Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.09.2012, 21:55   #1
mr.horsepowe
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



Hallo an alle!

Ich habe mich soeben neu registriert, da ich vor einer Stunde diesen Polizei Virus mit Österreich Ausprägung auf meinen Vista Laptop bekommen habe.

Nun habe ich mir dieses Malwarebytes runtergeladen und mache gerade einen Quick Scan. Ich werde die Protokoll Datei dann posten.

Ich hoffe, ihr könnt mir helfen, diesen Virus zu beseitigen, da es mein erster ist und ich nun etwas unbeholfen bin...

Ich kenne mich mit PCs auch nicht soo toll aus, von daher bitte ich um Hilfe für sogenannte Newbies...

Danke euch vielmals!
Schöne Grüße...

Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.14.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
home :: HOME-PC [Administrator]

Schutz: Aktiviert

14.09.2012 22:46:21
mbam-log-2012-09-14 (22-46-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190069
Laufzeit: 15 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\home\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

----------------------------------------------

Das ist das Protokoll. Was muss ich nun weiter tun, um den Virus endgültig zu löschen??

Danke euch im Voraus!!

Alt 15.09.2012, 17:47   #2
markusg
/// Malware-holic
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 16.09.2012, 11:22   #3
mr.horsepowe
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



Danke dir für die schnelle Hilfe. Anbei sind die beiden Dateien:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2012 11:47:55 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,85% Memory free
6,18 Gb Paging File | 4,60 Gb Available in Paging File | 74,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 4,41 Gb Free Space | 3,79% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 65,25 Gb Free Space | 61,16% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 11:45:37 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.07.03 19:21:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.16 21:47:22 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.10.12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010.02.25 10:46:47 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.06.22 16:21:58 | 000,304,592 | ---- | M] () -- C:\Program Files\XSManager\WTGService.exe
PRC - [2009.06.17 12:28:46 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.28 23:48:18 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008.11.27 04:54:00 | 000,211,512 | ---- | M] (ATK) -- C:\Program files\P4G\BatteryLife.exe
PRC - [2008.08.09 06:00:40 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.06.24 05:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.18 07:10:34 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe
PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.04.01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.01.03 23:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009.03.28 23:48:18 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008.10.31 00:37:04 | 000,015,360 | ---- | M] () -- C:\Program files\P4G\OvrClk.dll
MOD - [2008.08.21 00:49:56 | 000,016,384 | ---- | M] () -- C:\Program files\P4G\DevMng.dll
MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 20:25:08 | 000,289,336 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2007.03.10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.03 18:19:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.03 19:21:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.16 21:47:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.25 10:46:47 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2009.08.25 20:08:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.22 16:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009.03.29 00:00:41 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.12.10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.03 19:21:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 19:21:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.07.14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.31 17:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.06.25 00:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.06.09 10:45:07 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.04.06 03:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.12 19:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007.01.24 05:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.13 11:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.28 15:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.28 15:22:48 | 000,000,000 | ---D | M]
 
[2009.07.13 22:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2012.04.15 14:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\kfghossn.default\extensions
[2012.04.15 14:42:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\kfghossn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.10 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.01.19 15:02:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.10.12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010.10.12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010.10.12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010.10.12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.05.23 21:22:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010.10.12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76EEA7A1-534C-4D2F-ADD8-184C161AB0FD}: DhcpNameServer = 192.168.0.2 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B999FCE5-B9AA-4C28-A085-C6CF623FD341}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\home\Pictures\mustangred1.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\mustangred1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{351778b7-82a9-11de-b514-00248cc4063a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4a57edda-cbcd-11de-8b20-00248cc4063a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4a57eddd-cbcd-11de-8b20-00248cc4063a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a57eddd-cbcd-11de-8b20-00248cc4063a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6eb9020f-d417-11e1-98e5-00248cc4063a}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{6eb9022d-d417-11e1-98e5-00248cc4063a}\Shell\AutoRun\command - "" = G:\urDrive.exe
O33 - MountPoints2\{800503bd-d868-11de-879f-00248cc4063a}\Shell - "" = AutoRun
O33 - MountPoints2\{800503bd-d868-11de-879f-00248cc4063a}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.16 11:45:34 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2012.09.14 22:34:29 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2012.09.14 22:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.14 22:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.14 22:34:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.14 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.14 22:33:12 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\home\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.13 20:57:08 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Temp1_wirelesskeyview.zip
[2012.09.02 15:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\segeln kroatien 2012
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 11:45:37 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2012.09.16 11:43:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.16 11:43:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 11:43:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.16 11:43:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.16 11:37:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 11:37:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 11:37:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 11:37:04 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 08:56:03 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2012.09.14 23:50:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.09.14 23:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.14 22:34:08 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 22:08:54 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\home\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.14 21:56:27 | 001,189,189 | ---- | M] () -- C:\Users\home\Desktop\0tbpw.pad
[2012.09.13 21:10:37 | 000,307,135 | ---- | M] () -- C:\Users\home\Desktop\WLAN Passwort vergessen_ – So kann man das WLAN Kennwort auslesen! – Anleitung › Wissen › ITler.NET - Der Blog für ITler und Sy.pdf
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.03 17:20:19 | 001,731,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.16 11:37:04 | 3212,042,240 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.16 11:37:04 | 3212,042,240 | -HS- | C] () -- \hiberfil.sys
[2012.09.14 22:34:08 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 21:46:57 | 001,189,189 | ---- | C] () -- C:\Users\home\Desktop\0tbpw.pad
[2012.09.13 21:10:33 | 000,307,135 | ---- | C] () -- C:\Users\home\Desktop\WLAN Passwort vergessen_ – So kann man das WLAN Kennwort auslesen! – Anleitung › Wissen › ITler.NET - Der Blog für ITler und Sy.pdf
[2011.04.24 16:15:48 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2010.03.15 21:27:33 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010.03.15 21:27:33 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.07.15 20:24:14 | 000,076,288 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.14 04:23:17 | 000,000,027 | ---- | C] () -- \Driver.20
[2008.12.09 08:37:37 | 001,048,576 | RH-- | C] () -- \X58LE.BIN
[2008.11.06 05:14:01 | 000,000,022 | ---- | C] () -- \RECOVERY.DAT
[2008.04.16 11:45:26 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.04.16 11:45:24 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== LOP Check ==========
 
[2012.09.16 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox
[2010.05.31 20:22:28 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Facebook
[2010.02.13 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FileZilla
[2010.12.28 12:34:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\GetRightToGo
[2012.02.28 17:09:36 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ICAClient
[2012.02.28 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Juniper Networks
[2010.12.28 23:50:14 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\KompoZer
[2010.02.02 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Netviewer
[2009.07.22 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Nokia
[2010.02.12 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Nvu
[2010.01.17 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\OpenOffice.org
[2009.07.22 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PC Suite
[2011.08.09 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PTV AG
[2010.01.28 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\XSManager
[2012.09.14 23:54:41 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.07.13 21:11:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.02.25 17:44:29 | 000,000,000 | ---D | M] -- C:\ADCD
[2009.03.29 00:07:22 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2009.03.29 00:18:17 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2010.02.02 21:33:47 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.13 21:03:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.15 21:27:44 | 000,000,000 | ---D | M] -- C:\DTE
[2009.03.28 23:14:06 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.14 22:33:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.14 22:34:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.09.16 11:50:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.03.29 00:18:52 | 000,000,000 | ---D | M] -- C:\temp
[2009.07.13 21:08:41 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.14 23:56:00 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 02:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 02:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:34:35 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2012.09.16 11:48:08 | 002,359,296 | -HS- | M] () -- C:\Users\home\NTUSER.DAT
[2012.09.16 11:48:08 | 000,262,144 | -H-- | M] () -- C:\Users\home\ntuser.dat.LOG1
[2009.07.13 21:08:42 | 000,000,000 | -H-- | M] () -- C:\Users\home\ntuser.dat.LOG2
[2012.09.15 08:59:41 | 000,065,536 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2012.09.15 08:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009.07.13 21:17:17 | 000,524,288 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2009.07.13 21:08:42 | 000,000,020 | -HS- | M] () -- C:\Users\home\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3790b2.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3789b2.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3788b2.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3787b2.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\aoe-paris.avi:TOC.WMV

