Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei - Ihr Computer wurde gesperrt, Ukash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.06.2012, 13:19   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.06.2012, 21:03   #17
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,

hier ist das neue OTL-Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2012 21:46:36 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Lutz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,24 Gb Available Physical Memory | 90,76% Memory free
15,96 Gb Paging File | 15,25 Gb Available in Paging File | 95,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,32 Gb Total Space | 580,63 Gb Free Space | 85,47% Space Free | Partition Type: NTFS
 
Computer Name: LUTZ-VAIO | User Name: Lutz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 21:41:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.30 19:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.06.12 19:13:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.20 16:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.01.13 11:41:36 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011.11.03 21:30:26 | 000,138,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.11.03 21:30:26 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.10.24 15:49:14 | 000,958,112 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.09.23 20:18:38 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.09.08 17:44:00 | 000,549,408 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.09.08 16:29:16 | 000,381,488 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.08.26 19:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.07.15 16:43:38 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.07.07 15:44:12 | 000,066,696 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.07.05 19:10:04 | 000,098,976 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.07.05 17:41:26 | 000,138,400 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.06.24 22:34:09 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.06.24 22:33:54 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.06.16 21:23:42 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.31 16:51:20 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2011.04.18 22:00:50 | 000,223,544 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe -- (MOBK649backup)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.24 05:05:12 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2010.02.24 05:05:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.07.20 23:10:19 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.07.05 19:10:42 | 000,496,800 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.07.05 19:10:40 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.07.05 19:10:38 | 000,167,072 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.07.05 19:10:38 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.07.05 19:10:38 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.07.05 19:10:36 | 000,330,400 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.07.05 19:10:36 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.07.05 19:10:36 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.07.05 19:10:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011.06.24 22:33:53 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.06.23 23:51:41 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2011.06.23 23:44:52 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011.06.23 23:26:45 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.22 22:06:30 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.21 01:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.18 22:00:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\MOBK649.sys -- (MOBK649Filter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007.04.17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 21:44:21 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [ylwjrdbirmccoeg] C:\ProgramData\ylwjrdbi.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\RunOnce: [MvtApp.exe] C:\Users\Lutz\AppData\Local\Temp\McInstaller\MVTInstaller.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B5678AB-ABE2-4386-9B89-8DD52F17C056}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA9A3F60-A80C-491D-9768-F2248DAEF8CA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 21:41:54 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2012.06.27 21:49:06 | 000,000,000 | R--D | C] -- C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.06.23 10:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.20 20:13:50 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Lutz\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.18 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes
[2012.06.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.18 18:53:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.18 18:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2012.06.18 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\jsorbhknqhvjyjg
[2012.06.16 08:21:14 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{48547DCF-9B60-4C35-9BFF-47084E501207}
[2012.06.13 23:17:01 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{6BE25665-27B6-4F13-8F04-E4C9398E2975}
[2012.06.13 23:16:40 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{0D4AE072-6750-43B1-ACFA-79D919691403}
[2012.06.11 22:26:41 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{325F8C04-F6A8-4E81-9EEB-206DC461D41C}
[2012.06.11 22:26:30 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{BE33C3DE-E3B7-4727-B1BE-01C473E246F9}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 21:41:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2012.06.28 21:36:31 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.06.28 21:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 21:36:14 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 20:30:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.20 20:15:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.20 20:14:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Lutz\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.18 20:14:30 | 000,000,000 | ---- | M] () -- C:\Users\Lutz\defogger_reenable
[2012.06.18 19:13:34 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 19:13:34 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 19:13:34 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 19:13:34 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 19:13:34 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 18:08:18 | 000,000,052 | ---- | M] () -- C:\ProgramData\piscchdeyvhsktu
[2012.06.18 18:08:13 | 000,073,728 | ---- | M] () -- C:\ProgramData\ylwjrdbi.exe
[2012.06.18 18:08:13 | 000,073,728 | ---- | M] () -- C:\ProgramData\maetvqly.exe
[2012.06.18 17:10:34 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 17:10:34 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 10:36:30 | 000,002,042 | ---- | M] () -- C:\Windows\MOBK649.blk
[2012.06.17 10:36:30 | 000,001,032 | ---- | M] () -- C:\Windows\MOBK649.flt
[2012.06.14 20:56:23 | 000,385,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.18 20:14:30 | 000,000,000 | ---- | C] () -- C:\Users\Lutz\defogger_reenable
[2012.06.18 18:53:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 18:08:18 | 000,073,728 | ---- | C] () -- C:\ProgramData\ylwjrdbi.exe
[2012.06.18 18:08:18 | 000,073,728 | ---- | C] () -- C:\ProgramData\maetvqly.exe
[2012.06.18 18:08:14 | 000,000,052 | ---- | C] () -- C:\ProgramData\piscchdeyvhsktu
[2012.03.18 18:22:08 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.08.28 06:47:58 | 000,340,992 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2011.06.27 08:25:40 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.02.11 01:03:27 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.02.05 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Amazon
[2011.12.24 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Garmin
[2012.02.28 00:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\iolo
[2012.04.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\pdfforge
[2011.12.24 17:12:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\PTV AG
[2011.12.22 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Samsung
[2012.06.17 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Sony
[2012.04.09 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Temp
[2011.12.23 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Windows Live Writer
[2012.03.06 22:16:58 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.18 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Adobe
[2012.02.05 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Amazon
[2012.01.07 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\ArcSoft
[2011.12.18 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Atheros
[2012.05.05 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\dvdcss
[2011.12.24 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Garmin
[2011.12.18 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Identities
[2011.12.18 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Intel Corporation
[2012.02.28 00:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\iolo
[2011.08.28 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Macromedia
[2012.06.18 18:53:30 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes
[2012.01.04 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\McAfee
[2011.05.27 23:57:27 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Media Center Programs
[2012.05.17 13:36:31 | 000,000,000 | --SD | M] -- C:\Users\Lutz\AppData\Roaming\Microsoft
[2011.12.27 15:02:42 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\NVIDIA
[2012.04.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\pdfforge
[2011.12.24 17:12:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\PTV AG
[2011.12.22 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Samsung
[2012.06.17 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Sony
[2011.12.27 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Sony Corporation
[2012.04.09 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Temp
[2012.05.05 22:01:18 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\vlc
[2011.12.23 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.08.28 06:11:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Lutz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.04.02 22:07:25 | 000,106,408 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.04.02 22:07:25 | 000,101,288 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.04.02 22:07:26 | 000,021,416 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.03 10:50:16 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.02.03 10:50:20 | 000,278,928 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.02.03 10:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.02.03 10:50:22 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.04.02 22:07:25 | 000,106,408 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.04.02 22:07:25 | 000,101,288 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.02.03 10:50:26 | 000,131,984 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.04.02 22:07:26 | 000,021,416 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.02.03 10:50:28 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.12.23 13:58:10 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.02.03 10:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---
__________________


Alt 29.06.2012, 11:54   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=http://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [ylwjrdbirmccoeg] C:\ProgramData\ylwjrdbi.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\ProgramData\jsorbhknqhvjyjg
C:\ProgramData\ylwjrdbi.exe
C:\ProgramData\maetvqly.exe
C:\ProgramData\piscchdeyvhsktu
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________

Alt 29.06.2012, 21:39   #19
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,
immerhin kann ich jetzt wieder im Normalmodus arbeiten. Das ist ja schon mal schön.

