Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner bei Win 7 64 Bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.07.2012, 10:37   #1
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



Hallo.

Habe den Virus leider auch wie viel hier. Er kommt aber immer nur bei bestehender Internetverbindung. sobald ich den Router deaktiviere, kann ich ganz normal auf alles auf den PC zugreifen.
Im abgesicherten Modus mit Netzwerktreibern kommt er nicht

Betriebssystem: Win 7 Home 64 Bit
ist übrigens die Version 1.3 des Trojaners vom Bild her.


Vielen Dank für eure Hilfe


Malewarebytes Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware   (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXXXX :: XXXXXX [Administrator]

Schutz: Aktiviert

06.07.2012 14:06:43
mbam-log-2012-07-06 (14-06-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418779
Laufzeit: 1 Stunde(n), 5 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
hier der OTL Log:

Code:
ATTFilter
OTL logfile created on: 7/6/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\XXXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free
8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/06 12:45:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Downloads\OTL.exe
PRC - [2012/07/05 23:04:24 | 000,056,832 | ---- | M] (Razer) -- C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe
PRC - [2012/05/15 20:40:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/15 10:24:57 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2009/08/17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/24 09:49:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/06/24 09:48:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/24 09:48:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/24 09:48:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/24 09:45:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/24 09:45:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/08/22 03:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/10 02:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Disabled | Stopped] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/07/02 12:52:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/17 11:41:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/09/02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/08/24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/05/21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/05/15 22:14:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/15 20:40:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/15 20:40:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/05/15 10:24:15 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 19:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/05/15 22:14:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/08/24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 6C 09 7B C2 36 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/02 12:52:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 23:12:55 | 000,000,000 | ---D | M]
 
[2012/05/15 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2012/07/05 14:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions
[2012/05/22 22:02:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/06/29 09:47:39 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/07/05 14:14:50 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\cookiemgr@jayapal.com
[2012/07/04 22:52:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\plugin@yontoo.com
[2012/05/17 17:21:39 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\support@lastpass.com
[2012/06/30 14:55:48 | 000,000,853 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\11-suche.xml
[2012/06/21 09:17:42 | 000,000,925 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\conduit.xml
[2012/06/30 14:55:48 | 000,002,209 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\englische-ergebnisse.xml
[2012/06/30 14:55:48 | 000,010,506 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\gmx-suche.xml
[2012/06/29 20:04:56 | 000,001,056 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\icqplugin.xml
[2012/06/30 14:55:48 | 000,002,368 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\lastminute.xml
[2012/06/30 14:55:48 | 000,005,489 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\webde-suche.xml
[2012/05/20 20:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/02 12:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012/05/15 19:53:45 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/06/30 14:55:37 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/07/02 12:52:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/27 11:49:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/27 11:49:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/27 11:49:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/27 11:49:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/27 11:49:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/27 11:49:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0901F52D-E71C-4FD5-BB09-90BA4EF4E0CD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell - "" = AutoRun
O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/06 12:52:53 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/06 12:52:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brotherhood Software
[2012/07/04 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2012/07/04 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v-Grabber
[2012/07/04 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/07/04 22:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/04 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Captcha_Brotherhood
[2012/07/03 00:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/30 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Nero
[2012/06/30 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/06/30 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/06/30 15:13:49 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\Windows\SysWow64\TwnLib20.dll
[2012/06/30 15:13:48 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\Windows\SysWow64\NeroCheck.exe
[2012/06/30 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2012/06/30 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead
[2012/06/27 11:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/06/21 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Noten
[2012/06/21 20:56:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\SnagIt Katalog
[2012/06/21 20:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\TechSmith
[2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnagIt 8
[2012/06/21 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/17 11:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/06/17 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/17 11:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/06/17 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Media Player Classic
[2012/06/17 11:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/17 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/16 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Application Data
[2012/06/16 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Macromedia
[2012/06/13 22:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/06/13 22:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012/06/13 22:07:01 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2012/06/13 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 16:02:49 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable
[2012/07/06 16:02:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 16:02:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/06 16:02:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 16:02:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/06 16:02:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 15:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 15:57:22 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 15:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 13:31:47 | 000,001,738 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/07/06 13:11:10 | 000,001,655 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/06 12:52:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\  Malwarebytes Anti-Malware  .lnk
[2012/07/05 19:30:43 | 000,002,328 | ---- | M] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk
[2012/07/05 18:27:23 | 000,000,168 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\default.rss
[2012/06/27 11:42:41 | 000,002,096 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/21 20:33:52 | 000,285,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 22:08:21 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
 
========== Files Created - No Company Name ==========
 
[2012/07/06 16:02:49 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable
[2012/07/06 12:52:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\  Malwarebytes Anti-Malware  .lnk
[2012/07/05 19:30:43 | 000,002,328 | ---- | C] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk
[2012/07/05 18:27:23 | 000,000,168 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\default.rss
[2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012/07/04 23:36:27 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012/06/17 11:41:53 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/17 11:21:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/13 22:08:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/13 22:07:38 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/06/13 22:07:38 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/06/13 22:07:38 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/05/15 20:46:53 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/05/15 20:07:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/05/15 10:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 00:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/08 00:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2012/05/15 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2012/05/30 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ
[2012/07/05 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mp3tag
[2012/05/25 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Samsung
[2012/05/25 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Temp
[2009/07/14 07:08:49 | 000,018,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
und hier der Extra Log von OTL:

Code:
ATTFilter
OTL Extras logfile created on: 7/6/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\XXXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free
8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F2B793-C762-4DE1-BA25-7B2C664888A0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{07EF8F31-2A59-45FC-97C8-29A5343CFB1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18A3E7EF-38EB-4356-86E2-0C83DE8FA5AC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{19CEF19F-1DB4-4CA7-A63C-67D0FF361BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1B7596EA-B7C4-49CA-9E9F-403D1085D1A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{208FDEEE-914D-4BAE-A244-7F2A05E48C82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C67B78-388B-4958-8C53-BF1D732EB475}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2ED2908C-4DFC-4E0A-8BDD-F933C21723B7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{30D3865D-BC94-4EAC-9FC0-E496DBDE10FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AFBB47E-31B9-4DFD-997E-2BAA78B5994A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{42057307-C778-42FB-B8E6-C9B61098DEBC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{567A15C0-1299-42D8-AAA3-D5E6527971C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{58B0B87A-BE22-40D5-9470-7BFAB8FCB54D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{68123E04-D368-4148-9211-CEC311B4FD98}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7B7ED4B8-B49A-4B69-A86E-570B246CD6EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{90D175A1-DB31-4D27-9FF6-773350342A70}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9D71084C-9020-47B6-BD5C-FB3E89FCEDBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD320B5B-F33C-4771-8A7A-D57C86A4A921}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BAC5EEB2-A1D7-4D51-AA32-05CFAFFE9088}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BDCD3FB9-D556-43F2-946A-83E18E04652D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3B805BA-3A47-4F8B-B50C-666BA5D01595}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA5F316D-EC91-4A3C-BC6C-67BD4BE0EE0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0A7FEE9-F79B-40EA-B740-5190EFF4D33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D70C9092-7BD9-4A64-B1BF-8EE59C068006}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E2D1FB10-EFD3-436E-A44E-62CD400D8E1C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E97DCA6C-ECE2-4694-AAAF-7C9C8A0B74BD}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD58F70-6F82-42A6-983E-C4B88BC7E7D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{11275490-D433-49A8-94FF-77E97BD51959}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1D9F4B56-6420-407F-960A-8BD3BDA2A9CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{237ADCE9-E9BC-4586-8AF2-941A8D9BFBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A71B319-4433-4599-8757-955F8F1F395B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{2BC8330D-7A3E-41C3-8C6F-BEC66B14CFEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2F593765-8717-4103-ABCB-CFC60039C263}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3ABE48A1-CE9F-4301-A8F2-BB7201B0DAB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{4113A1F9-57BA-4CA2-85FD-B2CBB9988BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{44AD043A-9238-4D37-BE97-BA3B6ECE168B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | 
"{4E2FBDA4-E2B3-41CC-83C1-913CF8611FB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{551440C4-421C-44F7-ABF3-537B1C03D5E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{658C2492-DA79-4B3D-AA8C-5BAA29C42461}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6DB0D47B-A709-4FE4-BD0F-DBAE025D9FA3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{726CDAE4-6F0D-4ADD-B974-6DCD436D2728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7805EB47-6DB6-440E-8FAB-79EA721B3705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7F8784E2-15CA-42EA-8345-20F60CE1DEC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{813174B3-BC56-4604-ABFE-492BFEB8323D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{934E1510-D8BC-4E16-987C-7EF0B0ACA32D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{955DA87E-C8C0-435F-B4F5-93B99970CA8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{A697DEE4-4609-4837-977E-2790E20E3ADF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A955CFB4-350E-45EB-84A4-9117D1E78071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AF279E52-86DE-43BF-BB5F-4CF9174CF2B5}" = protocol=6 | dir=out | app=system | 
"{B89ADABB-5765-4EF5-AC95-088EAC5B2229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3B2F0A7-03A5-4924-AC78-892371AD1E3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D36E159F-2510-4984-97E2-10B2B0690794}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DBFA73EF-0BD7-4195-B509-C29DD85CE9D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF12E20A-C01D-4ABE-BBBD-58C18CBF4407}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{E8CD6107-E436-443E-ABF4-AF4C958680F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB1407F1-E0A3-44E1-9370-95B8BC909440}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F32E33B2-EA5B-4B72-B899-CD0D76A21872}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{1EF9AC67-C2AB-4CC9-BF41-183DB87AD6BE}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"TCP Query User{8B1648BE-CDEE-4B5C-982F-9D2FD6F55D96}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C93EDE71-3941-477B-BDC8-9E082204F380}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{EC20AB66-CDC5-4CC4-9A4F-59DBE407C27B}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{4853ECC6-8D95-4742-9632-E77EA2699825}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{4D3EBD1C-A7E2-4B2D-AC60-6A19FB3E5EE2}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{66C4C244-B793-44C5-8F12-F35891E1272B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{858D137D-FF21-4CA0-B535-B43D400270E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DBC38C9-D776-3050-FD3E-F4B5E99CCDDC}" = AMD Fuel
"{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64
"{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders
"{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish
"{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard
"{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2010100b-ec0d-4b02-be23-f2ad4a498994}" = Nero 9
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = AMD VISION Engine Control Center
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean
"{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All
"{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian
"{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai
"{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian
"{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional
"{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish
"0630-0716-3135-7887" = JDownloader 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/25/2012 4:47:24 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 6/25/2012 4:47:27 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 6/25/2012 11:09:16 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/25/2012 2:35:13 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xef4  Startzeit der fehlerhaften Anwendung:
 0x01cd530063fc409b  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 7fdb03c3-bef4-11e1-92d2-e0cb4e111fc8
 