< End of report >
         
--- --- ---


-----------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2012 11:47:55 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,85% Memory free
6,18 Gb Paging File | 4,60 Gb Available in Paging File | 74,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 4,41 Gb Free Space | 3,79% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 65,25 Gb Free Space | 61,16% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E91CB86-9D13-4AF4-B9D8-DF6550A6607A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6DD42531-B454-450C-9200-F5606DD0C7DC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75388F5B-445D-4078-A20D-47B9A2689972}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AC601189-1B46-4BB9-9B45-71B3F4684627}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B64BFDBF-0E4A-4C26-AAA9-173A6F11756D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CF5B09EF-153C-46B7-BF20-C3D07527283F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DBA13DBC-3BA6-4DAE-8FA4-1C570AD223C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7893999-D993-4CFA-8C7C-F88ADB4739E0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F697B65B-2E55-4C1D-B9B7-018930A7492A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041E37FE-9B68-4E59-8769-3F1450E0847C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{13413C01-F77A-486E-A7A1-2E0D5F2FCF95}" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe | 
"{20DD9629-D1C8-47D8-97D9-9EA4F5294884}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A72D4DC-D665-4547-95D6-1FD78B418B6E}" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe | 
"{348437F3-4F6F-41B4-92E5-A43C25EFA801}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{41F114FE-5C0B-44F0-82BC-84AC5B602BEA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{45E056EF-9102-4F7F-B2D0-443AE564E175}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56F4C305-4959-4115-B443-98E560445320}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CB542D1-615F-45A6-BDB5-7DDA5B9C5970}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5EEA97E5-CAE7-4823-9244-6EB1516F055E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{61A3A5BB-5DE4-44F7-A993-59E93F8D4540}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{64D574D0-132F-4788-976B-27E0A34F3DA7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{66ECC23E-EB82-442F-B50E-BE2AE5F36AAA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{6C8D0B84-9392-4B10-ACD1-2A294E9B7730}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{70471E75-B2D6-4349-8CFF-F77263C72663}" = protocol=6 | dir=out | app=system | 
"{70965A17-CA83-4A77-962A-2A93D786E675}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{839A6FD9-F670-4916-9FC1-E35CEE77A42E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B413482-3EDD-4CEB-92B1-89F58DFE55F2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{ACC0CFBA-4F25-4BE5-BA60-4087C45F34C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADAFA64A-5B06-4EF4-98CA-3C9605DB40D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA2EC03B-EF52-470E-AD13-B13DE811092F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC8EB30F-B632-4FE0-A2C2-87BBF481A8C6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{BF3F3126-38B8-44FB-83D6-6058303E219F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB76DA26-7BE7-451F-BE7A-2B5CF065F597}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E044ADDF-472E-461C-899C-0395D147D3DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E39659FA-A6DF-4937-9F77-A4D0A5BA9686}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{F9F5BE2F-356F-4A56-8D49-7B4B01EF3987}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"TCP Query User{6E156F88-AFED-42C1-B674-ED30F54698FD}C:\program files\netviewer\support\nv_support_berater_de_free.exe" = protocol=6 | dir=in | app=c:\program files\netviewer\support\nv_support_berater_de_free.exe | 
"TCP Query User{74F0B867-B4E4-4A57-92DE-40B48F456FCF}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{93CA46AA-2A67-40FB-AB52-ED24F43E475F}C:\users\home\desktop\nv_support_berater_de_free.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\nv_support_berater_de_free.exe | 
"TCP Query User{C72C9392-A3FE-4486-9493-4982A9423C34}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{30D896BB-A5C3-4351-929F-B345E9F7639E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A0E3C7E5-8279-4D6B-A1CC-CDB7923D8A82}C:\program files\netviewer\support\nv_support_berater_de_free.exe" = protocol=17 | dir=in | app=c:\program files\netviewer\support\nv_support_berater_de_free.exe | 
"UDP Query User{BACD9C0E-B7F1-4216-AB23-1CD7D634BBDB}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E4F24948-A74A-4061-B0B9-F8F94660EC05}C:\users\home\desktop\nv_support_berater_de_free.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\nv_support_berater_de_free.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62CF8923-31DC-4285-A23C-17CE5AA6A679}" = Express Gate
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8231E7FB-EF2F-4866-95B3-C3C54A910033}" = Netviewer Meet
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10033}" = Netviewer Support
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem  (10/12/2007 3.6)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DTE" = DTE
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.4 by MixMeister
"FileZilla Client" = FileZilla Client 3.3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KompoZer_is1" = KompoZer 0.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Nvu_is1" = Nvu 1.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TVWiz" = Intel(R) TV Wizard
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.0
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 08:14:04 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:14:06 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:14:07 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:14:21 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:22:59 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:22:59 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:23:08 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:23:10 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:23:11 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.07.2012 08:23:28 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 15.09.2012 02:55:11 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.09.2012 02:55:20 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.09.2012 02:55:55 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.09.2012 02:55:59 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.09.2012 02:56:00 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.09.2012 05:42:40 | Computer Name = home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 17.09.2012, 17:08   #4
markusg
/// Malware-holic
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.09.2012, 22:32   #5
mr.horsepowe
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-16.01 - home 17.09.2012  22:45:32.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.43.1031.18.3062.1848 [GMT 2:00]
ausgeführt von:: c:\users\home\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\system32\OLEAUT32.1
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-17 bis 2012-09-17  ))))))))))))))))))))))))))))))
.
.
2012-09-17 21:07 . 2012-09-17 21:08	--------	d-----w-	c:\users\home\AppData\Local\temp
2012-09-17 21:07 . 2012-09-17 21:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-14 20:34 . 2012-09-14 20:34	--------	d-----w-	c:\users\home\AppData\Roaming\Malwarebytes
2012-09-14 20:34 . 2012-09-14 20:34	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-14 20:34 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-14 20:33 . 2012-09-14 20:34	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-14 18:52 . 2012-08-27 23:50	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA8418F9-94A2-4060-B4AE-A273451E50ED}\mpengine.dll
2012-09-03 15:07 . 2012-07-04 14:02	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-09-02 14:09 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 21:50 . 2009-03-28 22:07	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-09-03 16:19 . 2012-06-19 12:56	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-03 16:19 . 2011-05-23 19:17	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 11:55 . 2012-07-26 11:55	161792	----a-w-	c:\windows\system32\msls31.dll
2012-07-26 11:55 . 2012-07-26 11:55	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-07-26 11:55 . 2012-07-26 11:55	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-07-26 11:55 . 2012-07-26 11:55	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-07-26 11:55 . 2012-07-26 11:55	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-07-26 11:55 . 2012-07-26 11:55	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-07-26 11:55 . 2012-07-26 11:55	367104	----a-w-	c:\windows\system32\html.iec
2012-07-26 11:55 . 2012-07-26 11:55	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-07-26 11:55 . 2012-07-26 11:55	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-07-26 11:55 . 2012-07-26 11:55	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-26 11:55 . 2012-07-26 11:55	152064	----a-w-	c:\windows\system32\wextract.exe
2012-07-26 11:55 . 2012-07-26 11:55	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-07-26 11:55 . 2012-07-26 11:55	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-07-26 11:55 . 2012-07-26 11:55	11776	----a-w-	c:\windows\system32\mshta.exe
2012-07-26 11:55 . 2012-07-26 11:55	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-07-26 11:55 . 2012-07-26 11:55	101888	----a-w-	c:\windows\system32\admparse.dll
2012-07-26 11:54 . 2012-07-26 11:54	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2012-07-26 11:54 . 2012-07-26 11:54	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2012-07-26 11:54 . 2012-07-26 11:54	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2012-07-26 11:54 . 2012-07-26 11:54	2873344	----a-w-	c:\windows\system32\mf.dll
2012-07-26 11:54 . 2012-07-26 11:54	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2012-07-26 11:54 . 2012-07-26 11:54	98816	----a-w-	c:\windows\system32\mfps.dll
2012-07-26 11:54 . 2012-07-26 11:54	586240	----a-w-	c:\windows\system32\stobject.dll
2012-07-26 11:54 . 2012-07-26 11:54	209920	----a-w-	c:\windows\system32\mfplat.dll
2012-07-26 11:54 . 2012-07-26 11:54	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2012-07-26 11:54 . 2012-07-26 11:54	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2012-07-26 11:53 . 2012-07-26 11:53	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2012-07-26 11:53 . 2012-07-26 11:53	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-07-26 11:53 . 2012-07-26 11:53	478720	----a-w-	c:\windows\system32\dxgi.dll
2012-07-26 11:53 . 2012-07-26 11:53	37376	----a-w-	c:\windows\system32\cdd.dll
2012-07-26 11:53 . 2012-07-26 11:53	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2012-07-26 11:53 . 2012-07-26 11:53	258048	----a-w-	c:\windows\system32\winspool.drv
2012-07-26 11:53 . 2012-07-26 11:53	189952	----a-w-	c:\windows\system32\d3d10core.dll
2012-07-26 11:53 . 2012-07-26 11:53	1029120	----a-w-	c:\windows\system32\d3d10.dll
2012-07-26 11:53 . 2012-07-26 11:53	847360	----a-w-	c:\windows\system32\OpcServices.dll
2012-07-26 11:53 . 2012-07-26 11:53	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2010-10-12 15:33 . 2010-10-12 15:33	124344	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 17:15 . 2010-10-12 17:15	13240	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 15:37 . 2010-10-12 15:37	70592	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 15:35 . 2010-10-12 15:35	91576	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 15:34 . 2010-10-12 15:34	22464	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 15:32 . 2010-10-12 15:32	255416	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 15:35 . 2010-10-12 15:35	31672	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 15:34 . 2010-10-12 15:34	40384	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 11:42 . 2010-07-14 11:42	898480	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 15:37 . 2010-10-12 15:37	24000	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-01-19 13:02 . 2011-10-02 18:13	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2009-03-28 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-28 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 1029416]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"starter4g"="c:\windows\starter4g.exe" [2009-06-17 157968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-23 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-3-28 12862]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11	210216	----a-w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 17:09	87336	------w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 16:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\kfghossn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-17 23:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(740)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Zeit der Fertigstellung: 2012-09-17  23:17:20
ComboFix-quarantined-files.txt  2012-09-17 21:17
.
Vor Suchlauf: 4.924.305.408 Bytes frei
Nach Suchlauf: 5.221.171.200 Bytes frei
.
- - End Of File - - 1A1201CA8EC087DE648A05C78F8C7980
         
--- --- ---


Ich hoffe, es stimmt so, wie ich vorgegangen bin und die Datei ist hilfreich?!