Hier ist das neue Log:
Code:
ATTFilter
 All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}\ not found.
Registry key HKEY_USERS\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ylwjrdbirmccoeg deleted successfully.
C:\ProgramData\ylwjrdbi.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\ProgramData\jsorbhknqhvjyjg folder moved successfully.
File\Folder C:\ProgramData\ylwjrdbi.exe not found.
C:\ProgramData\maetvqly.exe moved successfully.
C:\ProgramData\piscchdeyvhsktu moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lutz
->Temp folder emptied: 318916513 bytes
->Temporary Internet Files folder emptied: 421771956 bytes
->Java cache emptied: 15317 bytes
->Flash cache emptied: 62640 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241157243 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56180 bytes
RecycleBin emptied: 129313 bytes
 
Total Files Cleaned = 937,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Lutz
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06292012_222633

Files\Folders moved on Reboot...
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 29.06.2012, 23:11   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2012, 07:58   #21
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,

hier ist das Log des Kaspersky TDSS-Killers:

Code:
ATTFilter
 08:50:11.0543 7532	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
08:50:11.0762 7532	============================================================
08:50:11.0762 7532	Current date / time: 2012/06/30 08:50:11.0762
08:50:11.0762 7532	SystemInfo:
08:50:11.0762 7532	
08:50:11.0762 7532	OS Version: 6.1.7601 ServicePack: 1.0
08:50:11.0762 7532	Product type: Workstation
08:50:11.0762 7532	ComputerName: LUTZ-VAIO
08:50:11.0762 7532	UserName: Lutz
08:50:11.0762 7532	Windows directory: C:\Windows
08:50:11.0762 7532	System windows directory: C:\Windows
08:50:11.0762 7532	Running under WOW64
08:50:11.0762 7532	Processor architecture: Intel x64
08:50:11.0762 7532	Number of processors: 8
08:50:11.0762 7532	Page size: 0x1000
08:50:11.0762 7532	Boot type: Normal boot
08:50:11.0762 7532	============================================================
08:50:12.0214 7532	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:50:12.0214 7532	============================================================
08:50:12.0214 7532	\Device\Harddisk0\DR0:
08:50:12.0214 7532	MBR partitions:
08:50:12.0214 7532	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2670000, BlocksNum 0x32000
08:50:12.0214 7532	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x26A2000, BlocksNum 0x54EA3EF0
08:50:12.0214 7532	============================================================
08:50:12.0245 7532	C: <-> \Device\Harddisk0\DR0\Partition1
08:50:12.0245 7532	============================================================
08:50:12.0245 7532	Initialize success
08:50:12.0245 7532	============================================================
08:51:38.0217 6964	============================================================
08:51:38.0217 6964	Scan started
08:51:38.0217 6964	Mode: Manual; SigCheck; TDLFS; 
08:51:38.0217 6964	============================================================
08:51:38.0826 6964	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:51:38.0950 6964	1394ohci - ok
08:51:39.0060 6964	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:51:39.0091 6964	ACDaemon - ok
08:51:39.0153 6964	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:51:39.0200 6964	ACPI - ok
08:51:39.0216 6964	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:51:39.0309 6964	AcpiPmi - ok
08:51:39.0403 6964	AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
08:51:39.0434 6964	AdobeActiveFileMonitor9.0 - ok
08:51:39.0512 6964	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:51:39.0528 6964	AdobeARMservice - ok
08:51:39.0652 6964	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:51:39.0668 6964	AdobeFlashPlayerUpdateSvc - ok
08:51:39.0730 6964	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:51:39.0762 6964	adp94xx - ok
08:51:39.0808 6964	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:51:39.0855 6964	adpahci - ok
08:51:39.0886 6964	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:51:39.0918 6964	adpu320 - ok
08:51:39.0949 6964	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:51:40.0074 6964	AeLookupSvc - ok
08:51:40.0136 6964	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:51:40.0214 6964	AFD - ok
08:51:40.0261 6964	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:51:40.0276 6964	agp440 - ok
08:51:40.0323 6964	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:51:40.0386 6964	ALG - ok
08:51:40.0432 6964	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:51:40.0448 6964	aliide - ok
08:51:40.0464 6964	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:51:40.0464 6964	amdide - ok
08:51:40.0495 6964	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:51:40.0542 6964	AmdK8 - ok
08:51:40.0557 6964	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:51:40.0604 6964	AmdPPM - ok
08:51:40.0635 6964	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:51:40.0666 6964	amdsata - ok
08:51:40.0682 6964	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:51:40.0698 6964	amdsbs - ok
08:51:40.0729 6964	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:51:40.0729 6964	amdxata - ok
08:51:40.0776 6964	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:51:40.0916 6964	AppID - ok
08:51:40.0947 6964	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:51:41.0010 6964	AppIDSvc - ok
08:51:41.0041 6964	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:51:41.0119 6964	Appinfo - ok
08:51:41.0150 6964	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:51:41.0166 6964	arc - ok
08:51:41.0181 6964	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:51:41.0197 6964	arcsas - ok
08:51:41.0228 6964	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:51:41.0228 6964	ArcSoftKsUFilter - ok
08:51:41.0337 6964	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:51:41.0368 6964	aspnet_state - ok
08:51:41.0384 6964	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:51:41.0462 6964	AsyncMac - ok
08:51:41.0493 6964	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:51:41.0493 6964	atapi - ok
08:51:41.0540 6964	AthBTPort       (a434e093cd25870e5d32cb0b70c442ed) C:\Windows\system32\DRIVERS\btath_flt.sys
08:51:41.0556 6964	AthBTPort - ok
08:51:41.0634 6964	ATHDFU          (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
08:51:41.0649 6964	ATHDFU - ok
08:51:41.0727 6964	Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
08:51:41.0743 6964	Atheros Bt&Wlan Coex Agent - ok
08:51:41.0774 6964	AtherosSvc      (520ce4bc1d9c83225f1dd76d1d2f28c8) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
08:51:41.0790 6964	AtherosSvc - ok
08:51:41.0946 6964	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
08:51:42.0039 6964	athr - ok
08:51:42.0164 6964	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:51:42.0226 6964	AudioEndpointBuilder - ok
08:51:42.0226 6964	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:51:42.0258 6964	AudioSrv - ok
08:51:42.0289 6964	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:51:42.0367 6964	AxInstSV - ok
08:51:42.0445 6964	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:51:42.0492 6964	b06bdrv - ok
08:51:42.0538 6964	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:51:42.0585 6964	b57nd60a - ok
08:51:42.0679 6964	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:51:42.0710 6964	BBSvc - ok
08:51:42.0741 6964	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:51:42.0804 6964	BDESVC - ok
08:51:42.0835 6964	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:51:42.0913 6964	Beep - ok
08:51:42.0975 6964	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:51:43.0038 6964	BFE - ok
08:51:43.0116 6964	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:51:43.0225 6964	BITS - ok
08:51:43.0287 6964	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:51:43.0303 6964	blbdrive - ok
08:51:43.0334 6964	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:51:43.0350 6964	bowser - ok
08:51:43.0396 6964	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:51:43.0412 6964	BrFiltLo - ok
08:51:43.0428 6964	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:51:43.0443 6964	BrFiltUp - ok
08:51:43.0474 6964	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:51:43.0521 6964	Browser - ok
08:51:43.0552 6964	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:51:43.0599 6964	Brserid - ok
08:51:43.0630 6964	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:51:43.0646 6964	BrSerWdm - ok
08:51:43.0693 6964	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:51:43.0724 6964	BrUsbMdm - ok
08:51:43.0802 6964	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:51:43.0849 6964	BrUsbSer - ok
08:51:43.0896 6964	BTATH_A2DP      (bc9616c9d05b4b0843ff0d8d7a003aa7) C:\Windows\system32\drivers\btath_a2dp.sys
08:51:43.0911 6964	BTATH_A2DP - ok
08:51:43.0927 6964	btath_avdt      (00a186bab2d5db4f549bcf8666d8ab39) C:\Windows\system32\drivers\btath_avdt.sys
08:51:43.0927 6964	btath_avdt - ok
08:51:43.0958 6964	BTATH_BUS       (d6ead8f45ecbede3b1adbee5f075e0e2) C:\Windows\system32\drivers\btath_bus.sys
08:51:43.0974 6964	BTATH_BUS - ok
08:51:44.0036 6964	BTATH_HCRP      (557bc22d5ac7fb5dd51ad00f0a03be09) C:\Windows\system32\drivers\btath_hcrp.sys
08:51:44.0052 6964	BTATH_HCRP - ok
08:51:44.0098 6964	BTATH_LWFLT     (3b9f872f1330728172d2f5abfb8a7706) C:\Windows\system32\DRIVERS\btath_lwflt.sys
08:51:44.0114 6964	BTATH_LWFLT - ok
08:51:44.0145 6964	BTATH_RCP       (4225b326514f20bab3751e532f403d1d) C:\Windows\system32\drivers\btath_rcp.sys
08:51:44.0161 6964	BTATH_RCP - ok
08:51:44.0223 6964	BtFilter        (60675e839a37056ed5cbc7e00935451c) C:\Windows\system32\DRIVERS\btfilter.sys
08:51:44.0239 6964	BtFilter - ok
08:51:44.0301 6964	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:51:44.0348 6964	BthEnum - ok
08:51:44.0395 6964	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:51:44.0426 6964	BTHMODEM - ok
08:51:44.0504 6964	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:51:44.0566 6964	BthPan - ok
08:51:44.0629 6964	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:51:44.0660 6964	BTHPORT - ok
08:51:44.0722 6964	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:51:44.0785 6964	bthserv - ok
08:51:44.0800 6964	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:51:44.0816 6964	BTHUSB - ok
08:51:44.0863 6964	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:51:44.0956 6964	cdfs - ok
08:51:45.0003 6964	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:51:45.0019 6964	cdrom - ok
08:51:45.0050 6964	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:51:45.0097 6964	CertPropSvc - ok
08:51:45.0144 6964	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:51:45.0190 6964	circlass - ok
08:51:45.0268 6964	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:51:45.0284 6964	CLFS - ok
08:51:45.0393 6964	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:45.0393 6964	clr_optimization_v2.0.50727_32 - ok
08:51:45.0456 6964	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:51:45.0471 6964	clr_optimization_v2.0.50727_64 - ok
08:51:45.0565 6964	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:51:45.0565 6964	clr_optimization_v4.0.30319_32 - ok
08:51:45.0627 6964	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:51:45.0643 6964	clr_optimization_v4.0.30319_64 - ok
08:51:45.0690 6964	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:51:45.0721 6964	CmBatt - ok
08:51:45.0768 6964	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:51:45.0783 6964	cmdide - ok
08:51:45.0830 6964	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:51:45.0846 6964	CNG - ok
08:51:45.0892 6964	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:51:45.0892 6964	Compbatt - ok
08:51:45.0939 6964	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:51:45.0970 6964	CompositeBus - ok
08:51:45.0986 6964	COMSysApp - ok
08:51:46.0002 6964	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:51:46.0002 6964	crcdisk - ok
08:51:46.0033 6964	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:51:46.0064 6964	CryptSvc - ok
08:51:46.0095 6964	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:51:46.0142 6964	DcomLaunch - ok
08:51:46.0189 6964	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:51:46.0220 6964	defragsvc - ok
08:51:46.0267 6964	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:51:46.0314 6964	DfsC - ok
08:51:46.0345 6964	dg_ssudbus      (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
08:51:46.0360 6964	dg_ssudbus - ok
08:51:46.0423 6964	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:51:46.0454 6964	Dhcp - ok
08:51:46.0470 6964	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:51:46.0516 6964	discache - ok