Error - 6/25/2012 2:55:20 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x10e4  Startzeit der fehlerhaften Anwendung:
 0x01cd5302960dbd1d  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 4f995e7d-bef7-11e1-92d2-e0cb4e111fc8
 
Error - 6/25/2012 6:31:22 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/26/2012 4:14:37 AM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.0.4534,
 Zeitstempel: 0x4fc8243c  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x65ae9903  ID des fehlerhaften Prozesses: 0xf48  Startzeit der fehlerhaften Anwendung:
 0x01cd537318f64c93  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 f7b72562-bf66-11e1-92d2-e0cb4e111fc8
 
Error - 6/26/2012 6:30:55 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/27/2012 2:25:21 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung:
 0x01cd548fc6ac21f5  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 741d4901-c085-11e1-92d2-e0cb4e111fc8
 
Error - 6/28/2012 3:46:36 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

Alt 12.07.2012, 18:04   #2
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



hi
füge im script deinen nutzernamen ein.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer)
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
__________________

__________________

Alt 13.07.2012, 13:51   #3
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



so hier der OTL Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Sarama\AppData\Local\Temp\zfguvbsoiblghw.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sarama
->Flash cache emptied: 10589 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sarama
->Temp folder emptied: 2787351295 bytes
->Temporary Internet Files folder emptied: 268615625 bytes
->Java cache emptied: 603 bytes
->FireFox cache emptied: 826553248 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141485289 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46360731 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,882.00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_114351

Files\Folders moved on Reboot...
C:\Users\Sarama\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Sarama\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
übrigens geht jetzt Internet wieder und kommt und das auch im normalen Modus. und der Task-Manager geht auch wieder aufzurufen, den hatte der Trojaner auch blockiert.

Vielen Dank schonmal. Soll ich trotzdem noch was machen?
Und was meinst du mit "Benutzernamen in Script einfügen"?
Meinst du, da wo die XXXX stehen?

LG!
__________________

Alt 13.07.2012, 17:05   #4
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



ja genau da :-)
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.07.2012, 23:24   #5
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



Hier der ComboFix Log:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-13.03 - Sarama 13.07.2012  23:34:39.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2315 [GMT 2:00]
ausgeführt von:: c:\users\Sarama\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\windows\SysWow64\muzapp.exe
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 21:55 . 2012-07-13 21:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-13 21:31 . 2012-07-13 21:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-13 21:30 . 2012-07-13 21:30	--------	d-----w-	c:\program files (x86)\Oracle
2012-07-13 21:29 . 2012-07-13 21:29	--------	d-----w-	c:\program files (x86)\Java
2012-07-13 12:53 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-13 12:39 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-13 12:39 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-07-13 12:39 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-13 12:39 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-13 12:39 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-13 12:39 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-07-13 12:37 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{62DFFB58-51CF-423E-B612-