Danke, LG


Alt 18.09.2012, 18:47   #6
markusg
/// Malware-holic
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop

Alt 18.09.2012, 21:14   #7
mr.horsepowe
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



Hallo

Anbei sende ich dieses TDSSKiller Logfile:

22:07:19.0549 5864 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:07:19.0640 5864 ============================================================
22:07:19.0640 5864 Current date / time: 2012/09/18 22:07:19.0640
22:07:19.0640 5864 SystemInfo:
22:07:19.0640 5864
22:07:19.0640 5864 OS Version: 6.0.6002 ServicePack: 2.0
22:07:19.0640 5864 Product type: Workstation
22:07:19.0640 5864 ComputerName: HOME-PC
22:07:19.0641 5864 UserName: home
22:07:19.0641 5864 Windows directory: C:\Windows
22:07:19.0641 5864 System windows directory: C:\Windows
22:07:19.0641 5864 Processor architecture: Intel x86
22:07:19.0641 5864 Number of processors: 2
22:07:19.0641 5864 Page size: 0x1000
22:07:19.0641 5864 Boot type: Normal boot
22:07:19.0641 5864 ============================================================
22:07:20.0523 5864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:07:20.0526 5864 ============================================================
22:07:20.0526 5864 \Device\Harddisk0\DR0:
22:07:20.0527 5864 MBR partitions:
22:07:20.0527 5864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xE8E2800
22:07:20.0558 5864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFC6B800, BlocksNum 0xD559800
22:07:20.0558 5864 ============================================================
22:07:20.0847 5864 C: <-> \Device\Harddisk0\DR0\Partition1
22:07:21.0015 5864 D: <-> \Device\Harddisk0\DR0\Partition2
22:07:21.0016 5864 ============================================================
22:07:21.0016 5864 Initialize success
22:07:21.0016 5864 ============================================================
22:07:48.0109 3428 ============================================================
22:07:48.0109 3428 Scan started
22:07:48.0109 3428 Mode: Manual; SigCheck; TDLFS;
22:07:48.0109 3428 ============================================================
22:07:48.0854 3428 ================ Scan system memory ========================
22:07:48.0854 3428 System memory - ok
22:07:48.0855 3428 ================ Scan services =============================
22:07:49.0504 3428 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:07:49.0645 3428 ACPI - ok
22:07:50.0016 3428 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:07:50.0031 3428 AdobeFlashPlayerUpdateSvc - ok
22:07:50.0256 3428 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:07:50.0486 3428 adp94xx - ok
22:07:50.0584 3428 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:07:50.0661 3428 adpahci - ok
22:07:50.0850 3428 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:07:50.0866 3428 adpu160m - ok
22:07:50.0922 3428 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:07:50.0939 3428 adpu320 - ok
22:07:51.0140 3428 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
22:07:51.0234 3428 ADSMService ( UnsignedFile.Multi.Generic ) - warning
22:07:51.0234 3428 ADSMService - detected UnsignedFile.Multi.Generic (1)
22:07:51.0274 3428 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:07:51.0455 3428 AeLookupSvc - ok
22:07:51.0590 3428 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:07:51.0639 3428 AFD - ok
22:07:51.0707 3428 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:07:51.0723 3428 agp440 - ok
22:07:51.0818 3428 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:07:51.0863 3428 aic78xx - ok
22:07:51.0913 3428 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:07:52.0077 3428 ALG - ok
22:07:52.0152 3428 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:07:52.0168 3428 aliide - ok
22:07:52.0237 3428 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:07:52.0267 3428 amdagp - ok
22:07:52.0303 3428 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:07:52.0324 3428 amdide - ok
22:07:52.0389 3428 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:07:52.0435 3428 AmdK7 - ok
22:07:52.0465 3428 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:07:52.0538 3428 AmdK8 - ok
22:07:52.0623 3428 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:07:52.0671 3428 AntiVirSchedulerService - ok
22:07:52.0698 3428 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:07:52.0712 3428 AntiVirService - ok
22:07:52.0770 3428 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:07:53.0321 3428 Appinfo - ok
22:07:53.0560 3428 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:07:53.0665 3428 Apple Mobile Device - ok
22:07:53.0763 3428 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:07:53.0782 3428 arc - ok
22:07:53.0836 3428 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:07:53.0859 3428 arcsas - ok
22:07:53.0925 3428 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
22:07:53.0947 3428 AsDsm - ok
22:07:54.0032 3428 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
22:07:54.0094 3428 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
22:07:54.0094 3428 ASLDRService - detected UnsignedFile.Multi.Generic (1)
22:07:54.0183 3428 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
22:07:54.0192 3428 ASMMAP - ok
22:07:54.0292 3428 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:07:54.0372 3428 AsyncMac - ok
22:07:54.0414 3428 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:07:54.0431 3428 atapi - ok
22:07:54.0753 3428 [ 4DF523F49694B2884F8E5D870BF3E253 ] athr C:\Windows\system32\DRIVERS\athr.sys
22:07:54.0960 3428 athr - ok
22:07:55.0017 3428 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
22:07:55.0058 3428 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
22:07:55.0058 3428 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
22:07:55.0221 3428 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:07:55.0303 3428 AudioEndpointBuilder - ok
22:07:55.0353 3428 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:07:55.0381 3428 Audiosrv - ok
22:07:55.0504 3428 [ 76B04173A13A045523FD10DB483E2B25 ] Autodata Limited License Service C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
22:07:55.0560 3428 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - warning
22:07:55.0560 3428 Autodata Limited License Service - detected UnsignedFile.Multi.Generic (1)
22:07:55.0600 3428 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:07:55.0611 3428 avgio - ok
22:07:55.0647 3428 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:07:55.0661 3428 avgntflt - ok
22:07:55.0685 3428 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:07:55.0699 3428 avipbb - ok
22:07:55.0808 3428 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:07:55.0882 3428 Beep - ok
22:07:55.0979 3428 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:07:56.0101 3428 BFE - ok
22:07:56.0322 3428 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
22:07:56.0518 3428 BITS - ok
22:07:56.0581 3428 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:07:56.0634 3428 blbdrive - ok
22:07:56.0800 3428 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:07:56.0937 3428 Bonjour Service - ok
22:07:57.0047 3428 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:07:57.0114 3428 bowser - ok
22:07:57.0166 3428 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:07:57.0213 3428 BrFiltLo - ok
22:07:57.0238 3428 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:07:57.0328 3428 BrFiltUp - ok
22:07:57.0383 3428 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:07:57.0510 3428 Browser - ok
22:07:57.0571 3428 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:07:57.0779 3428 Brserid - ok
22:07:57.0851 3428 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:07:57.0953 3428 BrSerWdm - ok
22:07:57.0984 3428 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:07:58.0055 3428 BrUsbMdm - ok
22:07:58.0105 3428 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:07:58.0150 3428 BrUsbSer - ok
22:07:58.0188 3428 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:07:58.0257 3428 BTHMODEM - ok
22:07:58.0366 3428 catchme - ok
22:07:58.0393 3428 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:07:58.0521 3428 cdfs - ok
22:07:58.0587 3428 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:07:58.0636 3428 cdrom - ok
22:07:58.0700 3428 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:07:58.0755 3428 CertPropSvc - ok
22:07:58.0784 3428 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:07:58.0826 3428 circlass - ok
22:07:58.0951 3428 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:07:59.0015 3428 CLFS - ok
22:07:59.0646 3428 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:59.0810 3428 clr_optimization_v2.0.50727_32 - ok
22:07:59.0947 3428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:00.0095 3428 clr_optimization_v4.0.30319_32 - ok
22:08:00.0161 3428 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:08:00.0216 3428 CmBatt - ok
22:08:00.0254 3428 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:08:00.0276 3428 cmdide - ok
22:08:00.0395 3428 [ 675D67423980FC1784B93AA47D350A31 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
22:08:00.0463 3428 cmnsusbser - ok
22:08:00.0479 3428 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:08:00.0501 3428 Compbatt - ok
22:08:00.0508 3428 COMSysApp - ok
22:08:00.0559 3428 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:08:00.0580 3428 crcdisk - ok
22:08:00.0650 3428 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:08:00.0713 3428 Crusoe - ok
22:08:00.0814 3428 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:08:00.0877 3428 CryptSvc - ok
22:08:00.0969 3428 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
22:08:00.0981 3428 ctxusbm - ok
22:08:01.0059 3428 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:08:01.0262 3428 DcomLaunch - ok
22:08:01.0345 3428 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:08:01.0457 3428 DfsC - ok
22:08:01.0857 3428 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:08:02.0074 3428 DFSR - ok
22:08:02.0176 3428 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:08:02.0290 3428 Dhcp - ok
22:08:02.0351 3428 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:08:02.0375 3428 disk - ok
22:08:02.0513 3428 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:08:02.0641 3428 Dnscache - ok
22:08:02.0707 3428 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:08:02.0775 3428 dot3svc - ok
22:08:02.0820 3428 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:08:02.0902 3428 DPS - ok
22:08:02.0950 3428 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:08:02.0995 3428 drmkaud - ok
22:08:03.0155 3428 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:08:03.0197 3428 DXGKrnl - ok
22:08:03.0263 3428 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:08:03.0401 3428 E1G60 - ok
22:08:03.0462 3428 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:08:03.0529 3428 EapHost - ok
22:08:03.0584 3428 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:08:03.0603 3428 Ecache - ok
22:08:03.0680 3428 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:08:03.0710 3428 elxstor - ok
22:08:03.0806 3428 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:08:03.0925 3428 EMDMgmt - ok