08:51:46.0563 6964	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:51:46.0579 6964	Disk - ok
08:51:46.0610 6964	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:51:46.0626 6964	Dnscache - ok
08:51:46.0657 6964	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:51:46.0688 6964	dot3svc - ok
08:51:46.0735 6964	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:51:46.0766 6964	DPS - ok
08:51:46.0813 6964	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:51:46.0844 6964	drmkaud - ok
08:51:46.0953 6964	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:51:46.0984 6964	DXGKrnl - ok
08:51:47.0031 6964	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
08:51:47.0047 6964	e1yexpress - ok
08:51:47.0094 6964	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:51:47.0172 6964	EapHost - ok
08:51:47.0328 6964	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:51:47.0390 6964	ebdrv - ok
08:51:47.0499 6964	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:51:47.0562 6964	EFS - ok
08:51:47.0655 6964	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:51:47.0733 6964	ehRecvr - ok
08:51:47.0764 6964	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:51:47.0780 6964	ehSched - ok
08:51:47.0874 6964	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:51:47.0905 6964	elxstor - ok
08:51:47.0920 6964	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:51:47.0952 6964	ErrDev - ok
08:51:48.0014 6964	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:51:48.0045 6964	EventSystem - ok
08:51:48.0092 6964	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:51:48.0108 6964	exfat - ok
08:51:48.0139 6964	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:51:48.0170 6964	fastfat - ok
08:51:48.0217 6964	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:51:48.0264 6964	Fax - ok
08:51:48.0295 6964	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:51:48.0326 6964	fdc - ok
08:51:48.0357 6964	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:51:48.0404 6964	fdPHost - ok
08:51:48.0420 6964	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:51:48.0466 6964	FDResPub - ok
08:51:48.0498 6964	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:51:48.0513 6964	FileInfo - ok
08:51:48.0529 6964	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:51:48.0591 6964	Filetrace - ok
08:51:48.0622 6964	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:51:48.0622 6964	flpydisk - ok
08:51:48.0654 6964	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:51:48.0669 6964	FltMgr - ok
08:51:48.0732 6964	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:51:48.0794 6964	FontCache - ok
08:51:48.0841 6964	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:51:48.0872 6964	FontCache3.0.0.0 - ok
08:51:48.0919 6964	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:51:48.0934 6964	FsDepends - ok
08:51:48.0981 6964	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:51:48.0997 6964	Fs_Rec - ok
08:51:49.0028 6964	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:51:49.0059 6964	fvevol - ok
08:51:49.0075 6964	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:51:49.0090 6964	gagp30kx - ok
08:51:49.0168 6964	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:51:49.0215 6964	gpsvc - ok
08:51:49.0231 6964	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:51:49.0262 6964	hcw85cir - ok
08:51:49.0309 6964	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:51:49.0356 6964	HdAudAddService - ok
08:51:49.0387 6964	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:51:49.0418 6964	HDAudBus - ok
08:51:49.0434 6964	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:51:49.0449 6964	HidBatt - ok
08:51:49.0480 6964	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:51:49.0512 6964	HidBth - ok
08:51:49.0543 6964	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:51:49.0574 6964	HidIr - ok
08:51:49.0590 6964	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:51:49.0652 6964	hidserv - ok
08:51:49.0683 6964	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:51:49.0683 6964	HidUsb - ok
08:51:49.0714 6964	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:51:49.0792 6964	hkmsvc - ok
08:51:49.0824 6964	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:51:49.0870 6964	HomeGroupListener - ok
08:51:49.0902 6964	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:51:49.0933 6964	HomeGroupProvider - ok
08:51:49.0995 6964	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:51:50.0011 6964	HpSAMD - ok
08:51:50.0120 6964	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:51:50.0198 6964	HTTP - ok
08:51:50.0214 6964	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:51:50.0229 6964	hwpolicy - ok
08:51:50.0260 6964	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:51:50.0260 6964	i8042prt - ok
08:51:50.0307 6964	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
08:51:50.0338 6964	iaStor - ok
08:51:50.0416 6964	IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:51:50.0432 6964	IAStorDataMgrSvc - ok
08:51:50.0479 6964	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:51:50.0510 6964	iaStorV - ok
08:51:50.0619 6964	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:51:50.0650 6964	idsvc - ok
08:51:50.0682 6964	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:51:50.0697 6964	iirsp - ok
08:51:50.0760 6964	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:51:50.0838 6964	IKEEXT - ok
08:51:50.0978 6964	IntcAzAudAddService (65f70696be5abc11634fcf96af7d7896) C:\Windows\system32\drivers\RTKVHD64.sys
08:51:51.0025 6964	IntcAzAudAddService - ok
08:51:51.0118 6964	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:51:51.0134 6964	intelide - ok
08:51:51.0181 6964	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:51:51.0228 6964	intelppm - ok
08:51:51.0259 6964	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:51:51.0321 6964	IPBusEnum - ok
08:51:51.0352 6964	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:51:51.0368 6964	IpFilterDriver - ok
08:51:51.0415 6964	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:51:51.0462 6964	iphlpsvc - ok
08:51:51.0477 6964	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:51:51.0493 6964	IPMIDRV - ok
08:51:51.0524 6964	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:51:51.0602 6964	IPNAT - ok
08:51:51.0618 6964	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:51:51.0649 6964	IRENUM - ok
08:51:51.0680 6964	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:51:51.0696 6964	isapnp - ok
08:51:51.0774 6964	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:51:51.0852 6964	iScsiPrt - ok
08:51:51.0898 6964	IviRegMgr       (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
08:51:51.0930 6964	IviRegMgr - ok
08:51:51.0976 6964	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:51:51.0992 6964	kbdclass - ok
08:51:52.0023 6964	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:51:52.0054 6964	kbdhid - ok
08:51:52.0086 6964	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:51:52.0101 6964	KeyIso - ok
08:51:52.0179 6964	Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
08:51:52.0210 6964	Kodak AiO Network Discovery Service - ok
08:51:52.0242 6964	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:51:52.0257 6964	KSecDD - ok
08:51:52.0273 6964	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:51:52.0288 6964	KSecPkg - ok
08:51:52.0320 6964	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:51:52.0382 6964	ksthunk - ok
08:51:52.0413 6964	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:51:52.0460 6964	KtmRm - ok
08:51:52.0538 6964	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:51:52.0616 6964	LanmanServer - ok
08:51:52.0632 6964	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:51:52.0678 6964	LanmanWorkstation - ok
08:51:52.0710 6964	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:51:52.0756 6964	lltdio - ok
08:51:52.0788 6964	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:51:52.0834 6964	lltdsvc - ok
08:51:52.0850 6964	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:51:52.0881 6964	lmhosts - ok
08:51:52.0959 6964	LMS             (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:51:52.0959 6964	LMS - ok
08:51:53.0006 6964	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:51:53.0037 6964	LSI_FC - ok
08:51:53.0068 6964	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:51:53.0068 6964	LSI_SAS - ok
08:51:53.0084 6964	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:51:53.0100 6964	LSI_SAS2 - ok
08:51:53.0115 6964	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:51:53.0131 6964	LSI_SCSI - ok
08:51:53.0162 6964	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:51:53.0209 6964	luafv - ok
08:51:53.0256 6964	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:51:53.0287 6964	MBAMProtector - ok
08:51:53.0380 6964	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:51:53.0427 6964	MBAMService - ok
08:51:53.0490 6964	McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
08:51:53.0521 6964	McAfee SiteAdvisor Service - ok
08:51:53.0536 6964	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:51:53.0568 6964	Mcx2Svc - ok
08:51:53.0599 6964	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:51:53.0614 6964	megasas - ok
08:51:53.0677 6964	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:51:53.0708 6964	MegaSR - ok
08:51:53.0755 6964	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
08:51:53.0770 6964	MEIx64 - ok
08:51:53.0802 6964	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:51:53.0848 6964	MMCSS - ok
08:51:53.0895 6964	MOBK649backup   (db033326180514b9a45612ce14324f5c) C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe
08:51:53.0926 6964	MOBK649backup - ok
08:51:53.0958 6964	MOBK649Filter   (3c69aa906ee867ade4437acd8460b43d) C:\Windows\system32\DRIVERS\MOBK649.sys
08:51:53.0973 6964	MOBK649Filter - ok
08:51:53.0989 6964	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:51:54.0051 6964	Modem - ok
08:51:54.0067 6964	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:51:54.0082 6964	monitor - ok
08:51:54.0129 6964	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:51:54.0129 6964	mouclass - ok
08:51:54.0160 6964	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:51:54.0192 6964	mouhid - ok
08:51:54.0223 6964	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:51:54.0238 6964	mountmgr - ok
08:51:54.0254 6964	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:51:54.0270 6964	mpio - ok
08:51:54.0285 6964	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:51:54.0316 6964	mpsdrv - ok
08:51:54.0363 6964	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:51:54.0394 6964	MpsSvc - ok
08:51:54.0426 6964	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:51:54.0488 6964	MRxDAV - ok
08:51:54.0535 6964	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:51:54.0582 6964	mrxsmb - ok
08:51:54.0597 6964	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:51:54.0628 6964	mrxsmb10 - ok
08:51:54.0644 6964	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:51:54.0660 6964	mrxsmb20 - ok
08:51:54.0675 6964	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:51:54.0691 6964	msahci - ok
08:51:54.0722 6964	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:51:54.0753 6964	msdsm - ok
08:51:54.0784 6964	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:51:54.0800 6964	MSDTC - ok
08:51:54.0831 6964	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:51:54.0894 6964	Msfs - ok
08:51:54.0909 6964	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:51:54.0987 6964	mshidkmdf - ok
08:51:55.0003 6964	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:51:55.0003 6964	msisadrv - ok
08:51:55.0034 6964	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:51:55.0065 6964	MSiSCSI - ok
08:51:55.0065 6964	msiserver - ok
08:51:55.0112 6964	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:51:55.0190 6964	MSKSSRV - ok
08:51:55.0206 6964	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:51:55.0237 6964	MSPCLOCK - ok
08:51:55.0237 6964	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:51:55.0268 6964	MSPQM - ok
08:51:55.0284 6964	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:51:55.0299 6964	MsRPC - ok
08:51:55.0315 6964	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:51:55.0330 6964	mssmbios - ok
08:51:55.0362 6964	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:51:55.0424 6964	MSTEE - ok
08:51:55.0440 6964	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:51:55.0440 6964	MTConfig - ok
08:51:55.0455 6964	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:51:55.0471 6964	Mup - ok
08:51:55.0502 6964	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:51:55.0549 6964	napagent - ok
08:51:55.0596 6964	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:51:55.0642 6964	NativeWifiP - ok
08:51:55.0689 6964	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:51:55.0720 6964	NDIS - ok