3C0AFE1DEFB2}\mpengine.dll
2012-07-13 09:43 . 2012-07-13 09:43	--------	d-----w-	C:\_OTL
2012-07-06 15:13 . 2012-07-06 15:13	--------	d-----w-	c:\users\Sarama\AppData\Local\ElevatedDiagnostics
2012-07-06 10:52 . 2012-07-06 10:52	--------	d-----w-	c:\users\Sarama\AppData\Roaming\Malwarebytes
2012-07-06 10:52 . 2012-07-06 10:52	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-06 10:52 . 2012-07-06 10:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 10:52 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-05 17:30 . 2012-07-05 17:30	--------	d-----w-	c:\program files (x86)\JDownloader
2012-07-05 17:30 . 2012-07-05 17:30	--------	d-----w-	c:\program files (x86)\Brotherhood Software
2012-07-04 21:35 . 2012-07-12 21:47	--------	d-----w-	c:\program files (x86)\JDownloader 2
2012-07-04 20:52 . 2012-07-04 20:52	--------	d-----w-	c:\program files (x86)\v-Grabber
2012-07-04 20:52 . 2012-07-04 20:52	--------	d-----w-	c:\program files (x86)\Yontoo
2012-07-04 20:52 . 2012-07-04 20:52	--------	d-----w-	c:\programdata\Tarma Installer
2012-07-04 20:29 . 2012-07-07 10:25	--------	d-----w-	c:\users\Sarama\AppData\Local\Captcha_Brotherhood
2012-07-02 22:21 . 2012-07-02 22:21	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-06-30 13:54 . 2012-06-30 13:59	--------	d-----w-	c:\users\Sarama\AppData\Roaming\Nero
2012-06-30 13:23 . 2012-06-30 13:39	--------	d-----w-	c:\program files (x86)\Nero
2012-06-30 13:22 . 2012-06-30 13:53	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2012-06-30 13:22 . 2012-06-30 13:30	--------	d-----w-	c:\programdata\Nero
2012-06-30 13:13 . 2000-06-26 08:45	106496	----a-w-	c:\windows\SysWow64\TwnLib20.dll
2012-06-30 13:13 . 2012-06-30 13:13	--------	d-----w-	c:\program files (x86)\Common Files\Ahead
2012-06-30 13:13 . 2001-07-09 08:50	155648	----a-w-	c:\windows\SysWow64\NeroCheck.exe
2012-06-30 13:13 . 2012-06-30 13:47	--------	d-----w-	c:\program files (x86)\Ahead
2012-06-25 11:03 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-25 11:03 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-25 11:03 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-25 11:03 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-25 11:03 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-25 11:03 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-25 11:03 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-25 11:03 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-25 11:03 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-24 08:28 . 2012-06-24 08:28	--------	d-----w-	c:\program files (x86)\Microsoft
2012-06-21 18:55 . 2012-06-21 18:55	--------	d-----w-	c:\programdata\TechSmith
2012-06-21 18:55 . 2012-06-21 18:55	--------	d-----w-	c:\users\Sarama\AppData\Local\TechSmith
2012-06-21 18:55 . 2012-06-21 18:55	--------	d-----w-	c:\program files (x86)\TechSmith
2012-06-17 09:41 . 2012-06-17 09:41	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-06-17 09:41 . 2012-06-17 09:41	--------	d-----w-	c:\programdata\McAfee
2012-06-17 09:41 . 2012-06-27 09:42	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-06-17 09:24 . 2012-06-17 09:24	--------	d-----w-	c:\users\Sarama\AppData\Roaming\Media Player Classic
2012-06-17 09:21 . 2011-03-02 10:43	175616	----a-w-	c:\windows\SysWow64\unrar.dll
2012-06-17 09:21 . 2012-06-17 09:22	--------	d-----w-	c:\program files (x86)\K-Lite Codec Pack
2012-06-17 09:13 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-17 09:13 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-06-17 09:13 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-06-17 09:13 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-17 09:13 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-16 20:27 . 2012-06-16 20:27	--------	d-----w-	c:\users\Sarama\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:06 . 2012-05-15 19:24	772544	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 20:06 . 2012-05-15 19:24	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-17 09:41 . 2012-05-16 21:38	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 09:41 . 2012-05-16 21:38	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 10:25 . 2012-05-15 17:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-29 20:42 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-21 02:09 . 2012-05-25 13:21	99384	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-05-21 02:09 . 2012-05-25 13:21	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-05-19 07:52 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-05-19 07:52 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-05-16 19:31 . 2012-05-16 19:31	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-16 19:31 . 2012-05-16 19:31	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-05-16 19:31 . 2012-05-16 19:31	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-05-16 19:31 . 2012-05-16 19:31	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-16 19:31 . 2012-05-16 19:31	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-05-16 19:31 . 2012-05-16 19:31	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-05-16 19:31 . 2012-05-16 19:31	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-05-16 19:31 . 2012-05-16 19:31	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-05-16 19:31 . 2012-05-16 19:31	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-05-16 19:31 . 2012-05-16 19:31	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-05-16 19:31 . 2012-05-16 19:31	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-05-16 19:31 . 2012-05-16 19:31	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-05-16 19:31 . 2012-05-16 19:31	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-05-16 19:31 . 2012-05-16 19:31	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-05-16 19:31 . 2012-05-16 19:31	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-05-16 19:31 . 2012-05-16 19:31	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-05-16 19:31 . 2012-05-16 19:31	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-05-16 19:31 . 2012-05-16 19:31	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-05-16 19:31 . 2012-05-16 19:31	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-05-16 19:31 . 2012-05-16 19:31	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-05-16 19:31 . 2012-05-16 19:31	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-05-16 19:31 . 2012-05-16 19:31	448512	----a-w-	c:\windows\system32\html.iec
2012-05-16 19:31 . 2012-05-16 19:31	222208	----a-w-	c:\windows\system32\msls31.dll
2012-05-16 19:31 . 2012-05-16 19:31	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-05-16 19:31 . 2012-05-16 19:31	12288	----a-w-	c:\windows\system32\mshta.exe
2012-05-16 19:31 . 2012-05-16 19:31	114176	----a-w-	c:\windows\system32\admparse.dll
2012-05-16 19:31 . 2012-05-16 19:31	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-16 19:31 . 2012-05-16 19:31	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-05-16 19:31 . 2012-05-16 19:31	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-05-16 19:31 . 2012-05-16 19:31	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-16 19:31 . 2012-05-16 19:31	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-05-16 19:31 . 2012-05-16 19:31	160256	----a-w-	c:\windows\system32\wextract.exe
2012-05-15 20:14 . 2012-05-15 20:14	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-15 18:40 . 2012-05-15 17:36	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-15 18:40 . 2012-05-15 17:36	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-15 08:24 . 2012-05-15 08:24	520192	----a-w-	c:\windows\SysWow64\ASUS_Screensaver.scr
2012-05-15 08:24 . 2012-05-15 08:24	3054136	----a-w-	c:\windows\AsScrPro.exe
2012-05-15 08:24 . 2012-05-15 08:24	35384	----a-w-	c:\windows\system32\drivers\AsDsm.sys
2012-05-04 11:06 . 2012-06-13 19:10	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 19:10	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 19:10	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55 . 2012-06-13 19:10	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 19:10	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 19:10	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 19:10	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-15 348624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 7168]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer

\CLMSMonitorService.exe [2011-09-02 75048]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 

292136]
R4 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-13 113120]
R4 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/15 22:14];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 10:08 

148976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 FastBootAgent;FastBootAgent;c:\windows\system32\FBAgent.exe [2009-08-22 356480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [2009-05-18 343592]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sarama\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - user.js: extentions.y2layers.installId - 6cdfe064-5e3b-4a6a-a60f-56ace05554d3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-14  00:06:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-13 22:06
.
Vor Suchlauf: 9 Verzeichnis(se), 45.446.541.312 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 44.821.016.576 Bytes frei
.
- - End Of File - - 27F6020677E2982042FA3C992648CB7A
         
--- --- ---


Alt 15.07.2012, 20:27   #6
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Bundespolizei Trojaner bei Win 7 64 Bit

Alt 15.07.2012, 21:52   #7
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



hier der TDSS Killer Log:

Code:
ATTFilter
22:42:52.0234 2104	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
22:42:52.0520 2104	============================================================
22:42:52.0520 2104	Current date / time: 2012/07/15 22:42:52.0520
22:42:52.0520 2104	SystemInfo:
22:42:52.0520 2104	
22:42:52.0520 2104	OS Version: 6.1.7601 ServicePack: 1.0
22:42:52.0520 2104	Product type: Workstation
22:42:52.0520 2104	ComputerName: SARAMA
22:42:52.0521 2104	UserName: Sarama
22:42:52.0521 2104	Windows directory: C:\Windows
22:42:52.0521 2104	System windows directory: C:\Windows
22:42:52.0521 2104	Running under WOW64
22:42:52.0521 2104	Processor architecture: Intel x64
22:42:52.0521 2104	Number of processors: 2
22:42:52.0521 2104	Page size: 0x1000
22:42:52.0521 2104	Boot type: Normal boot
22:42:52.0521 2104	============================================================
22:42:54.0199 2104	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:54.0205 2104	============================================================
22:42:54.0205 2104	\Device\Harddisk0\DR0:
22:42:54.0205 2104	MBR partitions:
22:42:54.0205 2104	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x950A600
22:42:54.0222 2104	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB2557B7, BlocksNum 0x1A1D7F0A
22:42:54.0222 2104	============================================================
22:42:54.0275 2104	C: <-> \Device\Harddisk0\DR0\Partition0
22:42:54.0295 2104	D: <-> \Device\Harddisk0\DR0\Partition1
22:42:54.0295 2104	============================================================
22:42:54.0295 2104	Initialize success
22:42:54.0296 2104	============================================================
22:43:53.0697 5212	============================================================
22:43:53.0697 5212	Scan started
22:43:53.0697 5212	Mode: Manual; SigCheck; TDLFS; 
22:43:53.0697 5212	============================================================
22:43:56.0481 5212	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:43:56.0637 5212	1394ohci - ok
22:43:56.0668 5212	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:43:56.0699 5212	ACPI - ok
22:43:56.0715 5212	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:43:56.0793 5212	AcpiPmi - ok
22:43:56.0949 5212	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:43:56.0964 5212	AdobeARMservice - ok
22:43:57.0245 5212	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:43:57.0261 5212	AdobeFlashPlayerUpdateSvc - ok
22:43:57.0323 5212	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:43:57.0370 5212	adp94xx - ok
22:43:57.0385 5212	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:43:57.0417 5212	adpahci - ok
22:43:57.0432 5212	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:43:57.0463 5212	adpu320 - ok
22:43:57.0619 5212	ADSMService     (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
22:43:57.0651 5212	ADSMService ( UnsignedFile.Multi.Generic ) - warning
22:43:57.0651 5212	ADSMService - detected UnsignedFile.Multi.Generic (1)
22:43:57.0682 5212	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:43:57.0807 5212	AeLookupSvc - ok
22:43:57.0869 5212	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:43:57.0931 5212	AFD - ok
22:43:57.0978 5212	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:43:57.0994 5212	agp440 - ok
22:43:58.0025 5212	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:43:58.0072 5212	ALG - ok
22:43:58.0103 5212	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:43:58.0119 5212	aliide - ok
22:43:58.0150 5212	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
22:43:58.0259 5212	AMD External Events Utility - ok
22:43:58.0321 5212	AMD FUEL Service - ok
22:43:58.0368 5212	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:43:58.0384 5212	amdide - ok
22:43:58.0415 5212	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:43:58.0462 5212	amdiox64 - ok
22:43:58.0493 5212	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:43:58.0540 5212	AmdK8 - ok
22:43:59.0008 5212	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:59.0335 5212	amdkmdag - ok
22:43:59.0710 5212	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:43:59.0772 5212	amdkmdap - ok
22:43:59.0819 5212	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:43:59.0850 5212	AmdPPM - ok
22:43:59.0881 5212	amdsata         (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys
22:43:59.0897 5212	amdsata - ok
22:43:59.0928 5212	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:43:59.0944 5212	amdsbs - ok
22:43:59.0975 5212	amdxata         (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys
22:43:59.0991 5212	amdxata - ok
22:44:00.0225 5212	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:44:00.0240 5212	AntiVirSchedulerService - ok
22:44:00.0287 5212	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:44:00.0303 5212	AntiVirService - ok
22:44:00.0349 5212	AnyDVD          (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
22:44:00.0365 5212	AnyDVD - ok
22:44:00.0443 5212	AODDriver4.1    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:44:00.0459 5212	AODDriver4.1 - ok
22:44:00.0490 5212	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:44:00.0646 5212	AppID - ok
22:44:00.0677 5212	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:44:00.0739 5212	AppIDSvc - ok
22:44:00.0786 5212	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:44:00.0833 5212	Appinfo - ok
22:44:01.0114 5212	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:44:01.0129 5212	arc - ok
22:44:01.0145 5212	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:44:01.0161 5212	arcsas - ok
22:44:01.0254 5212	AsDsm           (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
22:44:01.0270 5212	AsDsm - ok
22:44:01.0348 5212	ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
22:44:01.0363 5212	ASLDRService - ok
22:44:01.0410 5212	ASMMAP64        (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
22:44:01.0426 5212	ASMMAP64 - ok
22:44:01.0441 5212	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:01.0504 5212	AsyncMac - ok
22:44:01.0551 5212	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:44:01.0566 5212	atapi - ok
22:44:01.0707 5212	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
22:44:01.0847 5212	athr - ok
22:44:02.0627 5212	atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:02.0783 5212	atikmdag - ok
22:44:03.0157 5212	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:44:03.0173 5212	AtiPcie - ok
22:44:03.0267 5212	ATKGFNEXSrv     (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
22:44:03.0313 5212	ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
22:44:03.0313 5212	ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
22:44:03.0376 5212	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:44:03.0454 5212	AudioEndpointBuilder - ok
22:44:03.0469 5212	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:44:03.0516 5212	AudioSrv - ok
22:44:03.0594 5212	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
22:44:03.0610 5212	avgntflt - ok
22:44:03.0641 5212	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
22:44:03.0657 5212	avipbb - ok
22:44:03.0672 5212	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:44:03.0688 5212	avkmgr - ok
22:44:03.0750 5212	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:44:03.0797 5212	AxInstSV - ok
22:44:03.0844 5212	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:44:03.0891 5212	b06bdrv - ok
22:44:03.0937 5212	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:44:03.0969 5212	b57nd60a - ok
22:44:04.0000 5212	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:44:04.0031 5212	BDESVC - ok
22:44:04.0062 5212	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:44:04.0125 5212	Beep - ok
22:44:04.0203 5212	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:44:04.0281 5212	BFE - ok
22:44:04.0343 5212	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:44:04.0468 5212	BITS - ok
22:44:04.0577 5212	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:04.0608 5212	blbdrive - ok
22:44:04.0639 5212	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:44:04.0671 5212	bowser - ok
22:44:04.0702 5212	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:04.0780 5212	BrFiltLo - ok
22:44:04.0780 5212	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:04.0811 5212	BrFiltUp - ok
22:44:04.0858 5212	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:44:04.0936 5212	BridgeMP - ok
22:44:04.0983 5212	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:44:05.0045 5212	Browser - ok
22:44:05.0092 5212	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:44:05.0139 5212	Brserid - ok
22:44:05.0170 5212	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:05.0201 5212	BrSerWdm - ok
22:44:05.0201 5212	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:05.0232 5212	BrUsbMdm - ok
22:44:05.0248 5212	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:05.0263 5212	BrUsbSer - ok
22:44:05.0295 5212	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:05.0310 5212	BTHMODEM - ok
22:44:05.0357 5212	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:44:05.0419 5212	bthserv - ok
22:44:05.0435 5212	catchme - ok
22:44:05.0482 5212	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:44:05.0560 5212	cdfs - ok
22:44:05.0607 5212	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:44:05.0669 5212	cdrom - ok
22:44:05.0716 5212	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:44:05.0763 5212	CertPropSvc - ok
22:44:05.0809 5212	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:44:05.0841 5212	circlass - ok
22:44:05.0887 5212	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:44:05.0919 5212	CLFS - ok
22:44:06.0199 5212	CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
22:44:06.0231 5212	CLHNServiceForPowerDVD - ok
22:44:06.0387 5212	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:06.0449 5212	clr_optimization_v2.0.50727_32 - ok
22:44:06.0543 5212	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:44:06.0621 5212	clr_optimization_v2.0.50727_64 - ok
22:44:06.0823 5212	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:07.0057 5212	clr_optimization_v4.0.30319_32 - ok
22:44:07.0213 5212	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:44:07.0369 5212	clr_optimization_v4.0.30319_64 - ok
22:44:07.0385 5212	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:07.0416 5212	CmBatt - ok
22:44:07.0447 5212	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:44:07.0463 5212	cmdide - ok
22:44:07.0510 5212	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:44:07.0588 5212	CNG - ok
22:44:07.0619 5212	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:44:07.0635 5212	Compbatt - ok
22:44:07.0666 5212	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:44:07.0697 5212	CompositeBus - ok
22:44:07.0713 5212	COMSysApp - ok
22:44:07.0728 5212	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:07.0744 5212	crcdisk - ok
22:44:07.0791 5212	CRFILTER        (64beed6775c22b0362fa9ded3f8124a1) C:\Windows\system32\DRIVERS\CRFILTER.sys
22:44:07.0822 5212	CRFILTER - ok
22:44:07.0869 5212	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:44:07.0900 5212	CryptSvc - ok
22:44:08.0118 5212	CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
22:44:08.0134 5212	CyberLink PowerDVD 11.0 Monitor Service - ok
22:44:08.0181 5212	CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
22:44:08.0196 5212	CyberLink PowerDVD 11.0 Service - ok
22:44:08.0259 5212	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:44:08.0337 5212	DcomLaunch - ok
22:44:08.0399 5212	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:44:08.0477 5212	defragsvc - ok
22:44:08.0571 5212	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:44:08.0633 5212	DfsC - ok