22:08:03.0958 3428 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:08:03.0984 3428 ErrDev - ok
22:08:04.0077 3428 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:08:04.0187 3428 EventSystem - ok
22:08:04.0258 3428 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:08:04.0425 3428 exfat - ok
22:08:04.0492 3428 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:08:04.0594 3428 fastfat - ok
22:08:04.0653 3428 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:08:04.0721 3428 fdc - ok
22:08:04.0766 3428 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:08:04.0812 3428 fdPHost - ok
22:08:04.0831 3428 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:08:04.0923 3428 FDResPub - ok
22:08:04.0949 3428 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:08:04.0964 3428 FileInfo - ok
22:08:05.0029 3428 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:08:05.0092 3428 Filetrace - ok
22:08:05.0188 3428 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:08:05.0229 3428 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:08:05.0229 3428 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:08:05.0270 3428 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:08:05.0360 3428 flpydisk - ok
22:08:05.0418 3428 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:08:05.0441 3428 FltMgr - ok
22:08:05.0609 3428 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:08:05.0800 3428 FontCache - ok
22:08:05.0880 3428 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:08:05.0892 3428 FontCache3.0.0.0 - ok
22:08:05.0971 3428 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:08:06.0016 3428 Fs_Rec - ok
22:08:06.0092 3428 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:08:06.0111 3428 gagp30kx - ok
22:08:06.0172 3428 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:08:06.0187 3428 GEARAspiWDM - ok
22:08:06.0328 3428 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:08:06.0481 3428 gpsvc - ok
22:08:06.0574 3428 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:08:06.0664 3428 HdAudAddService - ok
22:08:06.0792 3428 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:08:06.0918 3428 HDAudBus - ok
22:08:06.0952 3428 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:08:07.0060 3428 HidBth - ok
22:08:07.0090 3428 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:08:07.0151 3428 HidIr - ok
22:08:07.0209 3428 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
22:08:07.0328 3428 hidserv - ok
22:08:07.0377 3428 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:08:07.0425 3428 HidUsb - ok
22:08:07.0477 3428 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:08:07.0595 3428 hkmsvc - ok
22:08:07.0669 3428 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:08:07.0688 3428 HpCISSs - ok
22:08:07.0861 3428 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:08:07.0956 3428 HTTP - ok
22:08:08.0013 3428 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:08:08.0028 3428 i2omp - ok
22:08:08.0086 3428 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:08:08.0135 3428 i8042prt - ok
22:08:08.0185 3428 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:08:08.0201 3428 iaStor - ok
22:08:08.0396 3428 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:08:08.0420 3428 iaStorV - ok
22:08:08.0591 3428 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:08:09.0047 3428 idsvc - ok
22:08:09.0698 3428 [ E58042A15DFDF2962B4C26F5C8B4C871 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:08:10.0014 3428 igfx - ok
22:08:10.0098 3428 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:08:10.0115 3428 iirsp - ok
22:08:10.0248 3428 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:08:10.0439 3428 IKEEXT - ok
22:08:10.0674 3428 [ 3C1C6F24E968EE92928AB908F35FE05E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:08:10.0979 3428 IntcAzAudAddService - ok
22:08:11.0080 3428 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
22:08:11.0102 3428 intelide - ok
22:08:11.0202 3428 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:08:11.0229 3428 intelppm - ok
22:08:11.0310 3428 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:08:11.0364 3428 IPBusEnum - ok
22:08:11.0400 3428 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:11.0457 3428 IpFilterDriver - ok
22:08:11.0594 3428 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:08:11.0710 3428 iphlpsvc - ok
22:08:11.0716 3428 IpInIp - ok
22:08:11.0756 3428 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:08:11.0825 3428 IPMIDRV - ok
22:08:11.0901 3428 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:08:11.0942 3428 IPNAT - ok
22:08:12.0074 3428 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:08:12.0199 3428 iPod Service - ok
22:08:12.0236 3428 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:08:12.0291 3428 IRENUM - ok
22:08:12.0395 3428 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:08:12.0415 3428 isapnp - ok
22:08:12.0578 3428 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:08:12.0597 3428 iScsiPrt - ok
22:08:12.0634 3428 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:08:12.0652 3428 iteatapi - ok
22:08:12.0678 3428 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:08:12.0695 3428 iteraid - ok
22:08:12.0745 3428 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:12.0760 3428 kbdclass - ok
22:08:12.0838 3428 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:12.0964 3428 kbdhid - ok
22:08:13.0003 3428 [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
22:08:13.0115 3428 kbfiltr - ok
22:08:13.0166 3428 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:08:13.0274 3428 KeyIso - ok
22:08:13.0330 3428 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:08:13.0399 3428 KSecDD - ok
22:08:13.0481 3428 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:08:13.0670 3428 KtmRm - ok
22:08:13.0717 3428 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
22:08:13.0831 3428 LanmanServer - ok
22:08:13.0864 3428 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:08:14.0064 3428 LanmanWorkstation - ok
22:08:14.0161 3428 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:08:14.0169 3428 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:08:14.0169 3428 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:08:14.0228 3428 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:08:14.0281 3428 lltdio - ok
22:08:14.0379 3428 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:08:14.0516 3428 lltdsvc - ok
22:08:14.0547 3428 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:08:14.0651 3428 lmhosts - ok
22:08:14.0721 3428 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:08:14.0737 3428 LSI_FC - ok
22:08:14.0841 3428 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:08:14.0857 3428 LSI_SAS - ok
22:08:14.0959 3428 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:08:14.0979 3428 LSI_SCSI - ok
22:08:15.0005 3428 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:08:15.0113 3428 luafv - ok
22:08:15.0193 3428 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:08:15.0210 3428 MBAMProtector - ok
22:08:15.0437 3428 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:08:15.0511 3428 MBAMScheduler - ok
22:08:15.0846 3428 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:08:16.0101 3428 MBAMService - ok
22:08:16.0173 3428 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:08:16.0191 3428 megasas - ok
22:08:16.0261 3428 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:08:16.0367 3428 MegaSR - ok
22:08:16.0422 3428 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:08:16.0559 3428 MMCSS - ok
22:08:16.0601 3428 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:08:16.0650 3428 Modem - ok
22:08:16.0679 3428 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:08:16.0750 3428 monitor - ok
22:08:16.0782 3428 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:08:16.0798 3428 mouclass - ok
22:08:16.0821 3428 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:08:16.0897 3428 mouhid - ok
22:08:16.0927 3428 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:08:16.0943 3428 MountMgr - ok
22:08:16.0991 3428 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:08:17.0007 3428 mpio - ok
22:08:17.0032 3428 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:08:17.0111 3428 mpsdrv - ok
22:08:17.0307 3428 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:08:17.0427 3428 MpsSvc - ok
22:08:17.0488 3428 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:08:17.0502 3428 Mraid35x - ok
22:08:17.0560 3428 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:08:17.0604 3428 MRxDAV - ok
22:08:17.0713 3428 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:08:17.0781 3428 mrxsmb - ok
22:08:17.0809 3428 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:08:17.0876 3428 mrxsmb10 - ok
22:08:17.0906 3428 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:08:17.0974 3428 mrxsmb20 - ok
22:08:18.0021 3428 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
22:08:18.0035 3428 msahci - ok
22:08:18.0077 3428 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:08:18.0093 3428 msdsm - ok
22:08:18.0197 3428 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:08:18.0320 3428 MSDTC - ok
22:08:18.0389 3428 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:08:18.0436 3428 Msfs - ok
22:08:18.0486 3428 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:08:18.0506 3428 msisadrv - ok
22:08:18.0570 3428 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:08:18.0669 3428 MSiSCSI - ok
22:08:18.0674 3428 msiserver - ok
22:08:18.0739 3428 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:08:18.0767 3428 MSKSSRV - ok
22:08:18.0816 3428 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:08:18.0887 3428 MSPCLOCK - ok
22:08:18.0914 3428 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:08:18.0977 3428 MSPQM - ok
22:08:19.0029 3428 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:08:19.0055 3428 MsRPC - ok
22:08:19.0091 3428 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:08:19.0111 3428 mssmbios - ok
22:08:19.0151 3428 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:08:19.0187 3428 MSTEE - ok
22:08:19.0288 3428 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
22:08:19.0344 3428 MTsensor - ok
22:08:19.0380 3428 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:08:19.0460 3428 Mup - ok
22:08:19.0502 3428 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:08:19.0697 3428 napagent - ok
22:08:19.0765 3428 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:08:19.0812 3428 NativeWifiP - ok
22:08:19.0875 3428 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:08:19.0908 3428 NDIS - ok
22:08:19.0999 3428 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:08:20.0028 3428 NdisTapi - ok
22:08:20.0048 3428 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:08:20.0104 3428 Ndisuio - ok
22:08:20.0138 3428 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:08:20.0164 3428 NdisWan - ok
22:08:20.0235 3428 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:08:20.0319 3428 NDProxy - ok
22:08:20.0384 3428 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:08:20.0475 3428 NetBIOS - ok
22:08:20.0533 3428 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:08:20.0597 3428 netbt - ok