08:51:55.0736 6964	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:51:55.0767 6964	NdisCap - ok
08:51:55.0798 6964	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:51:55.0861 6964	NdisTapi - ok
08:51:55.0892 6964	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:51:55.0939 6964	Ndisuio - ok
08:51:55.0970 6964	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:51:56.0001 6964	NdisWan - ok
08:51:56.0017 6964	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:51:56.0064 6964	NDProxy - ok
08:51:56.0095 6964	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:51:56.0142 6964	NetBIOS - ok
08:51:56.0173 6964	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:51:56.0204 6964	NetBT - ok
08:51:56.0220 6964	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:51:56.0220 6964	Netlogon - ok
08:51:56.0266 6964	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:51:56.0329 6964	Netman - ok
08:51:56.0422 6964	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0438 6964	NetMsmqActivator - ok
08:51:56.0454 6964	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0454 6964	NetPipeActivator - ok
08:51:56.0485 6964	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:51:56.0547 6964	netprofm - ok
08:51:56.0547 6964	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0563 6964	NetTcpActivator - ok
08:51:56.0563 6964	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0563 6964	NetTcpPortSharing - ok
08:51:56.0625 6964	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:51:56.0641 6964	nfrd960 - ok
08:51:56.0703 6964	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:51:56.0781 6964	NlaSvc - ok
08:51:56.0797 6964	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:51:56.0844 6964	Npfs - ok
08:51:56.0844 6964	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:51:56.0875 6964	nsi - ok
08:51:56.0890 6964	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:51:56.0922 6964	nsiproxy - ok
08:51:57.0015 6964	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:51:57.0078 6964	Ntfs - ok
08:51:57.0234 6964	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:51:57.0312 6964	Null - ok
08:51:57.0343 6964	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys
08:51:57.0374 6964	nusb3hub - ok
08:51:57.0405 6964	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys
08:51:57.0468 6964	nusb3xhc - ok
08:51:57.0514 6964	NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
08:51:57.0530 6964	NVHDA - ok
08:51:58.0513 6964	nvlddmkm        (a8151a773ce78233375445d41b77e85e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:51:58.0669 6964	nvlddmkm - ok
08:51:58.0825 6964	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:51:58.0856 6964	nvraid - ok
08:51:58.0934 6964	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:51:58.0965 6964	nvstor - ok
08:51:59.0028 6964	NVSvc           (b10cca77064c6171846e1cf0d7155af3) C:\Windows\system32\nvvsvc.exe
08:51:59.0043 6964	NVSvc - ok
08:51:59.0106 6964	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:51:59.0121 6964	nv_agp - ok
08:51:59.0168 6964	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:51:59.0199 6964	ohci1394 - ok
08:51:59.0308 6964	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:59.0324 6964	ose - ok
08:51:59.0714 6964	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:51:59.0776 6964	osppsvc - ok
08:51:59.0886 6964	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:51:59.0917 6964	p2pimsvc - ok
08:51:59.0932 6964	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:51:59.0948 6964	p2psvc - ok
08:52:00.0010 6964	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:52:00.0057 6964	Parport - ok
08:52:00.0120 6964	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:52:00.0135 6964	partmgr - ok
08:52:00.0166 6964	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:52:00.0198 6964	PcaSvc - ok
08:52:00.0260 6964	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:52:00.0260 6964	pci - ok
08:52:00.0338 6964	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:52:00.0354 6964	pciide - ok
08:52:00.0385 6964	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:52:00.0400 6964	pcmcia - ok
08:52:00.0432 6964	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:52:00.0447 6964	pcw - ok
08:52:00.0463 6964	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:52:00.0510 6964	PEAUTH - ok
08:52:00.0603 6964	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:52:00.0634 6964	PerfHost - ok
08:52:00.0697 6964	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:52:00.0744 6964	pla - ok
08:52:00.0837 6964	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:52:00.0868 6964	PlugPlay - ok
08:52:00.0978 6964	PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
08:52:00.0993 6964	PMBDeviceInfoProvider - ok
08:52:01.0009 6964	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:52:01.0024 6964	PNRPAutoReg - ok
08:52:01.0040 6964	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:52:01.0056 6964	PNRPsvc - ok
08:52:01.0102 6964	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:52:01.0149 6964	PolicyAgent - ok
08:52:01.0180 6964	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:52:01.0212 6964	Power - ok
08:52:01.0274 6964	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:52:01.0305 6964	PptpMiniport - ok
08:52:01.0336 6964	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:52:01.0352 6964	Processor - ok
08:52:01.0383 6964	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:52:01.0430 6964	ProfSvc - ok
08:52:01.0446 6964	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:52:01.0461 6964	ProtectedStorage - ok
08:52:01.0508 6964	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:52:01.0570 6964	Psched - ok
08:52:01.0633 6964	PSI_SVC_2       (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:52:01.0648 6964	PSI_SVC_2 - ok
08:52:01.0680 6964	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:52:01.0711 6964	PxHlpa64 - ok
08:52:01.0804 6964	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:52:01.0851 6964	ql2300 - ok
08:52:01.0945 6964	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:52:01.0976 6964	ql40xx - ok
08:52:02.0023 6964	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:52:02.0054 6964	QWAVE - ok
08:52:02.0070 6964	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:52:02.0101 6964	QWAVEdrv - ok
08:52:02.0116 6964	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:52:02.0163 6964	RasAcd - ok
08:52:02.0194 6964	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:52:02.0241 6964	RasAgileVpn - ok
08:52:02.0272 6964	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:52:02.0350 6964	RasAuto - ok
08:52:02.0366 6964	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:02.0413 6964	Rasl2tp - ok
08:52:02.0460 6964	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:52:02.0491 6964	RasMan - ok
08:52:02.0538 6964	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:02.0616 6964	RasPppoe - ok
08:52:02.0631 6964	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:52:02.0678 6964	RasSstp - ok
08:52:02.0694 6964	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:52:02.0725 6964	rdbss - ok
08:52:02.0756 6964	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:52:02.0772 6964	rdpbus - ok
08:52:02.0787 6964	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:02.0818 6964	RDPCDD - ok
08:52:02.0818 6964	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:52:02.0865 6964	RDPENCDD - ok
08:52:02.0881 6964	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:52:02.0896 6964	RDPREFMP - ok
08:52:02.0943 6964	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:52:02.0990 6964	RDPWD - ok
08:52:03.0037 6964	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:52:03.0068 6964	rdyboost - ok
08:52:03.0099 6964	regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
08:52:03.0099 6964	regi - ok
08:52:03.0146 6964	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:52:03.0224 6964	RemoteAccess - ok
08:52:03.0240 6964	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:52:03.0286 6964	RemoteRegistry - ok
08:52:03.0318 6964	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:52:03.0364 6964	RFCOMM - ok
08:52:03.0411 6964	rimspci         (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\drivers\rimssne64.sys
08:52:03.0458 6964	rimspci - ok
08:52:03.0489 6964	risdsnpe        (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\drivers\risdsnxc64.sys
08:52:03.0520 6964	risdsnpe - ok
08:52:03.0598 6964	Roxio UPnP Renderer 10 (65226131770b22ef24fb869ad821de47) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
08:52:03.0614 6964	Roxio UPnP Renderer 10 - ok
08:52:03.0630 6964	Roxio Upnp Server 10 (2a3d24e83e5f63bf4a0220fdd23457cb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
08:52:03.0645 6964	Roxio Upnp Server 10 - ok
08:52:03.0676 6964	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:52:03.0723 6964	RpcEptMapper - ok
08:52:03.0754 6964	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:52:03.0786 6964	RpcLocator - ok
08:52:03.0817 6964	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:52:03.0864 6964	RpcSs - ok
08:52:03.0910 6964	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:52:03.0973 6964	rspndr - ok
08:52:04.0035 6964	RTL8167         (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:52:04.0066 6964	RTL8167 - ok
08:52:04.0113 6964	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:52:04.0113 6964	SamSs - ok
08:52:04.0144 6964	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:52:04.0160 6964	sbp2port - ok
08:52:04.0191 6964	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:52:04.0222 6964	SCardSvr - ok
08:52:04.0238 6964	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:52:04.0285 6964	scfilter - ok
08:52:04.0316 6964	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:52:04.0378 6964	Schedule - ok
08:52:04.0394 6964	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:52:04.0425 6964	SCPolicySvc - ok
08:52:04.0456 6964	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:52:04.0472 6964	sdbus - ok
08:52:04.0503 6964	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:52:04.0519 6964	SDRSVC - ok
08:52:04.0612 6964	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:52:04.0644 6964	SeaPort - ok
08:52:04.0675 6964	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:52:04.0737 6964	secdrv - ok
08:52:04.0768 6964	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:52:04.0784 6964	seclogon - ok
08:52:04.0815 6964	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:52:04.0846 6964	SENS - ok
08:52:04.0862 6964	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:52:04.0893 6964	SensrSvc - ok
08:52:04.0924 6964	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:52:04.0956 6964	Serenum - ok
08:52:04.0987 6964	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:52:05.0018 6964	Serial - ok
08:52:05.0049 6964	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:52:05.0080 6964	sermouse - ok
08:52:05.0127 6964	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:52:05.0174 6964	SessionEnv - ok
08:52:05.0236 6964	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
08:52:05.0268 6964	SFEP - ok
08:52:05.0283 6964	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:52:05.0330 6964	sffdisk - ok
08:52:05.0346 6964	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:52:05.0392 6964	sffp_mmc - ok
08:52:05.0408 6964	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:52:05.0439 6964	sffp_sd - ok
08:52:05.0486 6964	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:52:05.0517 6964	sfloppy - ok
08:52:05.0564 6964	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:52:05.0626 6964	SharedAccess - ok
08:52:05.0658 6964	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:52:05.0704 6964	ShellHWDetection - ok
08:52:05.0736 6964	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:52:05.0767 6964	SiSRaid2 - ok
08:52:05.0798 6964	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:52:05.0814 6964	SiSRaid4 - ok
08:52:05.0845 6964	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:52:05.0923 6964	Smb - ok
08:52:05.0954 6964	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:52:05.0985 6964	SNMPTRAP - ok
08:52:06.0110 6964	SOHCImp         (4aea7a1c3ca06d95d6966c34d13c0d8b) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
08:52:06.0126 6964	SOHCImp - ok
08:52:06.0157 6964	SOHDs           (16fd95781117e13107d477ae36219e6f) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
08:52:06.0172 6964	SOHDs - ok
08:52:06.0266 6964	SpfService      (c03e480e63a80d73fabe28d24d3b6b47) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
08:52:06.0297 6964	SpfService - ok
08:52:06.0328 6964	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:52:06.0344 6964	spldr - ok
08:52:06.0391 6964	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:52:06.0438 6964	Spooler - ok