22:44:08.0680 5212	dg_ssudbus      (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
22:44:08.0711 5212	dg_ssudbus - ok
22:44:08.0758 5212	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:44:08.0836 5212	Dhcp - ok
22:44:08.0883 5212	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:44:08.0945 5212	discache - ok
22:44:08.0976 5212	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:44:08.0992 5212	Disk - ok
22:44:09.0039 5212	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:44:09.0070 5212	Dnscache - ok
22:44:09.0132 5212	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:44:09.0195 5212	dot3svc - ok
22:44:09.0226 5212	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:44:09.0304 5212	DPS - ok
22:44:09.0335 5212	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:44:09.0366 5212	drmkaud - ok
22:44:09.0413 5212	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:44:09.0444 5212	dtsoftbus01 - ok
22:44:09.0507 5212	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:44:09.0569 5212	DXGKrnl - ok
22:44:09.0631 5212	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:44:09.0694 5212	EapHost - ok
22:44:09.0850 5212	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:44:09.0975 5212	ebdrv - ok
22:44:10.0224 5212	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:44:10.0271 5212	EFS - ok
22:44:10.0411 5212	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:44:10.0489 5212	ehRecvr - ok
22:44:10.0521 5212	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:44:10.0552 5212	ehSched - ok
22:44:10.0677 5212	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:44:10.0692 5212	ElbyCDIO - ok
22:44:10.0755 5212	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:44:10.0786 5212	elxstor - ok
22:44:10.0817 5212	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:44:10.0848 5212	ErrDev - ok
22:44:10.0879 5212	ETD             (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys
22:44:10.0942 5212	ETD - ok
22:44:10.0989 5212	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:44:11.0051 5212	EventSystem - ok
22:44:11.0098 5212	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:44:11.0160 5212	exfat - ok
22:44:11.0223 5212	FastBootAgent   (b9352b6c6cc8274bdea3e59dc2e59be4) C:\Windows\system32\FBAgent.exe
22:44:11.0254 5212	FastBootAgent - ok
22:44:11.0269 5212	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:44:11.0332 5212	fastfat - ok
22:44:11.0394 5212	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:44:11.0457 5212	Fax - ok
22:44:11.0472 5212	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:44:11.0519 5212	fdc - ok
22:44:11.0550 5212	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:44:11.0597 5212	fdPHost - ok
22:44:11.0613 5212	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:44:11.0675 5212	FDResPub - ok
22:44:11.0706 5212	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:44:11.0722 5212	FileInfo - ok
22:44:11.0737 5212	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:44:11.0800 5212	Filetrace - ok
22:44:11.0800 5212	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:11.0831 5212	flpydisk - ok
22:44:11.0862 5212	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:44:11.0893 5212	FltMgr - ok
22:44:11.0956 5212	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:44:12.0018 5212	FontCache - ok
22:44:12.0112 5212	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:12.0127 5212	FontCache3.0.0.0 - ok
22:44:12.0237 5212	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:44:12.0252 5212	FsDepends - ok
22:44:12.0283 5212	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:44:12.0299 5212	Fs_Rec - ok
22:44:12.0346 5212	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:44:12.0377 5212	fvevol - ok
22:44:12.0393 5212	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:12.0408 5212	gagp30kx - ok
22:44:12.0471 5212	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:44:12.0549 5212	gpsvc - ok
22:44:12.0580 5212	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:44:12.0595 5212	hcw85cir - ok
22:44:12.0642 5212	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:44:12.0705 5212	HdAudAddService - ok
22:44:12.0720 5212	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:44:12.0751 5212	HDAudBus - ok
22:44:12.0783 5212	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:12.0814 5212	HidBatt - ok
22:44:12.0829 5212	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:44:12.0861 5212	HidBth - ok
22:44:12.0892 5212	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:44:12.0923 5212	HidIr - ok
22:44:12.0939 5212	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:44:13.0001 5212	hidserv - ok
22:44:13.0048 5212	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:44:13.0063 5212	HidUsb - ok
22:44:13.0095 5212	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:44:13.0157 5212	hkmsvc - ok
22:44:13.0188 5212	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:44:13.0219 5212	HomeGroupListener - ok
22:44:13.0266 5212	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:44:13.0297 5212	HomeGroupProvider - ok
22:44:13.0344 5212	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:44:13.0360 5212	HpSAMD - ok
22:44:13.0422 5212	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:44:13.0500 5212	HTTP - ok
22:44:13.0531 5212	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:44:13.0547 5212	hwpolicy - ok
22:44:13.0578 5212	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:44:13.0609 5212	i8042prt - ok
22:44:13.0656 5212	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:44:13.0687 5212	iaStorV - ok
22:44:13.0843 5212	ICQ Service     (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
22:44:13.0859 5212	ICQ Service - ok
22:44:14.0062 5212	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:44:14.0124 5212	idsvc - ok
22:44:14.0389 5212	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:44:14.0405 5212	iirsp - ok
22:44:14.0467 5212	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:44:14.0545 5212	IKEEXT - ok
22:44:14.0577 5212	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:44:14.0592 5212	intelide - ok
22:44:14.0623 5212	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:44:14.0639 5212	intelppm - ok
22:44:14.0686 5212	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:44:14.0764 5212	IPBusEnum - ok
22:44:14.0795 5212	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:14.0857 5212	IpFilterDriver - ok
22:44:14.0904 5212	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:44:14.0967 5212	iphlpsvc - ok
22:44:15.0013 5212	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:44:15.0045 5212	IPMIDRV - ok
22:44:15.0091 5212	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:44:15.0138 5212	IPNAT - ok
22:44:15.0154 5212	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:44:15.0232 5212	IRENUM - ok
22:44:15.0247 5212	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:44:15.0263 5212	isapnp - ok
22:44:15.0294 5212	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:44:15.0325 5212	iScsiPrt - ok
22:44:15.0341 5212	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:44:15.0357 5212	kbdclass - ok
22:44:15.0388 5212	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:44:15.0419 5212	kbdhid - ok
22:44:15.0466 5212	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
22:44:15.0481 5212	kbfiltr - ok
22:44:15.0528 5212	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:15.0544 5212	KeyIso - ok
22:44:15.0575 5212	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:44:15.0591 5212	KSecDD - ok
22:44:15.0622 5212	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:44:15.0653 5212	KSecPkg - ok
22:44:15.0669 5212	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:44:15.0731 5212	ksthunk - ok
22:44:15.0778 5212	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:44:15.0856 5212	KtmRm - ok
22:44:15.0887 5212	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:44:15.0981 5212	LanmanServer - ok
22:44:16.0027 5212	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:44:16.0074 5212	LanmanWorkstation - ok
22:44:16.0121 5212	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:44:16.0168 5212	lltdio - ok
22:44:16.0215 5212	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:44:16.0277 5212	lltdsvc - ok
22:44:16.0293 5212	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:44:16.0355 5212	lmhosts - ok
22:44:16.0386 5212	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:16.0402 5212	LSI_FC - ok
22:44:16.0417 5212	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:16.0433 5212	LSI_SAS - ok
22:44:16.0464 5212	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:16.0495 5212	LSI_SAS2 - ok
22:44:16.0511 5212	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:16.0527 5212	LSI_SCSI - ok
22:44:16.0542 5212	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:44:16.0605 5212	luafv - ok
22:44:16.0620 5212	lullaby         (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
22:44:16.0636 5212	lullaby - ok
22:44:16.0683 5212	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:44:16.0714 5212	MBAMProtector - ok
22:44:16.0807 5212	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:44:16.0870 5212	MBAMService - ok
22:44:17.0041 5212	McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
22:44:17.0073 5212	McComponentHostService - ok
22:44:17.0119 5212	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:44:17.0135 5212	Mcx2Svc - ok
22:44:17.0166 5212	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:44:17.0182 5212	megasas - ok
22:44:17.0197 5212	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:17.0229 5212	MegaSR - ok
22:44:17.0260 5212	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:44:17.0322 5212	MMCSS - ok
22:44:17.0338 5212	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:44:17.0385 5212	Modem - ok
22:44:17.0416 5212	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:44:17.0431 5212	monitor - ok
22:44:17.0463 5212	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:44:17.0478 5212	mouclass - ok
22:44:17.0509 5212	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:44:17.0541 5212	mouhid - ok
22:44:17.0587 5212	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:44:17.0603 5212	mountmgr - ok
22:44:17.0681 5212	MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:44:17.0697 5212	MozillaMaintenance - ok
22:44:17.0728 5212	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:44:17.0743 5212	mpio - ok
22:44:17.0775 5212	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:44:17.0821 5212	mpsdrv - ok
22:44:17.0884 5212	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:44:17.0962 5212	MpsSvc - ok
22:44:17.0993 5212	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:44:18.0024 5212	MRxDAV - ok
22:44:18.0055 5212	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:18.0118 5212	mrxsmb - ok
22:44:18.0149 5212	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:18.0180 5212	mrxsmb10 - ok
22:44:18.0211 5212	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:18.0258 5212	mrxsmb20 - ok
22:44:18.0305 5212	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:44:18.0321 5212	msahci - ok
22:44:18.0352 5212	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:44:18.0367 5212	msdsm - ok
22:44:18.0399 5212	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:44:18.0430 5212	MSDTC - ok
22:44:18.0461 5212	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:44:18.0523 5212	Msfs - ok
22:44:18.0523 5212	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:44:18.0586 5212	mshidkmdf - ok
22:44:18.0601 5212	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:44:18.0617 5212	msisadrv - ok