22:08:20.0627 3428 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:08:20.0690 3428 Netlogon - ok
22:08:20.0765 3428 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:08:20.0890 3428 Netman - ok
22:08:20.0917 3428 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:08:20.0992 3428 netprofm - ok
22:08:21.0071 3428 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:08:21.0087 3428 NetTcpPortSharing - ok
22:08:21.0126 3428 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:08:21.0141 3428 nfrd960 - ok
22:08:21.0162 3428 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:08:21.0237 3428 NlaSvc - ok
22:08:21.0440 3428 [ 696B37EA78F9D9767A2F18BA0304A51A ] nmwcd C:\Windows\system32\drivers\nmwcd.sys
22:08:21.0507 3428 nmwcd - ok
22:08:21.0593 3428 [ BBB6010FC01D9239D88FCDF133E03FF0 ] nmwcdc C:\Windows\system32\drivers\nmwcdc.sys
22:08:21.0696 3428 nmwcdc - ok
22:08:21.0712 3428 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcj C:\Windows\system32\drivers\nmwcdcj.sys
22:08:21.0774 3428 nmwcdcj - ok
22:08:21.0810 3428 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcm C:\Windows\system32\drivers\nmwcdcm.sys
22:08:21.0833 3428 nmwcdcm - ok
22:08:21.0916 3428 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:08:21.0951 3428 Npfs - ok
22:08:22.0031 3428 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:08:22.0133 3428 nsi - ok
22:08:22.0173 3428 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:08:22.0202 3428 nsiproxy - ok
22:08:22.0282 3428 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:08:22.0397 3428 Ntfs - ok
22:08:22.0473 3428 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:08:22.0562 3428 ntrigdigi - ok
22:08:22.0599 3428 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:08:22.0663 3428 Null - ok
22:08:22.0711 3428 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:08:22.0739 3428 nvraid - ok
22:08:22.0773 3428 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:08:22.0789 3428 nvstor - ok
22:08:22.0830 3428 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:08:22.0847 3428 nv_agp - ok
22:08:22.0853 3428 NwlnkFlt - ok
22:08:22.0865 3428 NwlnkFwd - ok
22:08:22.0926 3428 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:08:22.0998 3428 ohci1394 - ok
22:08:23.0082 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:08:23.0284 3428 p2pimsvc - ok
22:08:23.0350 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:08:23.0445 3428 p2psvc - ok
22:08:23.0522 3428 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:08:23.0593 3428 Parport - ok
22:08:23.0637 3428 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:08:23.0655 3428 partmgr - ok
22:08:23.0683 3428 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:08:23.0752 3428 Parvdm - ok
22:08:23.0828 3428 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:08:23.0952 3428 PcaSvc - ok
22:08:24.0041 3428 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:08:24.0061 3428 pci - ok
22:08:24.0099 3428 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
22:08:24.0117 3428 pciide - ok
22:08:24.0201 3428 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:08:24.0233 3428 pcmcia - ok
22:08:24.0285 3428 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:08:24.0457 3428 PEAUTH - ok
22:08:24.0787 3428 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:08:24.0948 3428 pla - ok
22:08:25.0041 3428 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:08:25.0151 3428 PlugPlay - ok
22:08:25.0237 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:08:25.0312 3428 PNRPAutoReg - ok
22:08:25.0348 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:08:25.0425 3428 PNRPsvc - ok
22:08:25.0563 3428 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:08:25.0635 3428 PolicyAgent - ok
22:08:25.0740 3428 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:08:25.0832 3428 PptpMiniport - ok
22:08:25.0931 3428 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:08:25.0963 3428 Processor - ok
22:08:26.0034 3428 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:08:26.0110 3428 ProfSvc - ok
22:08:26.0157 3428 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:08:26.0207 3428 ProtectedStorage - ok
22:08:26.0321 3428 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:08:26.0344 3428 PSched - ok
22:08:26.0500 3428 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:08:26.0570 3428 ql2300 - ok
22:08:26.0618 3428 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:08:26.0638 3428 ql40xx - ok
22:08:26.0740 3428 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:08:26.0916 3428 QWAVE - ok
22:08:26.0953 3428 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:08:27.0018 3428 QWAVEdrv - ok
22:08:27.0087 3428 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:08:27.0137 3428 RasAcd - ok
22:08:27.0183 3428 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:08:27.0288 3428 RasAuto - ok
22:08:27.0360 3428 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:08:27.0390 3428 Rasl2tp - ok
22:08:27.0455 3428 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:08:27.0598 3428 RasMan - ok
22:08:27.0656 3428 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:08:27.0717 3428 RasPppoe - ok
22:08:27.0793 3428 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:08:27.0815 3428 RasSstp - ok
22:08:27.0875 3428 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:08:27.0958 3428 rdbss - ok
22:08:28.0007 3428 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:08:28.0102 3428 RDPCDD - ok
22:08:28.0141 3428 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:08:28.0189 3428 rdpdr - ok
22:08:28.0197 3428 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:08:28.0243 3428 RDPENCDD - ok
22:08:28.0423 3428 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:08:28.0482 3428 RDPWD - ok
22:08:28.0530 3428 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:08:28.0644 3428 RemoteAccess - ok
22:08:28.0697 3428 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:08:28.0842 3428 RemoteRegistry - ok
22:08:28.0949 3428 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:08:28.0964 3428 RichVideo - ok
22:08:29.0042 3428 [ DED01A389926A89540B82373E4C550EE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
22:08:29.0099 3428 rimmptsk - ok
22:08:29.0106 3428 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
22:08:29.0178 3428 rimsptsk - ok
22:08:29.0231 3428 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:08:29.0386 3428 RpcLocator - ok
22:08:29.0496 3428 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
22:08:29.0583 3428 RpcSs - ok
22:08:29.0640 3428 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:08:29.0675 3428 rspndr - ok
22:08:29.0774 3428 [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
22:08:29.0891 3428 RTL8023xp - ok
22:08:29.0921 3428 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:08:29.0979 3428 SamSs - ok
22:08:30.0126 3428 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:08:30.0144 3428 sbp2port - ok
22:08:30.0237 3428 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:08:30.0363 3428 SCardSvr - ok
22:08:30.0693 3428 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:08:30.0888 3428 Schedule - ok
22:08:30.0922 3428 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:08:30.0953 3428 SCPolicySvc - ok
22:08:31.0041 3428 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:08:31.0066 3428 sdbus - ok
22:08:31.0114 3428 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:08:31.0325 3428 SDRSVC - ok
22:08:31.0373 3428 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:08:31.0438 3428 secdrv - ok
22:08:31.0502 3428 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:08:31.0597 3428 seclogon - ok
22:08:31.0627 3428 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
22:08:31.0742 3428 SENS - ok
22:08:31.0825 3428 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:08:31.0872 3428 Serenum - ok
22:08:31.0906 3428 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
22:08:32.0026 3428 Serial - ok
22:08:32.0063 3428 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:08:32.0128 3428 sermouse - ok
22:08:32.0215 3428 [ 56EB980DA71B94B79A341615C3C256CF ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:08:32.0325 3428 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:08:32.0325 3428 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:08:32.0411 3428 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:08:32.0553 3428 SessionEnv - ok
22:08:32.0608 3428 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:08:32.0683 3428 sffdisk - ok
22:08:32.0725 3428 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:08:32.0817 3428 sffp_mmc - ok
22:08:32.0845 3428 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:08:32.0924 3428 sffp_sd - ok
22:08:32.0952 3428 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:08:32.0992 3428 sfloppy - ok
22:08:33.0056 3428 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:08:33.0160 3428 SharedAccess - ok
22:08:33.0291 3428 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:08:33.0431 3428 ShellHWDetection - ok
22:08:33.0471 3428 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:08:33.0489 3428 sisagp - ok
22:08:33.0517 3428 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:08:33.0534 3428 SiSRaid2 - ok
22:08:33.0554 3428 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:08:33.0572 3428 SiSRaid4 - ok
22:08:33.0872 3428 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:08:34.0243 3428 slsvc - ok
22:08:34.0288 3428 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:08:34.0400 3428 SLUINotify - ok
22:08:34.0474 3428 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:08:34.0557 3428 Smb - ok
22:08:34.0831 3428 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
22:08:35.0069 3428 smserial - ok
22:08:35.0126 3428 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:08:35.0272 3428 SNMPTRAP - ok
22:08:35.0384 3428 [ 8F6838AEEBC79E8898C2065D969C47CC ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
22:08:35.0608 3428 SNP2UVC - ok
22:08:35.0667 3428 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:08:35.0688 3428 spldr - ok
22:08:35.0713 3428 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:08:35.0820 3428 Spooler - ok
22:08:35.0952 3428 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:08:36.0111 3428 srv - ok
22:08:36.0183 3428 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:08:36.0271 3428 srv2 - ok
22:08:36.0350 3428 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:08:36.0396 3428 srvnet - ok
22:08:36.0493 3428 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:08:36.0601 3428 SSDPSRV - ok
22:08:36.0662 3428 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:08:36.0676 3428 ssmdrv - ok
22:08:36.0766 3428 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:08:36.0845 3428 SstpSvc - ok
22:08:36.0946 3428 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:08:37.0133 3428 stisvc - ok
22:08:37.0215 3428 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:08:37.0232 3428 swenum - ok
22:08:37.0412 3428 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:08:37.0592 3428 swprv - ok
22:08:37.0963 3428 [ 438FAFE708C93B2236FC26B6F2BD5FD0 ] Symantec Core LC C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