08:52:06.0594 6964	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:52:06.0640 6964	sppsvc - ok
08:52:06.0734 6964	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:52:06.0781 6964	sppuinotify - ok
08:52:06.0859 6964	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:52:06.0906 6964	srv - ok
08:52:06.0952 6964	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:52:06.0984 6964	srv2 - ok
08:52:07.0030 6964	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:52:07.0046 6964	srvnet - ok
08:52:07.0077 6964	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:52:07.0108 6964	SSDPSRV - ok
08:52:07.0124 6964	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:52:07.0155 6964	SstpSvc - ok
08:52:07.0202 6964	ssudmdm         (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
08:52:07.0218 6964	ssudmdm - ok
08:52:07.0327 6964	Stereo Service  (525597fa2e9d49f19c59623b05562968) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:52:07.0342 6964	Stereo Service - ok
08:52:07.0374 6964	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:52:07.0389 6964	stexstor - ok
08:52:07.0436 6964	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:52:07.0498 6964	stisvc - ok
08:52:07.0514 6964	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:52:07.0530 6964	swenum - ok
08:52:07.0561 6964	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:52:07.0639 6964	swprv - ok
08:52:07.0748 6964	SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\drivers\SynTP.sys
08:52:07.0779 6964	SynTP - ok
08:52:07.0982 6964	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:52:08.0044 6964	SysMain - ok
08:52:08.0122 6964	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:52:08.0185 6964	TabletInputService - ok
08:52:08.0200 6964	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:52:08.0247 6964	TapiSrv - ok
08:52:08.0247 6964	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:52:08.0294 6964	TBS - ok
08:52:08.0419 6964	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:52:08.0466 6964	Tcpip - ok
08:52:08.0653 6964	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:52:08.0684 6964	TCPIP6 - ok
08:52:08.0793 6964	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:52:08.0856 6964	tcpipreg - ok
08:52:08.0871 6964	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:52:08.0918 6964	TDPIPE - ok
08:52:08.0934 6964	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:52:08.0965 6964	TDTCP - ok
08:52:09.0012 6964	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:52:09.0074 6964	tdx - ok
08:52:09.0121 6964	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:52:09.0121 6964	TermDD - ok
08:52:09.0183 6964	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:52:09.0246 6964	TermService - ok
08:52:09.0261 6964	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:52:09.0277 6964	Themes - ok
08:52:09.0292 6964	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:52:09.0324 6964	THREADORDER - ok
08:52:09.0339 6964	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:52:09.0386 6964	TrkWks - ok
08:52:09.0433 6964	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:52:09.0511 6964	TrustedInstaller - ok
08:52:09.0542 6964	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:52:09.0604 6964	tssecsrv - ok
08:52:09.0620 6964	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:52:09.0667 6964	TsUsbFlt - ok
08:52:09.0698 6964	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:52:09.0729 6964	TsUsbGD - ok
08:52:09.0760 6964	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:52:09.0838 6964	tunnel - ok
08:52:09.0838 6964	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:52:09.0854 6964	uagp35 - ok
08:52:09.0948 6964	uCamMonitor     (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
08:52:09.0963 6964	uCamMonitor - ok
08:52:10.0026 6964	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:52:10.0104 6964	udfs - ok
08:52:10.0135 6964	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:52:10.0150 6964	UI0Detect - ok
08:52:10.0182 6964	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:52:10.0213 6964	uliagpkx - ok
08:52:10.0244 6964	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:52:10.0260 6964	umbus - ok
08:52:10.0306 6964	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:52:10.0353 6964	UmPass - ok
08:52:10.0494 6964	UNS             (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:52:10.0540 6964	UNS - ok
08:52:10.0618 6964	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:52:10.0665 6964	upnphost - ok
08:52:10.0696 6964	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
08:52:10.0743 6964	usbccgp - ok
08:52:10.0790 6964	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:52:10.0821 6964	usbcir - ok
08:52:10.0837 6964	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:52:10.0868 6964	usbehci - ok
08:52:10.0884 6964	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
08:52:10.0915 6964	usbhub - ok
08:52:10.0946 6964	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:52:10.0962 6964	usbohci - ok
08:52:10.0993 6964	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:52:11.0040 6964	usbprint - ok
08:52:11.0055 6964	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:11.0102 6964	USBSTOR - ok
08:52:11.0133 6964	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:52:11.0164 6964	usbuhci - ok
08:52:11.0196 6964	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:52:11.0242 6964	usbvideo - ok
08:52:11.0274 6964	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:52:11.0352 6964	UxSms - ok
08:52:11.0445 6964	VAIO Event Service (387d3dffcf0a544539e9c5d8b81169a2) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
08:52:11.0476 6964	VAIO Event Service - ok
08:52:11.0586 6964	VAIO Power Management (d1933e428d991b15affd48b1a7beb643) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
08:52:11.0632 6964	VAIO Power Management - ok
08:52:11.0648 6964	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:52:11.0664 6964	VaultSvc - ok
08:52:11.0820 6964	VCFw            (24f7e301defd05f3e36a8b76f498c282) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
08:52:11.0866 6964	VCFw - ok
08:52:11.0991 6964	VcmIAlzMgr      (f9d722a62c881b59439f9fc27bc7e285) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
08:52:12.0007 6964	VcmIAlzMgr - ok
08:52:12.0085 6964	VcmINSMgr       (c350d9b371d28c551bc661f3baf1a109) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
08:52:12.0100 6964	VcmINSMgr - ok
08:52:12.0178 6964	VcmXmlIfHelper  (9bc1f203c5604c24f345bcfcd6956bae) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
08:52:12.0194 6964	VcmXmlIfHelper - ok
08:52:12.0256 6964	VCService       (d076011ecd0d1310e879f32ebf3b4886) C:\Program Files\Sony\VAIO Care\VCService.exe
08:52:12.0256 6964	VCService - ok
08:52:12.0412 6964	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:52:12.0412 6964	vdrvroot - ok
08:52:12.0459 6964	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:52:12.0490 6964	vds - ok
08:52:12.0522 6964	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:12.0537 6964	vga - ok
08:52:12.0537 6964	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:52:12.0584 6964	VgaSave - ok
08:52:12.0615 6964	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:52:12.0631 6964	vhdmp - ok
08:52:12.0646 6964	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:52:12.0646 6964	viaide - ok
08:52:12.0693 6964	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:52:12.0693 6964	volmgr - ok
08:52:12.0724 6964	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:52:12.0740 6964	volmgrx - ok
08:52:12.0756 6964	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:52:12.0771 6964	volsnap - ok
08:52:12.0802 6964	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:52:12.0818 6964	vsmraid - ok
08:52:12.0958 6964	VSNService      (8be8c47d5b09f5550dcbf6fcd8832ccb) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
08:52:13.0005 6964	VSNService - ok
08:52:13.0068 6964	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:52:13.0130 6964	VSS - ok
08:52:13.0255 6964	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
08:52:13.0270 6964	VUAgent - ok
08:52:13.0364 6964	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:52:13.0380 6964	vwifibus - ok
08:52:13.0395 6964	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:52:13.0426 6964	vwififlt - ok
08:52:13.0458 6964	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:52:13.0489 6964	vwifimp - ok
08:52:13.0520 6964	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:52:13.0551 6964	W32Time - ok
08:52:13.0582 6964	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:52:13.0598 6964	WacomPen - ok
08:52:13.0645 6964	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:52:13.0676 6964	WANARP - ok
08:52:13.0676 6964	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:52:13.0707 6964	Wanarpv6 - ok
08:52:13.0754 6964	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:52:13.0801 6964	wbengine - ok
08:52:13.0910 6964	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:52:13.0926 6964	WbioSrvc - ok
08:52:13.0941 6964	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:52:13.0972 6964	wcncsvc - ok
08:52:13.0988 6964	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:52:14.0004 6964	WcsPlugInService - ok
08:52:14.0035 6964	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:52:14.0050 6964	Wd - ok
08:52:14.0191 6964	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:52:14.0238 6964	Wdf01000 - ok
08:52:14.0284 6964	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:52:14.0378 6964	WdiServiceHost - ok
08:52:14.0378 6964	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:52:14.0394 6964	WdiSystemHost - ok
08:52:14.0472 6964	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:52:14.0534 6964	WebClient - ok
08:52:14.0581 6964	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:52:14.0612 6964	Wecsvc - ok
08:52:14.0628 6964	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:52:14.0659 6964	wercplsupport - ok
08:52:14.0768 6964	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:52:14.0815 6964	WerSvc - ok
08:52:14.0893 6964	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:52:14.0908 6964	WfpLwf - ok
08:52:14.0955 6964	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:52:14.0971 6964	WIMMount - ok
08:52:15.0002 6964	WinDefend - ok
08:52:15.0018 6964	WinHttpAutoProxySvc - ok
08:52:15.0080 6964	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:52:15.0111 6964	Winmgmt - ok
08:52:15.0283 6964	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:52:15.0376 6964	WinRM - ok
08:52:15.0517 6964	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:52:15.0564 6964	WinUsb - ok
08:52:15.0626 6964	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:52:15.0688 6964	Wlansvc - ok
08:52:15.0735 6964	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:52:15.0751 6964	wlcrasvc - ok
08:52:15.0907 6964	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:52:15.0938 6964	wlidsvc - ok
08:52:16.0047 6964	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:52:16.0094 6964	WmiAcpi - ok
08:52:16.0141 6964	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:52:16.0172 6964	wmiApSrv - ok
08:52:16.0234 6964	WMPNetworkSvc - ok
08:52:16.0266 6964	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:52:16.0297 6964	WPCSvc - ok
08:52:16.0312 6964	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:52:16.0344 6964	WPDBusEnum - ok
08:52:16.0359 6964	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:52:16.0422 6964	ws2ifsl - ok
08:52:16.0437 6964	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:52:16.0453 6964	wscsvc - ok
08:52:16.0453 6964	WSearch - ok
08:52:16.0578 6964	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:52:16.0624 6964	wuauserv - ok
08:52:16.0734 6964	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:52:16.0796 6964	WudfPf - ok
08:52:16.0827 6964	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:16.0874 6964	WUDFRd - ok
08:52:16.0905 6964	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:52:16.0921 6964	wudfsvc - ok
08:52:16.0952 6964	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:52:16.0968 6964	WwanSvc - ok
08:52:17.0014 6964	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:52:17.0997 6964	\Device\Harddisk0\DR0 - ok
08:52:18.0028 6964	Boot (0x1200)   (074c48e4d628861c1fc5e48d88b1d560) \Device\Harddisk0\DR0\Partition0
08:52:18.0028 6964	\Device\Harddisk0\DR0\Partition0 - ok
08:52:18.0044 6964	Boot (0x1200)   (a6cc779b9839fe3cf291ad144bbdad55) \Device\Harddisk0\DR0\Partition1
08:52:18.0060 6964	\Device\Harddisk0\DR0\Partition1 - ok
08:52:18.0060 6964	============================================================
08:52:18.0060 6964	Scan finished
08:52:18.0060 6964	============================================================
08:52:18.0075 3440	Detected object count: 0
08:52:18.0075 3440	Actual detected object count: 0
         