22:44:18.0648 5212	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:44:18.0711 5212	MSiSCSI - ok
22:44:18.0711 5212	msiserver - ok
22:44:18.0757 5212	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:44:18.0820 5212	MSKSSRV - ok
22:44:18.0820 5212	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:18.0882 5212	MSPCLOCK - ok
22:44:18.0882 5212	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:44:18.0929 5212	MSPQM - ok
22:44:18.0976 5212	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:44:19.0007 5212	MsRPC - ok
22:44:19.0054 5212	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:44:19.0069 5212	mssmbios - ok
22:44:19.0116 5212	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:44:19.0163 5212	MSTEE - ok
22:44:19.0194 5212	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:19.0210 5212	MTConfig - ok
22:44:19.0241 5212	MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
22:44:19.0257 5212	MTsensor - ok
22:44:19.0272 5212	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:44:19.0319 5212	Mup - ok
22:44:19.0366 5212	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:44:19.0444 5212	napagent - ok
22:44:19.0491 5212	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:44:19.0537 5212	NativeWifiP - ok
22:44:19.0615 5212	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:44:19.0662 5212	NDIS - ok
22:44:19.0693 5212	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:19.0756 5212	NdisCap - ok
22:44:19.0771 5212	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:19.0834 5212	NdisTapi - ok
22:44:19.0912 5212	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:19.0959 5212	Ndisuio - ok
22:44:20.0005 5212	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:20.0068 5212	NdisWan - ok
22:44:20.0099 5212	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:44:20.0146 5212	NDProxy - ok
22:44:20.0349 5212	Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:44:20.0395 5212	Nero BackItUp Scheduler 4.0 - ok
22:44:20.0442 5212	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:44:20.0505 5212	NetBIOS - ok
22:44:20.0551 5212	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:44:20.0598 5212	NetBT - ok
22:44:20.0661 5212	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:20.0676 5212	Netlogon - ok
22:44:20.0723 5212	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:44:20.0801 5212	Netman - ok
22:44:20.0863 5212	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:44:20.0926 5212	netprofm - ok
22:44:21.0019 5212	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:21.0035 5212	NetTcpPortSharing - ok
22:44:21.0051 5212	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:21.0066 5212	nfrd960 - ok
22:44:21.0129 5212	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:44:21.0207 5212	NlaSvc - ok
22:44:21.0207 5212	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:44:21.0253 5212	Npfs - ok
22:44:21.0285 5212	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:44:21.0347 5212	nsi - ok
22:44:21.0363 5212	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:44:21.0425 5212	nsiproxy - ok
22:44:21.0519 5212	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:44:21.0597 5212	Ntfs - ok
22:44:21.0815 5212	ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
22:44:21.0831 5212	ntk_PowerDVD - ok
22:44:22.0158 5212	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:44:22.0221 5212	Null - ok
22:44:22.0252 5212	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:44:22.0267 5212	nvraid - ok
22:44:22.0299 5212	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:44:22.0314 5212	nvstor - ok
22:44:22.0361 5212	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:44:22.0377 5212	nv_agp - ok
22:44:22.0392 5212	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:44:22.0423 5212	ohci1394 - ok
22:44:22.0470 5212	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:44:22.0517 5212	p2pimsvc - ok
22:44:22.0564 5212	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:44:22.0595 5212	p2psvc - ok
22:44:22.0626 5212	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:44:22.0657 5212	Parport - ok
22:44:22.0689 5212	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:44:22.0704 5212	partmgr - ok
22:44:22.0735 5212	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:44:22.0767 5212	PcaSvc - ok
22:44:22.0813 5212	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:44:22.0829 5212	pci - ok
22:44:22.0845 5212	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:44:22.0860 5212	pciide - ok
22:44:22.0891 5212	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:22.0923 5212	pcmcia - ok
22:44:22.0923 5212	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:44:22.0938 5212	pcw - ok
22:44:23.0001 5212	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:44:23.0094 5212	PEAUTH - ok
22:44:23.0297 5212	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:44:23.0328 5212	PerfHost - ok
22:44:23.0406 5212	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:44:23.0515 5212	pla - ok
22:44:23.0562 5212	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:44:23.0609 5212	PlugPlay - ok
22:44:23.0640 5212	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:44:23.0687 5212	PNRPAutoReg - ok
22:44:23.0718 5212	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:44:23.0749 5212	PNRPsvc - ok
22:44:23.0796 5212	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:44:23.0859 5212	PolicyAgent - ok
22:44:23.0890 5212	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:44:23.0937 5212	Power - ok
22:44:24.0061 5212	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:44:24.0124 5212	PptpMiniport - ok
22:44:24.0155 5212	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:44:24.0186 5212	Processor - ok
22:44:24.0233 5212	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:44:24.0264 5212	ProfSvc - ok
22:44:24.0295 5212	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:24.0311 5212	ProtectedStorage - ok
22:44:24.0373 5212	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:44:24.0420 5212	Psched - ok
22:44:24.0498 5212	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:44:24.0576 5212	ql2300 - ok
22:44:24.0904 5212	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:24.0935 5212	ql40xx - ok
22:44:24.0966 5212	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:44:24.0997 5212	QWAVE - ok
22:44:25.0013 5212	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:44:25.0044 5212	QWAVEdrv - ok
22:44:25.0044 5212	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:44:25.0107 5212	RasAcd - ok
22:44:25.0153 5212	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:25.0216 5212	RasAgileVpn - ok
22:44:25.0247 5212	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:44:25.0309 5212	RasAuto - ok
22:44:25.0341 5212	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:25.0403 5212	Rasl2tp - ok
22:44:25.0434 5212	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:44:25.0497 5212	RasMan - ok
22:44:25.0528 5212	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:25.0590 5212	RasPppoe - ok
22:44:25.0621 5212	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:44:25.0699 5212	RasSstp - ok
22:44:25.0731 5212	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:44:25.0809 5212	rdbss - ok
22:44:25.0824 5212	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:25.0855 5212	rdpbus - ok
22:44:25.0871 5212	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:25.0918 5212	RDPCDD - ok
22:44:25.0933 5212	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:44:25.0980 5212	RDPENCDD - ok
22:44:25.0996 5212	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:44:26.0043 5212	RDPREFMP - ok
22:44:26.0074 5212	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:44:26.0121 5212	RDPWD - ok
22:44:26.0167 5212	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:44:26.0199 5212	rdyboost - ok
22:44:26.0230 5212	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:44:26.0292 5212	RemoteAccess - ok
22:44:26.0323 5212	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:44:26.0386 5212	RemoteRegistry - ok
22:44:26.0417 5212	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:44:26.0479 5212	RpcEptMapper - ok
22:44:26.0495 5212	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:44:26.0526 5212	RpcLocator - ok
22:44:26.0573 5212	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:44:26.0635 5212	RpcSs - ok
22:44:26.0667 5212	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:44:26.0729 5212	rspndr - ok
22:44:26.0760 5212	RTL8167         (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:44:26.0807 5212	RTL8167 - ok
22:44:26.0838 5212	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:26.0854 5212	SamSs - ok
22:44:26.0901 5212	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:44:26.0916 5212	sbp2port - ok
22:44:26.0947 5212	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:44:27.0010 5212	SCardSvr - ok
22:44:27.0041 5212	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:44:27.0088 5212	scfilter - ok
22:44:27.0166 5212	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:44:27.0244 5212	Schedule - ok
22:44:27.0291 5212	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:44:27.0322 5212	SCPolicySvc - ok
22:44:27.0369 5212	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:44:27.0400 5212	SDRSVC - ok
22:44:27.0509 5212	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:44:27.0571 5212	secdrv - ok
22:44:27.0603 5212	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:44:27.0665 5212	seclogon - ok
22:44:27.0696 5212	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:44:27.0759 5212	SENS - ok
22:44:27.0774 5212	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:44:27.0805 5212	SensrSvc - ok
22:44:27.0821 5212	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:44:27.0837 5212	Serenum - ok
22:44:27.0899 5212	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:44:27.0946 5212	Serial - ok
22:44:27.0977 5212	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:44:28.0008 5212	sermouse - ok
22:44:28.0055 5212	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:44:28.0102 5212	SessionEnv - ok
22:44:28.0117 5212	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:44:28.0149 5212	sffdisk - ok
22:44:28.0164 5212	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:44:28.0180 5212	sffp_mmc - ok
22:44:28.0195 5212	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:44:28.0227 5212	sffp_sd - ok
22:44:28.0258 5212	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:28.0289 5212	sfloppy - ok
22:44:28.0351 5212	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:44:28.0429 5212	SharedAccess - ok
22:44:28.0476 5212	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:44:28.0539 5212	ShellHWDetection - ok
22:44:28.0585 5212	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
22:44:28.0601 5212	SiSGbeLH - ok
22:44:28.0601 5212	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:28.0617 5212	SiSRaid2 - ok
22:44:28.0632 5212	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:28.0679 5212	SiSRaid4 - ok
22:44:28.0695 5212	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:44:28.0741 5212	Smb - ok
22:44:28.0788 5212	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:44:28.0819 5212	SNMPTRAP - ok
22:44:28.0944 5212	SNP2UVC         (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:44:29.0007 5212	SNP2UVC - ok
22:44:29.0350 5212	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:44:29.0365 5212	spldr - ok
22:44:29.0428 5212	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:44:29.0490 5212	Spooler - ok
22:44:29.0662 5212	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:44:29.0818 5212	sppsvc - ok