22:08:38.0162 3428 Symantec Core LC - ok
22:08:38.0229 3428 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:08:38.0252 3428 Symc8xx - ok
22:08:38.0346 3428 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:08:38.0363 3428 Sym_hi - ok
22:08:38.0435 3428 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:08:38.0451 3428 Sym_u3 - ok
22:08:38.0510 3428 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:08:38.0530 3428 SynTP - ok
22:08:38.0678 3428 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:08:38.0886 3428 SysMain - ok
22:08:38.0971 3428 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:08:39.0084 3428 TabletInputService - ok
22:08:39.0153 3428 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:08:39.0343 3428 TapiSrv - ok
22:08:39.0397 3428 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:08:39.0507 3428 TBS - ok
22:08:39.0662 3428 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:08:39.0743 3428 Tcpip - ok
22:08:39.0807 3428 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:08:39.0852 3428 Tcpip6 - ok
22:08:39.0921 3428 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:08:39.0977 3428 tcpipreg - ok
22:08:40.0021 3428 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:08:40.0110 3428 TDPIPE - ok
22:08:40.0136 3428 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:08:40.0197 3428 TDTCP - ok
22:08:40.0257 3428 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:08:40.0283 3428 tdx - ok
22:08:40.0678 3428 [ B357451A6958E2B7B506FB1D08271BE6 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
22:08:40.0816 3428 TeamViewer6 - ok
22:08:40.0844 3428 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:08:40.0868 3428 TermDD - ok
22:08:40.0947 3428 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:08:41.0061 3428 TermService - ok
22:08:41.0096 3428 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:08:41.0176 3428 Themes - ok
22:08:41.0216 3428 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:08:41.0282 3428 THREADORDER - ok
22:08:41.0394 3428 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:08:41.0542 3428 TrkWks - ok
22:08:41.0681 3428 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:08:41.0784 3428 TrustedInstaller - ok
22:08:41.0824 3428 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:08:41.0883 3428 tssecsrv - ok
22:08:41.0919 3428 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:08:41.0973 3428 tunmp - ok
22:08:42.0038 3428 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:08:42.0067 3428 tunnel - ok
22:08:42.0095 3428 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:08:42.0113 3428 uagp35 - ok
22:08:42.0183 3428 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:08:42.0211 3428 udfs - ok
22:08:42.0295 3428 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:08:42.0405 3428 UI0Detect - ok
22:08:42.0484 3428 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:08:42.0502 3428 uliagpkx - ok
22:08:42.0556 3428 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:08:42.0578 3428 uliahci - ok
22:08:42.0628 3428 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:08:42.0646 3428 UlSata - ok
22:08:42.0677 3428 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:08:42.0695 3428 ulsata2 - ok
22:08:42.0751 3428 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:08:42.0832 3428 umbus - ok
22:08:42.0880 3428 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:08:42.0976 3428 upnphost - ok
22:08:43.0121 3428 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:08:43.0150 3428 usbaudio - ok
22:08:43.0234 3428 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:08:43.0277 3428 usbccgp - ok
22:08:43.0468 3428 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:08:43.0528 3428 usbcir - ok
22:08:43.0619 3428 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:08:43.0658 3428 usbehci - ok
22:08:43.0681 3428 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:08:43.0751 3428 usbhub - ok
22:08:43.0796 3428 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:08:43.0913 3428 usbohci - ok
22:08:43.0950 3428 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:08:43.0998 3428 usbprint - ok
22:08:44.0098 3428 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:08:44.0156 3428 USBSTOR - ok
22:08:44.0234 3428 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:08:44.0358 3428 usbuhci - ok
22:08:44.0424 3428 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:08:44.0508 3428 usbvideo - ok
22:08:44.0597 3428 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:08:44.0729 3428 UxSms - ok
22:08:44.0786 3428 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:08:44.0968 3428 vds - ok
22:08:45.0014 3428 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:08:45.0073 3428 vga - ok
22:08:45.0100 3428 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:08:45.0139 3428 VgaSave - ok
22:08:45.0162 3428 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:08:45.0181 3428 viaagp - ok
22:08:45.0257 3428 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:08:45.0295 3428 ViaC7 - ok
22:08:45.0323 3428 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:08:45.0346 3428 viaide - ok
22:08:45.0391 3428 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:08:45.0414 3428 volmgr - ok
22:08:45.0457 3428 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:08:45.0485 3428 volmgrx - ok
22:08:45.0516 3428 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:08:45.0539 3428 volsnap - ok
22:08:45.0634 3428 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:08:45.0654 3428 vsmraid - ok
22:08:45.0929 3428 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:08:46.0180 3428 VSS - ok
22:08:46.0246 3428 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:08:46.0361 3428 W32Time - ok
22:08:46.0391 3428 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:08:46.0460 3428 WacomPen - ok
22:08:46.0511 3428 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:08:46.0570 3428 Wanarp - ok
22:08:46.0575 3428 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:08:46.0608 3428 Wanarpv6 - ok
22:08:46.0779 3428 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:08:46.0975 3428 wcncsvc - ok
22:08:47.0062 3428 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:08:47.0192 3428 WcsPlugInService - ok
22:08:47.0251 3428 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:08:47.0269 3428 Wd - ok
22:08:47.0281 3428 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:08:47.0392 3428 Wdf01000 - ok
22:08:47.0481 3428 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:08:47.0641 3428 WdiServiceHost - ok
22:08:47.0646 3428 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:08:47.0743 3428 WdiSystemHost - ok
22:08:47.0931 3428 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:08:48.0099 3428 WebClient - ok
22:08:48.0138 3428 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:08:48.0308 3428 Wecsvc - ok
22:08:48.0373 3428 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:08:48.0487 3428 wercplsupport - ok
22:08:48.0562 3428 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:08:48.0706 3428 WerSvc - ok
22:08:48.0808 3428 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:08:48.0825 3428 WinDefend - ok
22:08:48.0832 3428 WinHttpAutoProxySvc - ok
22:08:48.0923 3428 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:08:49.0195 3428 Winmgmt - ok
22:08:49.0299 3428 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:08:49.0504 3428 WinRM - ok
22:08:49.0631 3428 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:08:49.0773 3428 Wlansvc - ok
22:08:49.0850 3428 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:08:49.0954 3428 WmiAcpi - ok
22:08:50.0027 3428 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:08:50.0058 3428 wmiApSrv - ok
22:08:50.0277 3428 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:08:50.0370 3428 WMPNetworkSvc - ok
22:08:50.0430 3428 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:08:50.0610 3428 WPCSvc - ok
22:08:50.0671 3428 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:08:50.0761 3428 WPDBusEnum - ok
22:08:51.0300 3428 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:08:51.0435 3428 WPFFontCache_v0400 - ok
22:08:51.0557 3428 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:08:51.0596 3428 ws2ifsl - ok
22:08:51.0710 3428 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
22:08:51.0871 3428 wscsvc - ok
22:08:51.0876 3428 WSearch - ok
22:08:51.0976 3428 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files\XSManager\WTGService.exe
22:08:51.0992 3428 WTGService - ok
22:08:52.0320 3428 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:08:52.0564 3428 wuauserv - ok
22:08:52.0636 3428 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:08:52.0667 3428 WUDFRd - ok
22:08:52.0727 3428 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:08:52.0852 3428 wudfsvc - ok
22:08:52.0909 3428 [ 4A8DE57515970066E1AFC562CBE818C7 ] XS Stick Service C:\Windows\service4g.exe
22:08:52.0924 3428 XS Stick Service - ok
22:08:52.0991 3428 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
22:08:53.0040 3428 yukonwlh - ok
22:08:53.0049 3428 ================ Scan global ===============================
22:08:53.0189 3428 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:08:53.0274 3428 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:08:53.0392 3428 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:08:53.0583 3428 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:08:53.0649 3428 [Global] - ok
22:08:53.0650 3428 ================ Scan MBR ==================================
22:08:53.0703 3428 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:08:55.0542 3428 \Device\Harddisk0\DR0 - ok
22:08:55.0543 3428 ================ Scan VBR ==================================
22:08:55.0595 3428 [ 0E816802626907FD0E91537FA5C04B18 ] \Device\Harddisk0\DR0\Partition1
22:08:55.0601 3428 \Device\Harddisk0\DR0\Partition1 - ok
22:08:55.0652 3428 [ 1808A730A8414488CA714A381EA7DA8A ] \Device\Harddisk0\DR0\Partition2
22:08:55.0658 3428 \Device\Harddisk0\DR0\Partition2 - ok
22:08:55.0659 3428 ============================================================
22:08:55.0659 3428 Scan finished
22:08:55.0659 3428 ============================================================
22:08:55.0676 5968 Detected object count: 7
22:08:55.0676 5968 Actual detected object count: 7
22:09:53.0630 5968 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0630 5968 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:53.0633 5968 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0633 5968 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:53.0638 5968 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0638 5968 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:53.0639 5968 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0639 5968 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:53.0642 5968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0643 5968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:53.0645 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0645 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:53.0648 5968 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:53.0648 5968 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip


---------------------------------

Sollte ich die Daten des Laptops auf eine externe Festplatte sichern oder ist der Laptop in dem Zustand noch zu retten?? Ich versteh aus den ganzen Dateien nicht wirklich was?!?

Danke dir,
schöne Grüße

Alt 19.09.2012, 18:17   #8
markusg
/// Malware-holic
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



nein der braucht nicht neu gemacht werden
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.09.2012, 07:33   #9
mr.horsepowe
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



# AdwCleaner v2.002 - Datei am 09/20/2012 um 08:30:53 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : home - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\home\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v9.0.1 (de)

Profilname : default
Datei : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\kfghossn.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [839 octets] - [20/09/2012 08:30:53]

########## EOF - C:\AdwCleaner[R1].txt - [898 octets] ##########


Dieser Suchlauf ging ja ziemlich schnell?! Ist die Logdatei komplett??

Schöne Grüße!

Alt 20.09.2012, 12:43   #10
markusg
/// Malware-holic
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



hi
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:
lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.10.2012, 11:40   #11
mr.horsepowe
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



Hallo!

Tut mir leid, dass ich erst sooo spät poste, aber ich hatte den Laptop in der Zwischenzeit nicht in Verwendung.

Anbei die beiden Dateien. Bei den Programmen bin ich mir oft nicht sicher, für was diese sind oder wozu man sie benötigt?!?

LG

-----------------------------------------------

# AdwCleaner v2.002 - Datei am 10/21/2012 um 11:52:45 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : home - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\home\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v9.0.1 (de)

Profilname : default
Datei : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\kfghossn.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [966 octets] - [20/09/2012 08:30:53]
AdwCleaner[S1].txt - [1157 octets] - [21/10/2012 11:52:45]