Alt 01.07.2012, 15:20   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.07.2012, 23:05   #23
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,

hier kommt das Log von ComboFix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-01.03 - Lutz 01.07.2012  23:36:59.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8173.6026 [GMT 2:00]
ausgeführt von:: c:\users\Lutz\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AntiMalware
c:\program files\AntiMalware\mbam-setup-1.61.0.1400.exe
c:\users\Lutz\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-01 bis 2012-07-01  ))))))))))))))))))))))))))))))
.
.
2012-06-29 20:34 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-29 20:34 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-29 20:34 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-29 20:34 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-29 20:33 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-29 20:33 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-29 20:33 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-29 20:33 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-29 20:33 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-29 20:26 . 2012-06-29 20:26	--------	d-----w-	C:\_OTL
2012-06-23 08:29 . 2012-06-23 08:29	--------	d-----w-	c:\program files (x86)\ESET
2012-06-18 16:53 . 2012-06-18 16:53	--------	d-----w-	c:\users\Lutz\AppData\Roaming\Malwarebytes
2012-06-18 16:53 . 2012-06-18 16:53	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-18 16:53 . 2012-06-20 18:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 16:53 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-13 16:56 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 16:56 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 16:56 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:56 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 16:56 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-13 16:56 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 16:55 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 16:55 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 16:55 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:55 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-13 16:55 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-13 16:55 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 16:55 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 16:55 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 16:55 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-13 16:55 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-13 16:55 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 20:30 . 2012-04-06 07:25	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 20:30 . 2011-08-28 04:11	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 20:30 . 2012-04-06 07:30	9815752	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
c:\users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBK649stat.exe [2011-4-18 5077304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-07-05 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-11-03 74904]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 MOBK649Filter;MOBK649Filter;c:\windows\system32\DRIVERS\MOBK649.sys [2011-04-18 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 MOBK649backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK649backup.exe [2011-04-18 223544]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-06-23 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-06-23 98816]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-11-03 138392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-16 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-10-24 958112]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-09-08 381488]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-07-05 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-07-05 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-07-05 110240]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-07-05 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-07-05 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-07-05 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-07-05 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-05 496800]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-06-24 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-20 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-23 471144]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-09-23 289952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK649]
@="{7d7a9cff-a4c1-f2b8-7421-c722f7eac08a}"
[HKEY_CLASSES_ROOT\CLSID\{7d7a9cff-a4c1-f2b8-7421-c722f7eac08a}]
2011-04-18 20:00	4734264	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK6492]
@="{658e5c17-2ba4-ed79-d884-37ebe15e7b9b}"
[HKEY_CLASSES_ROOT\CLSID\{658e5c17-2ba4-ed79-d884-37ebe15e7b9b}]
2011-04-18 20:00	4734264	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK6493]
@="{22f1b264-d4dd-ef46-08eb-3eb0c80441ba}"
[HKEY_CLASSES_ROOT\CLSID\{22f1b264-d4dd-ef46-08eb-3eb0c80441ba}]
2011-04-18 20:00	4734264	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-20 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = 
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-01  23:47:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-01 21:47
.
Vor Suchlauf: 14 Verzeichnis(se), 624.090.898.432 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 623.549.440.000 Bytes frei
.
- - End Of File - - FE7F34FCBC4A5BBABCFAC426B8277364
         