22:44:30.0114 5212	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:44:30.0161 5212	sppuinotify - ok
22:44:30.0301 5212	SRS_PremiumSound_Service (ac51533c7eeb05aa02b294a60e946238) C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys
22:44:30.0333 5212	SRS_PremiumSound_Service - ok
22:44:30.0411 5212	SRS_VolSync_Service (4f4b88e2fb91aeef0251f627bd7ae322) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
22:44:30.0442 5212	SRS_VolSync_Service - ok
22:44:30.0489 5212	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:44:30.0567 5212	srv - ok
22:44:30.0598 5212	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:44:30.0629 5212	srv2 - ok
22:44:30.0645 5212	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:44:30.0676 5212	srvnet - ok
22:44:30.0738 5212	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:44:30.0801 5212	SSDPSRV - ok
22:44:30.0816 5212	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:44:30.0863 5212	SstpSvc - ok
22:44:30.0910 5212	ssudmdm         (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:44:30.0925 5212	ssudmdm - ok
22:44:30.0941 5212	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:44:30.0957 5212	stexstor - ok
22:44:31.0019 5212	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:44:31.0081 5212	stisvc - ok
22:44:31.0128 5212	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:44:31.0144 5212	swenum - ok
22:44:31.0191 5212	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:44:31.0269 5212	swprv - ok
22:44:31.0362 5212	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:44:31.0456 5212	SysMain - ok
22:44:31.0705 5212	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:44:31.0752 5212	TabletInputService - ok
22:44:31.0783 5212	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:44:31.0846 5212	TapiSrv - ok
22:44:31.0877 5212	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:44:31.0939 5212	TBS - ok
22:44:32.0111 5212	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:44:32.0205 5212	Tcpip - ok
22:44:32.0626 5212	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:44:32.0673 5212	TCPIP6 - ok
22:44:33.0016 5212	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:44:33.0063 5212	tcpipreg - ok
22:44:33.0094 5212	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:44:33.0125 5212	TDPIPE - ok
22:44:33.0156 5212	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:44:33.0172 5212	TDTCP - ok
22:44:33.0203 5212	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:44:33.0250 5212	tdx - ok
22:44:33.0297 5212	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:44:33.0312 5212	TermDD - ok
22:44:33.0343 5212	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:44:33.0421 5212	TermService - ok
22:44:33.0453 5212	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:44:33.0484 5212	Themes - ok
22:44:33.0531 5212	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:44:33.0562 5212	THREADORDER - ok
22:44:33.0593 5212	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:44:33.0655 5212	TrkWks - ok
22:44:33.0718 5212	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:44:33.0796 5212	TrustedInstaller - ok
22:44:33.0827 5212	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:33.0874 5212	tssecsrv - ok
22:44:33.0905 5212	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:44:33.0936 5212	TsUsbFlt - ok
22:44:33.0999 5212	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:44:34.0045 5212	tunnel - ok
22:44:34.0077 5212	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:44:34.0092 5212	uagp35 - ok
22:44:34.0139 5212	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:44:34.0217 5212	udfs - ok
22:44:34.0248 5212	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:44:34.0279 5212	UI0Detect - ok
22:44:34.0326 5212	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:44:34.0342 5212	uliagpkx - ok
22:44:34.0357 5212	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:44:34.0389 5212	umbus - ok
22:44:34.0420 5212	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:44:34.0451 5212	UmPass - ok
22:44:34.0498 5212	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:44:34.0591 5212	upnphost - ok
22:44:34.0607 5212	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:34.0638 5212	usbccgp - ok
22:44:34.0685 5212	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:44:34.0716 5212	usbcir - ok
22:44:34.0747 5212	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:44:34.0779 5212	usbehci - ok
22:44:34.0810 5212	usbfilter       (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys
22:44:34.0810 5212	usbfilter - ok
22:44:34.0857 5212	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:44:34.0903 5212	usbhub - ok
22:44:34.0919 5212	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:44:34.0966 5212	usbohci - ok
22:44:34.0997 5212	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:44:35.0028 5212	usbprint - ok
22:44:35.0059 5212	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:44:35.0091 5212	usbscan - ok
22:44:35.0122 5212	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:35.0153 5212	USBSTOR - ok
22:44:35.0184 5212	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:44:35.0200 5212	usbuhci - ok
22:44:35.0247 5212	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:44:35.0278 5212	usbvideo - ok
22:44:35.0340 5212	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:44:35.0403 5212	UxSms - ok
22:44:35.0434 5212	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:35.0449 5212	VaultSvc - ok
22:44:35.0496 5212	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:44:35.0512 5212	vdrvroot - ok
22:44:35.0574 5212	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:44:35.0637 5212	vds - ok
22:44:35.0683 5212	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:35.0699 5212	vga - ok
22:44:35.0715 5212	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:44:35.0777 5212	VgaSave - ok
22:44:35.0808 5212	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:44:35.0824 5212	vhdmp - ok
22:44:35.0949 5212	VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
22:44:36.0042 5212	VIAHdAudAddService - ok
22:44:36.0073 5212	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:44:36.0089 5212	viaide - ok
22:44:36.0105 5212	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:44:36.0120 5212	volmgr - ok
22:44:36.0167 5212	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:44:36.0198 5212	volmgrx - ok
22:44:36.0214 5212	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:44:36.0245 5212	volsnap - ok
22:44:36.0292 5212	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:36.0307 5212	vsmraid - ok
22:44:36.0401 5212	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:44:36.0510 5212	VSS - ok
22:44:36.0853 5212	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:44:36.0885 5212	vwifibus - ok
22:44:36.0900 5212	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:44:36.0916 5212	vwififlt - ok
22:44:36.0978 5212	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:44:37.0041 5212	W32Time - ok
22:44:37.0056 5212	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:44:37.0087 5212	WacomPen - ok
22:44:37.0119 5212	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:44:37.0165 5212	WANARP - ok
22:44:37.0165 5212	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:44:37.0212 5212	Wanarpv6 - ok
22:44:37.0618 5212	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:44:37.0696 5212	wbengine - ok
22:44:37.0946 5212	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:44:37.0992 5212	WbioSrvc - ok
22:44:38.0024 5212	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:44:38.0070 5212	wcncsvc - ok
22:44:38.0102 5212	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:44:38.0133 5212	WcsPlugInService - ok
22:44:38.0258 5212	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:44:38.0273 5212	Wd - ok
22:44:38.0320 5212	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:44:38.0367 5212	Wdf01000 - ok
22:44:38.0367 5212	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:44:38.0414 5212	WdiServiceHost - ok
22:44:38.0414 5212	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:44:38.0445 5212	WdiSystemHost - ok
22:44:38.0492 5212	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:44:38.0538 5212	WebClient - ok
22:44:38.0585 5212	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:44:38.0648 5212	Wecsvc - ok
22:44:38.0679 5212	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:44:38.0741 5212	wercplsupport - ok
22:44:38.0757 5212	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:44:38.0819 5212	WerSvc - ok
22:44:38.0928 5212	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:38.0975 5212	WfpLwf - ok
22:44:38.0975 5212	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:44:38.0991 5212	WIMMount - ok
22:44:39.0069 5212	WinDefend - ok
22:44:39.0069 5212	WinHttpAutoProxySvc - ok
22:44:39.0225 5212	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:44:39.0287 5212	Winmgmt - ok
22:44:39.0381 5212	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:44:39.0506 5212	WinRM - ok
22:44:39.0864 5212	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:39.0896 5212	WinUsb - ok
22:44:39.0958 5212	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:44:40.0020 5212	Wlansvc - ok
22:44:40.0192 5212	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:44:40.0286 5212	wlidsvc - ok
22:44:40.0676 5212	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:44:40.0691 5212	WmiAcpi - ok
22:44:40.0847 5212	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:44:40.0894 5212	wmiApSrv - ok
22:44:40.0972 5212	WMPNetworkSvc - ok
22:44:41.0003 5212	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:44:41.0034 5212	WPCSvc - ok
22:44:41.0066 5212	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:44:41.0097 5212	WPDBusEnum - ok
22:44:41.0128 5212	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:44:41.0175 5212	ws2ifsl - ok
22:44:41.0206 5212	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:44:41.0253 5212	wscsvc - ok
22:44:41.0253 5212	WSearch - ok
22:44:41.0378 5212	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:44:41.0487 5212	wuauserv - ok
22:44:41.0814 5212	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:44:41.0861 5212	WudfPf - ok
22:44:41.0892 5212	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:41.0939 5212	WUDFRd - ok
22:44:41.0970 5212	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:44:42.0017 5212	wudfsvc - ok
22:44:42.0064 5212	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:44:42.0111 5212	WwanSvc - ok
22:44:42.0345 5212	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
22:44:42.0376 5212	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
22:44:42.0407 5212	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:44:43.0484 5212	\Device\Harddisk0\DR0 - ok
22:44:43.0484 5212	Boot (0x1200)   (367c7cbdd2441f252043f95881c6b7b7) \Device\Harddisk0\DR0\Partition0
22:44:43.0484 5212	\Device\Harddisk0\DR0\Partition0 - ok
22:44:43.0499 5212	Boot (0x1200)   (4f2d9a4a4b41def6978a973084681218) \Device\Harddisk0\DR0\Partition1
22:44:43.0499 5212	\Device\Harddisk0\DR0\Partition1 - ok
22:44:43.0499 5212	============================================================
22:44:43.0499 5212	Scan finished
22:44:43.0499 5212	============================================================
22:44:43.0515 5780	Detected object count: 2
22:44:43.0515 5780	Actual detected object count: 2
22:44:58.0678 5780	ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:58.0678 5780	ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:58.0678 5780	ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:58.0678 5780	ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:46:48.0589 5340	Deinitialize success
         