########## EOF - C:\AdwCleaner[S1].txt - [1217 octets] ##########





---------------------------------------------------

Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.10.2012 11.4.402.287 NOTWENDIG
Adobe Photoshop CS3 Adobe Systems Incorporated 24.08.2009 10.0 NOTWENDIG
Adobe Reader 8.1.2 Adobe Systems Incorporated 27.03.2009 84,8MB 8.1.2 NOTWENDIG
Apple Application Support Apple Inc. 20.08.2011 42,8MB 1.3.0 UNBEKANNT/UNNÖTIG
Apple Mobile Device Support Apple Inc. 20.08.2011 19,9MB 3.1.0.62 UNBEKANNT/UNNÖTIG
Apple Software Update Apple Inc. 20.08.2011 2,26MB 2.1.2.120 UNBEKANNT/UNNÖTIG
ASUS Data Security Manager ASUS 27.03.2009 11,3MB 1.00.0007 UNBEKANNT/UNNÖTIG
ASUS FancyStart ASUSTeK Computer Inc. 27.03.2009 10,6MB 1.0.1 UNBEKANNT/UNNÖTIG
ASUS LifeFrame3 ASUS 27.03.2009 30,7MB 3.0.14 UNBEKANNT/UNNÖTIG
ASUS Live Update ASUS 27.03.2009 0,46MB 2.5.6 UNBEKANNT/UNNÖTIG
ASUS MultiFrame 27.03.2009 1,18MB 1.0.0018 UNBEKANNT/UNNÖTIG
ASUS Power4Gear Hybrid ASUS 27.03.2009 8,11MB 1.1.10 UNBEKANNT/UNNÖTIG
ASUS SmartLogon ASUS 27.03.2009 10,7MB 1.0.0005 UNBEKANNT/UNNÖTIG
ASUS Splendid Video Enhancement Technology ASUS 27.03.2009 25,0MB 1.02.0021 UNBEKANNT/UNNÖTIG
Asus_Camera_ScreenSaver ASUS 27.03.2009 2.0.0006 UNBEKANNT/UNNÖTIG
Atheros Client Installation Program Atheros 27.03.2009 10,0MB 7.0 UNBEKANNT
ATK Generic Function Service ATK 27.03.2009 0,45MB 1.00.0008 UNBEKANNT
ATK Hotkey ASUS 27.03.2009 6,01MB 1.0.0040 UNBEKANNT
ATKOSD2 ATK 27.03.2009 7,38MB 6.64.1.6 UNBEKANNT
Avira AntiVir Personal - Free Antivirus Avira GmbH 12.03.2012 129,3MB 10.2.0.707 NOTWENDIG
Bonjour Apple Inc. 20.08.2011 1,14MB 2.0.2.0 UNBEKANNT/UNNÖTIG
CCleaner Piriform 10.02.2010 2,80MB 2.28 NOTWENDIG
Cisco EAP-FAST Module Cisco Systems, Inc. 27.03.2009 1,04MB 2.1.6 UNBEKANNT
Cisco LEAP Module Cisco Systems, Inc. 27.03.2009 1,04MB 1.0.12 UNBEKANNT
Cisco PEAP Module Cisco Systems, Inc. 27.03.2009 0,85MB 1.0.13 UNBEKANNT
Citrix Online Plug-in - Web Citrix Systems, Inc. 27.02.2012 16,1MB 12.1.0.30 UNNÖTIG
CyberLink DVD Suite CyberLink Corp. 12.07.2009 9,63MB 5.0.2403 NOTWENDIG
CyberLink Power2Go CyberLink Corp. 27.03.2009 122,2MB 6.0.1924 UNBEKANNT/UNNÖTIG
DIE SIEDLER - Aufstieg eines Königreichs Ubisoft 14.03.2011 2.934,3MB 1.00.0000 UNNÖTIG
DivX Plus Web Player DivX,Inc. 03.04.2010 8,52MB 2.0.0 UNBEKANNT
Dropbox Dropbox, Inc. 16.06.2012 27,8MB 1.4.7 NOTWENDIG
DTE 14.03.2010 3,72MB UNBEKANNT
Express Gate devicevm 27.03.2009 622,4MB 0.8.8.9 UNBEKANNT
EZ Vinyl/Tape Converter 7.4 by MixMeister MixMeister Technology LLC 20.08.2011 4,33MB UNNÖTIG
Facebook Plug-In Facebook, Inc. 30.05.2010 6,26MB UNBEKANNT/UNNÖTIG
FileZilla Client 3.3.1 10.02.2010 16,0MB 3.3.1 UNBEKANNT
Intel(R) Graphics Media Accelerator Driver Intel Corporation 27.03.2009 UNBEKANNT
Intel(R) TV Wizard 28.03.2009 UNBEKANNT/UNNÖTIG
iTunes Apple Inc. 20.08.2011 161,7MB 9.2.1.5 UNBEKANNT/UNNÖTIG
Java 2 Runtime Environment, SE v1.4.2 Sun Microsystems, Inc. 09.11.2009 78,5MB 1.4.2 UNBEKANNT
Java(TM) 6 Update 25 Oracle 22.05.2011 94,7MB 6.0.250 UNBEKANNT
Juniper Citrix Services Client Juniper Networks 27.02.2012 0,98MB 7.0.0.17289 UNBEKANNT/UNNÖTIG
Juniper Networks Setup Client Juniper Networks 27.02.2012 1,98MB 2.2.4.9429 UNBEKANNT/UNNÖTIG
Juniper Networks Setup Client Activex Control Juniper Networks 27.02.2012 2.1.1.1 UNBEKANNT/UNNÖTIG
KompoZer 0.77 Thorsten Fritz 11.02.2010 22,3MB 0.77 UNBEKANNT/UNNÖTIG
LabelPrint CyberLink Corp. 12.07.2009 86,4MB .2725 UNBEKANNT/UNNÖTIG
LightScribe System Software 1.14.17.1 LightScribe 27.03.2009 21,0MB 1.14.17.1 UNBEKANNT/UNNÖTIG
LiveUpdate (Symantec Corporation) Symantec Corporation 28.03.2009 3.4.1.232 UNBEKANNT/UNNÖTIG
Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 13.09.2012 12,8MB 1.65.0.1400 NOTWENDIG
MediaShow CyberLink Corporation 12.07.2009 30,8MB 3.0.4325 UNBEKANNT/UNNÖTIG
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 01.09.2009 37,0MB UNBEKANNT
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.07.2009 37,0MB UNBEKANNT
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120,3MB 4.0.30319 UNBEKANNT
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 UNBEKANNT
Microsoft Office XP Professional with FrontPage Microsoft Corporation 13.03.2010 229,5MB 10.0.2627.0 NOTWENDIG
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.03.2009 0,41MB 8.0.56336 UNBEKANNT/UNNÖTIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.11.2009 0,58MB 9.0.30729 UNBEKANNT/UNNÖTIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.04.2011 0,58MB 9.0.30729.4148 UNBEKANNT/UNNÖTIG
MOTORRAD Tourenplaner 2008/2009 08.08.2011 5.367,2MB NOTWENDIG
Mozilla Firefox 9.0.1 (x86 de) Mozilla 18.01.2012 42,0MB 9.0.1 NOTWENDIG
Netviewer Meet Netviewer AG 01.02.2010 5,75MB 1.0.0.33 NOTWENDIG
Netviewer Support Netviewer AG 01.02.2010 4,83MB 1.0.0.33 NOTWENDIG
Nokia Connectivity Cable Driver Nokia 21.07.2009 1,00MB 6.85.10.0 UNNÖTIG
Nvu 1.0 Thorsten Fritz 11.02.2010 22,0MB 1.0 UNNÖTIG
PC Connectivity Solution Nokia 21.07.2009 8,76MB 7.37.22.0 UNNÖTIG
PDFCreator Frank Heindörfer, Philip Chinery 10.02.2010 21,2MB 0.9.9 NOTWENDIG
PhotoNow! CyberLink Corp. 12.07.2009 1,70MB 1.0.4310 UNNÖTIG
PowerDirector CyberLink Corp. 12.07.2009 278,0MB 6.0.1731b UNNÖTIG
PowerDVD CyberLink Corporation 12.07.2009 97,8MB 7.0.3409.a UNNÖTIG
PowerProducer CyberLink Corp. 12.07.2009 230,3MB UNNÖTIG
QuickTime Apple Inc. 20.08.2011 73,8MB 7.66.73.0 UNBEKANNT/UNNÖTIG
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Realtek 27.03.2009 0,62MB 1.00.0000 UNBEKANNT
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.03.2009 9,77MB 6.0.1.5764 UNBEKANNT
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 RICOH 27.03.2009 3,56MB 3.55.03 UNBEKANNT
Skype web features Skype Technologies S.A. 28.11.2009 4,34MB 1.0.3971 NOTWENDIG
Skype™ 4.1 Skype Technologies S.A. 28.11.2009 31,1MB 4.1.179 NOTWENDIG
Synaptics Pointing Device Driver Synaptics 27.03.2009 13,7MB 10.1.8.0 UNBEKANNT
TeamViewer 6 TeamViewer GmbH 23.08.2011 15,6MB 6.0.11052 NOTWENDIG
USB 2.0 1.3M UVC WebCam 27.03.2009 UNBEKANNT
VLC media player 1.0.0 VideoLAN Team 16.07.2009 73,0MB 1.0.0 NOTWENDIG
Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6) Nokia 21.07.2009 10/12/2007 3.6 UNNÖTIG
WinFlash 27.03.2009 1,37MB UNBEKANNT
Wireless Console 2 ATK 27.03.2009 2,12MB 2.0.10 UNBEKANNT
XSManager XSManager 22.11.2009 24,3MB 3.0 NOTWENDIG
Zusatzmodul GPS-Tourenplaner MTP09 PTV Planung Transport Verkehr AG 08.08.2011 5.367,2MB 12.5 UNBEKANNT

Alt 21.10.2012, 18:25   #12
markusg
/// Malware-holic
 
Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Standard

Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Citrix
DIE SIEDLER
EZ
Facebook
FileZilla
iTunes
Java : alle
Download der kostenlosen Java-Software
downloade java jre instalieren

deinstaliere:
Juniper : alle
KompoZer
LabelPrint
LightScribe
LiveUpdate
MediaShow
Mozilla : öffnen, hilfe, update, version 15 instalieren.
deinstaliere:
Nvu
Nokia
PC Connectivity
PhotoNow
PowerDirector
PowerDVD
PowerProducer
QuickTime
TeamViewer : 1. veraltet, 2. würde ich das nur bei bedarf instalieren.

öffne otl. bereinigen, pc startet neu
öffne ccleaner, analysieren, starten, pcneustarten.
wenn er läuft wie gewünscht, absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
http://www.emsisoft.de/de/software/a...re/?id=5987352
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop
beseitigen, crime, cyber, datei, hoffe, investigation, laptop, löschen?, malwarebytes, neu, pcs, polizei, polizei virus, poste, protokoll, quick, registriert, runtergeladen, stunde, unbeholfen, virus, vista, Österreich



Ähnliche Themen: Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop


  1. Polizei: Cyber Crime Investigation Department - voll blockiert
    Log-Analyse und Auswertung - 08.08.2013 (9)
  2. Polizei: Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (19)
  3. Polizei / Cybercrime Investigation Departement Virus
    Log-Analyse und Auswertung - 20.02.2013 (25)
  4. Trojaner Schweiz Polizei Cyber Crime Investigation
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (25)
  5. Malware POLIZEI Cyber Crime Departement
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (5)
  6. Polizei: Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (21)
  7. polizei cyber crime investigation department trojaner
    Log-Analyse und Auswertung - 23.12.2012 (14)
  8. Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern
    Log-Analyse und Auswertung - 03.12.2012 (15)
  9. POLIZEI Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (8)
  10. Polizei cyber crime investigation department
    Log-Analyse und Auswertung - 24.10.2012 (2)
  11. cyber crime investigation department polizei
    Log-Analyse und Auswertung - 17.10.2012 (13)
  12. Polizei Virus - Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 09.10.2012 (28)
  13. cyber crime investigation department polizei
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (7)
  14. cyber crime investigation department polizei österreich
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  15. Cyber Crime Investigation Polizei Malware ....
    Alles rund um Windows - 09.09.2012 (2)
  16. cyber crime investigation departement trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  17. Virus mit dem Titel: "Cyber Crime Investigation Departement"
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (20)

Zum Thema Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop - Hallo an alle! Ich habe mich soeben neu registriert, da ich vor einer Stunde diesen Polizei Virus mit Österreich Ausprägung auf meinen Vista Laptop bekommen habe. Nun habe ich mir - Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop...
Archiv
Du betrachtest: Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.