--- --- ---

Alt 02.07.2012, 13:06   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 20:29   #25
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,
hier sind die Logs:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-02 20:32:38
Windows 6.1.7601 Service Pack 1 
Running: botv0y67.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78b00f38                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78d9d570                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78b00f38 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78d9d570 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:55:32 on 02.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MOBK649Filter" (MOBK649Filter) - "Mozy, Inc." - C:\Windows\System32\DRIVERS\MOBK649.sys
"regi" (regi) - "InterVideo" - C:\Windows\system32\drivers\regi.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Online Backup Status.lnk" - "McAfee, Inc." - C:\Program Files (x86)\McAfee Online Backup\MOBK649stat.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"gStart" - "GARMIN Corp." - C:\Program Files (x86)\Garmin\Training Center\gStart.exe
"KiesHelper" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Conime" - ? - %windir%\system32\conime.exe  (File not found)
"Dolby Home Theater v4" - "Dolby Laboratories Inc." - "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"ISBMgr.exe" - ? - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KODAK EASYSHARE All-in-One Printer" - "Eastman Kodak Company" - C:\Windows\system32\EKIJ5000MON.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Atheros Bt&Wlan Coex Agent" (Atheros Bt&Wlan Coex Agent) - "Atheros" - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Kodak AiO Network Discovery Service" (Kodak AiO Network Discovery Service) - "Eastman Kodak Company" - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
"McAfee Online Backup Service" (MOBK649backup) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe
"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
"Roxio UPnP Renderer 10" (Roxio UPnP Renderer 10) - "Sonic Solutions" - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
"Roxio Upnp Server 10" (Roxio Upnp Server 10) - "Sonic Solutions" - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"VAIO Care Performance Service" (SampleCollector) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata Intelligent Network Service Manager" (VcmINSMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
"VAIO Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
"VAIO Entertainment Common Service" (SpfService) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"VCService" (VCService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCService.exe
"VSNService" (VSNService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR.txt
Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 21:14:50
-----------------------------
21:14:50.609    OS Version: Windows x64 6.1.7601 Service Pack 1
21:14:50.609    Number of processors: 8 586 0x2A07
21:14:50.609    ComputerName: LUTZ-VAIO  UserName: Lutz
21:14:51.732    Initialize success
21:14:54.930    AVAST engine defs: 12070201
21:15:24.492    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:15:24.492    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
21:15:24.555    Disk 0 MBR read successfully
21:15:24.555    Disk 0 MBR scan
21:15:24.570    Disk 0 Windows 7 default MBR code
21:15:24.586    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        19679 MB offset 2048
21:15:24.617    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 40304640
21:15:24.633    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       695623 MB offset 40509440
21:15:24.664    Disk 0 scanning C:\Windows\system32\drivers
21:15:34.118    Service scanning
21:16:07.736    Modules scanning
21:16:07.751    Disk 0 trace - called modules:
21:16:07.798    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
21:16:07.798    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092fa790]
21:16:07.814    3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> [0xfffffa8007528800]
21:16:07.829    5 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007557050]
21:16:07.829    Scan finished successfully
21:16:58.467    Disk 0 MBR has been saved successfully to "C:\Users\Lutz\Desktop\MBR.dat"
21:16:58.483    The log file has been saved successfully to "C:\Users\Lutz\Desktop\aswMBR.txt"
         