Alt 17.07.2012, 21:56   #8
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.07.2012, 22:37   #9
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



hier die Liste. Hoffe, die passt so

Code:
ATTFilter
Acrobat.com	Adobe Systems Incorporated				notwendig
Adobe AIR	Adobe Systems Inc.					unbekannt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated		notwendig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	notwendig
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.		notwendig
AMD USB Filter Driver	Advanced Micro Devices, Inc.			notwendig
ASUS CopyProtect							unbekannt
ASUS Data Security Manager						notwendig
ASUS FancyStart	ASUSTeK Computer Inc.					unbekannt
ASUS LifeFrame3	ASUS			notwendig
ASUS Live Update			notwendig
ASUS MultiFrame	ASUS			notwendig
ASUS Power4Gear Hybrid			notwendig
ASUS SmartLogon	ASUS			notwendig
ASUS Splendid Video Enhancement Technology	notwendig
ASUS_Screensaver				unnötig	
Atheros Client Installation Program		unbekannt
ATK Generic Function Service			unbekannt
ATK Hotkey	ASUS				unbekannt
ATK Media	ASUS				unbekannt
ATKOSD2	ASUS					unbekannt
Avira Free Antivirus	Avira			notwendig
Captcha Brotherhood				notwendig
CCleaner	Piriform			notwendig
ControlDeck	ASUS				unbekannt
CyberLink PowerDVD 11	CyberLink Corp.		notwendig
DVDFab 8.1.7.8 (17/04/2012) Qt	Fengtao Software Inc.		notwendig	
ETDWare PS/2-x64 7.0.5.5_WHQL					unbekannt		
Fast Boot	ASUS						unbekannt
FreeRIP v3.2	MGShareware					notwendig
ICQ Toolbar	ICQ						unnötig
ICQ7.5	ICQ							notwendig
Java(TM) 7 Update 5						notwendig
JavaFX 2.1.1	Oracle Corporation				unbekannt
JDownloader 2	AppWork GmbH					notwendig
K-Lite Codec Pack 8.8.0 (Full)					notwendig
LastPass (uninstall only)	LastPass			notwendig		
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation			notwendig
McAfee Security Scan Plus	McAfee, Inc.							unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation				unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation		unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation					unbekannt
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation				notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation				unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation				unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation		unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation		unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation		unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation		unbekannt
Mozilla Firefox 14.0 (x86 de)	Mozilla	        		 notwendig
Mozilla Maintenance Service	Mozilla	    			unbekannt
Mp3tag v2.50	Florian Heidenreich				notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation		unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation		unbekannt
Multimedia Card Reader	 					notwendig
Nero 9	Nero AG	            					notwendig	
Realtek 8136 8168 8169 Ethernet Driver	Realtek	    		notwendig
Samsung Kies	Samsung Electronics Co., Ltd.			notwendig
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.		notwendig
SnagIt 8	TechSmith Corporation						unnötig
SRS Premium Sound	SRS Labs, Inc.						notwendig
USB 2.0 1.3M UVC WebCam								notwendig		
VIA Platform Device Manager	VIA Technologies, Inc.		notwendig
VLC media player 2.0.1	VideoLAN				notwendig
Winamp	Nullsoft, Inc						notwendig
Winamp Anwendungserkennung	Nullsoft, Inc			notwendig
Windows Live Essentials	Microsoft Corporation			unbekannt
WinFlash	ASUS						unbekannt
WinRAR								notwendig	
Wireless Console 3	ASUS					notwendig
Yontoo 1.10.02	Yontoo LLC					unbekannt
         

Alt 19.07.2012, 20:34   #10
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



deinstaliere:
Adobe Flash Player alle
http://get.adobe.com/de/flashplayer/
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ICQ Toolbar
McAfee
SnagIt
Windows Live
Yontoo

öffne CCleaner analysieren starten.
öffne otl, cleanup, pc startet neu, testen wie das system läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.07.2012, 12:17   #11
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



Alles gemacht. Bis jetzt läuft PC gut.
Vielen Dank schonmal für alles. Echt tolled Forum

Werde mich auch mit einer kleinen Spende erkenntlich zeigen

Soll bzw. kann ich noch was machen?

LG! Randy

Alt 25.07.2012, 18:01   #12
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



danke fürs spenden.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 22:07   #13
Sarama
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



Hab einiges schon gemacht. Danke nochmal

Hab Emisoft Programm und nutze Firefox.

LG! Randy

Alt 27.07.2012, 21:31   #14
markusg
/// Malware-holic
 
Bundespolizei Trojaner bei Win 7 64 Bit - Standard

Bundespolizei Trojaner bei Win 7 64 Bit



schon mal chrome angesehen? sicherer und schneller.
emsi konfig:

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das wäre es, hoffe es war verständlich.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Bundespolizei Trojaner bei Win 7 64 Bit
antivir, autorun, avira, bho, desktop, device driver, error, fehler, firefox, flash player, gfnexsrv.exe, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, logfile, mozilla, mp3, msiinstaller, netzwerk, plug-in, realtek, registry, richtlinie, scan, searchscopes, security, software, svchost.exe, tarma, trojaner, usb, usb 2.0, vdeck.exe, virus, win 7 64 bit, yontoo



Ähnliche Themen: Bundespolizei Trojaner bei Win 7 64 Bit


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema Bundespolizei Trojaner bei Win 7 64 Bit - Hallo. Habe den Virus leider auch wie viel hier. Er kommt aber immer nur bei bestehender Internetverbindung. sobald ich den Router deaktiviere, kann ich ganz normal auf alles auf den - Bundespolizei Trojaner bei Win 7 64 Bit...
Archiv
Du betrachtest: Bundespolizei Trojaner bei Win 7 64 Bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.