polizei-Trojaners geworden: Ich werde mit einem Logo der österreichischen Polizei aufgefordert, EUR 100 zum entspreren meines Rechners zu zahlen. Ist das erste Mal unvermittelt - Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt......
Archiv
Du betrachtest: Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.