Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei-Virus/Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.12.2012, 22:50   #1
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hallo liebes Forum-Team,

ich habe mich heute hier angemeldet, weil ich mir diesen Trojaner eingefangen habe, der den Rechner sperrt, bis man nicht ne gewisse Summe bezahlt. Ich könnte wirklich . So ein fieses Ding!

Ich habe meinen Rechner mit dem hier angegebenen Programm scannen lassen ( Malwarebytes Anti-Malware ) und habe die Dateien dann entfernt. Nun soll ich doch diesen Log-Code hier reinkopieren?! Dann mach ich das mal:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.02.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Besitzer :: BESITZER-PC [Administrator]

02.12.2012 18:43:32
mbam-log-2012-12-02 (18-43-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343382
Laufzeit: 3 Stunde(n), 52 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Besitzer\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{09703E72-ACEE-82F5-E5A1-999935D2E8D5} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Besitzer\AppData\Roaming\Paza\toru.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 49
C:\Users\Besitzer\AppData\Local\Temp\BiI+pObd.exe.part (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\Desktop\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Löschen bei Neustart.
C:\Users\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI90D7JO\myfile[1].dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\ABMRES.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\AEFILTER.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\autoenh.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\clrtoclr.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Cpuinf32.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\frameeng.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IS32Inst.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\MASKOP.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\MAXMIN.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\mScan.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Pngfio.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Tge.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Aps.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Aps32.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32cvt.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Fe.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32FeUI.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Hook.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\U32path.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Plug.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\U32print.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\U32R2V.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32sel.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32sn.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Tu.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32Tx.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\U32TXTUR.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\u32xView.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uGifLib.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uINet.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uipl.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uiplA6.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uiplM5.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uiplM6.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uiplP5.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uiplP6.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uiplPX.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uJpgLib.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uLzwLib.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Upbgen.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\uShadow.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\usseng.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\UssJpgEn.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\UTHMIO32.DLL (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Vielen Dank schon mal für Eure Hilfe! Gut, dass es solche Communitys gibt, sonst wüsste ich nicht, was ich mit dem Teil machen sollte.

Alt 03.12.2012, 16:02   #2
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



HI
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.12.2012, 20:51   #3
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Guten Abend!

Das ist der Inhalt von OTL.text

Code:
ATTFilter
OTL logfile created on: 03.12.2012 19:39:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Besitzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 67,04% Memory free
5,71 Gb Paging File | 4,39 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 93,14 Gb Free Space | 62,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 94,18 Gb Free Space | 67,62% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\79f3661da2402c72b0bba0de1e55f4d1\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3076.38423__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3076.38379__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3076.38436__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3076.38415__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3076.38401__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3076.38617__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3076.38580__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3076.38651__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3076.38657__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3076.38394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3076.38588__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3076.38594__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3076.38587__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3076.38544__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3076.38448__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3076.38402__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3076.38608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3076.38443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3076.38543__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3076.38573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3076.38536__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3076.38542__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3076.38572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3076.38372_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3076.38632_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3076.38641__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3076.38639__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3076.38669__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3076.38680__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3076.38387__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3076.38632__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3076.38408__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3076.38371__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3076.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3076.38640__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3076.38369__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3076.38370__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ASUS\ATK Media\DMedia.exe ()
MOD - C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll ()
MOD - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
MOD - C:\Program Files\ASUS\ATK Media\GERSTRING.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (GDFwSvc) -- C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11088.672
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 19:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.04 19:11:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 19:11:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.04 19:11:02 | 000,000,000 | ---D | M]
 