Alt 03.07.2012, 13:06   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 20:30   #27
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,
hier sind die Logs von Malwarebytes und SUPERAntiSpyware. Die Anleitung von SUPERAntiSpyware empfiehlt das Programm nach dem Scan wieder zu deinstallieren. Kann ich das trotz der Funde machen?

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lutz :: LUTZ-VAIO [Administrator]

03.07.2012 18:37:10
mbam-log-2012-07-03 (18-37-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389359
Laufzeit: 39 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/03/2012 at 09:11 PM

Application Version : 5.5.1006

Core Rules Database Version : 8839
Trace Rules Database Version: 6651

Scan type       : Complete Scan
Total Scan Time : 01:38:27

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 946
Memory threats detected   : 0
Registry items scanned    : 67697
Registry threats detected : 0
File items scanned        : 168097
File threats detected     : 29

Adware.Tracking Cookie
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\QD8A6DEC.txt [ /ad.zanox.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\VTDPXNJ0.txt [ /revsci.net ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\V2KD7CLG.txt [ /www.windowsmedia.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\GS6YU01D.txt [ /ads.creative-serving.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\VFY070TN.txt [ /adx.chip.de ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\YRUP7U9N.txt [ /doubleclick.net ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\34V910KZ.txt [ /apmebf.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\Q2CFDRE3.txt [ /mediaplex.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\AXENE8ZF.txt [ /ad.360yield.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\LFABGU7W.txt [ /tracking.quisma.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\YEF4ST34.txt [ /invitemedia.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\BMBZ5BTC.txt [ /atdmt.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\PIUFD9CF.txt [ /zanox.com ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\VFBN6X3K.txt [ /yieldmanager.net ]
	C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\6388GWQK.txt [ /c.atdmt.com ]
	C:\USERS\LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\W7IF66D8.txt [ Cookie:lutz@doubleclick.net/ ]
	C:\USERS\LUTZ\Cookies\QD8A6DEC.txt [ Cookie:lutz@ad.zanox.com/ ]
	C:\USERS\LUTZ\Cookies\VTDPXNJ0.txt [ Cookie:lutz@revsci.net/ ]
	C:\USERS\LUTZ\Cookies\YRUP7U9N.txt [ Cookie:lutz@doubleclick.net/ ]
	C:\USERS\LUTZ\Cookies\Q2CFDRE3.txt [ Cookie:lutz@mediaplex.com/ ]
	C:\USERS\LUTZ\Cookies\LFABGU7W.txt [ Cookie:lutz@tracking.quisma.com/ ]
	C:\USERS\LUTZ\Cookies\YEF4ST34.txt [ Cookie:lutz@invitemedia.com/ ]
	C:\USERS\LUTZ\Cookies\PIUFD9CF.txt [ Cookie:lutz@zanox.com/ ]
	C:\USERS\LUTZ\Cookies\VFBN6X3K.txt [ Cookie:lutz@yieldmanager.net/ ]
	C:\USERS\LUTZ\Cookies\6388GWQK.txt [ Cookie:lutz@c.atdmt.com/ ]
	C:\USERS\LUTZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LUTZ@XITI[1].TXT [ /XITI ]

Trojan.Agent/Gen-FraudPack
	C:\PROGRAM FILES (X86)\RAD.ROUTENPLANER. 7.0\BIN\DXBAREXTITEMSD9.BPL

Trojan.Agent/Gen-Malagent
	C:\_OTL\MOVEDFILES\06292012_222633\C_PROGRAMDATA\MAETVQLY.EXE
	C:\_OTL\MOVEDFILES\06292012_222633\C_PROGRAMDATA\YLWJRDBI.EXE
         

Alt 04.07.2012, 16:29   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Code:
ATTFilter
Trojan.Agent/Gen-FraudPack
	C:\PROGRAM FILES (X86)\RAD.ROUTENPLANER. 7.0\BIN\DXBAREXTITEMSD9.BPL
         
Aus welcher Quelle hast du diese Software?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2012, 17:47   #29
lutz2012
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Hallo,

die Software "Rad.Routenplaner.7.0" habe ich als DVD vom TVG Verlag (DeTeMedien) gekauft.

Alt 05.07.2012, 09:54   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Standard

Bundespolizei - Ihr Computer wurde gesperrt, Ukash



Dann ist das ein Fehlalarm. Die anderen Funde sind nur Cookies und Schädlinge in der Quarantäne. Das ist ok

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Bundespolizei - Ihr Computer wurde gesperrt, Ukash
adobe, autorun, bho, bingbar, bonjour, browser, bundespolizei trojaner, computer, device driver, document, downloader, error, explorer, firefox, flash player, gesperrt, home, install.exe, intranet, ip-adresse, logfile, microsoft office word, realtek, registry, rundll, scan, searchscopes, senden, server, siteadvisor, trojan.agent.ge, trojaner, ukash, usb, usb 3.0, version=1.0, windows, wlan



Ähnliche Themen: Bundespolizei - Ihr Computer wurde gesperrt, Ukash


  1. UKASH-Virus/ Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (14)
  2. Ihr Computer wurde gesperrt. UKash
    Log-Analyse und Auswertung - 12.12.2012 (15)
  3. Ihr Computer wurde gesperrt - UKASH
    Log-Analyse und Auswertung - 17.11.2012 (1)
  4. Computer wurde gesperrt zahlen sie 100€ bei Ukash
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (5)
  5. Ihr Computer wurde gesperrt - Bundespolizei - UKASH
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (22)
  6. Ukash - Computer gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (18)
  7. Bundespolizei - Ihr Computer wurde gesperrt - Entsperren Sie mit Ukash
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (10)
  8. Trojaner: Ihr Computer wurde gesperrt Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  9. Bundespolizei Ihr Computer wurde gesterrt - Entsperren Sie mit Ukash
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (36)
  10. Ihr PC wurde gesperrt - Ukash - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (7)
  11. Ihr Computer wurde gesperrt! Ukash
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (6)
  12. Bundespolizei/Ukash/Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (2)
  13. Ihr Computer wurde gesperrt - Bundespolizei, Entsperrung mit Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (2)
  14. Computer wurde gesperrt zahlen sie 100€ bei Ukash
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (20)
  15. Ihr Computer wurde gesperrt + Polizei + Ukash
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  16. Bundespolizei - Ihr Computer wurde gesperrt - Entsperren sie mit Ukash
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  17. Ihr computer wurde gesperrt - bundespolizei - ukash
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)

Zum Thema Bundespolizei - Ihr Computer wurde gesperrt, Ukash - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Bundespolizei - Ihr Computer wurde gesperrt, Ukash...
Archiv
Du betrachtest: Bundespolizei - Ihr Computer wurde gesperrt, Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.