[2010.02.25 11:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2012.10.24 19:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions
[2010.06.30 19:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.05 14:48:53 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2012.04.16 19:00:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.07.15 10:28:40 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.09.16 13:10:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\ich@maltegoetz.de
[2011.10.03 19:11:04 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\kf4lmb8c.default\extensions\youtube2mp3@mondayx.de
[2012.11.04 19:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.11.04 19:11:01 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.11.04 19:11:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.27 19:59:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AVKWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B18C7E67-2B2A-4180-A927-2EEE52EBF624}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DriverScanner - hkey= - key= - C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.03 18:53:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2012.12.03 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{E34C3709-C383-4784-BAB9-2B3E1AD1626C}
[2012.12.02 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
[2012.12.02 18:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 18:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 18:41:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.02 18:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.02 18:40:41 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Besitzer\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.02 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Kaspersky Rescue2Usb
[2012.12.02 15:54:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{6F6197D5-3AC4-402C-927C-D41AAEFEB9A1}
[2012.11.29 17:54:56 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{382CE634-AE8C-401B-ACE9-C15370457408}
[2012.11.28 18:53:14 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{A9D7862E-97C7-49E0-8CB6-EF401E2DF823}
[2012.11.27 18:08:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{F207BB1E-2B00-4783-8A77-F2EB7DFCED95}
[2012.11.26 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{1C74149C-F667-4C98-81B0-D1898A405905}
[2012.11.25 17:35:15 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{F6539F33-80AE-4090-BE77-B0B6C7234C7B}
[2012.11.24 11:17:58 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{C9F5D7BE-5046-48D6-ABA1-CE644DF56E17}
[2012.11.19 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{3B32DA78-C63E-4972-9E96-E6307C280AA3}
[2012.11.18 10:17:24 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{E15C6738-CFE2-42F5-89BD-83377C492894}
[2012.11.17 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{32450066-F672-4275-9C9E-1DA49112B70C}
[2012.11.17 12:35:51 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{59E401DF-6E94-4734-B16C-0B79F0107648}
[2012.11.16 18:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.16 18:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.11.16 18:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2012.11.16 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{ECBA71CE-3B87-4370-BA18-0B9F42D52D25}
[2012.11.14 20:29:53 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{923D2F3A-E000-4EA2-AB4B-3EFF55C74F72}
[2012.11.13 22:05:01 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{628D663F-F9E0-42D1-830D-9C536A661291}
[2012.11.11 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{EEAB1AAF-EE30-4103-9469-F79D559FD377}
[2012.11.10 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{28C73098-6E3D-4C1D-95D4-19B4EF9EB4C4}
[2012.11.04 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Skype
[2012.11.04 19:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.04 19:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.04 19:36:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.11.04 19:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.11.04 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.04 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\{021F79FB-D0AB-4C09-8C9B-0001256003EB}
[2011.10.27 21:46:29 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeBA0D.dll
[2010.03.01 21:02:51 | 000,167,936 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Prod.dll
[2010.03.01 21:02:51 | 000,077,824 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\OLREG.EXE
[2010.03.01 21:02:51 | 000,053,248 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\U32CFG.DLL
[2010.03.01 21:02:49 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Program Files\INETWH32.DLL
[2010.03.01 21:02:48 | 000,225,280 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Fido.dll
[2010.03.01 21:02:48 | 000,225,280 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Base.dll
[2010.03.01 21:02:48 | 000,163,840 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Afm.dll
[2010.03.01 21:02:48 | 000,110,592 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32File.dll
[2010.03.01 21:02:48 | 000,110,592 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Clips.dll
[2010.03.01 21:02:48 | 000,098,304 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Comm.dll
[2010.03.01 21:02:48 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Brows.dll
[2010.03.01 21:02:47 | 000,102,400 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uRender.dll
[2010.03.01 21:02:47 | 000,057,344 | ---- | C] (Ulead Systems) -- C:\Program Files\u32Scan.dll
[2010.03.01 21:02:46 | 000,098,304 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\UL3DUI32.DLL
[2010.03.01 21:02:46 | 000,073,728 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\PopView.dll
[2010.03.01 21:02:46 | 000,065,536 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uvofn.dll
[2010.03.01 21:02:46 | 000,061,440 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\HTMLAST.EXE
[2010.03.01 21:02:46 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\USSGifsa.dll
[2010.03.01 20:59:41 | 001,351,680 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ALBUM.EXE
[2010.03.01 20:59:41 | 000,036,864 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ABMTSR.EXE
[2010.03.01 20:58:36 | 003,170,304 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Iedit.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 18:53:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2012.12.03 18:48:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 18:48:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 18:48:20 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.12.03 18:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 18:47:41 | 2951,897,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.02 22:53:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.12.02 18:41:42 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 18:40:51 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Besitzer\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.02 18:36:15 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.12.02 17:58:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.02 17:58:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.02 17:58:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.02 17:58:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.02 17:54:22 | 210,292,736 | ---- | M] () -- C:\Users\Besitzer\Desktop\KWU_1.0.3.upd.iso
[2012.12.02 17:53:55 | 000,387,584 | ---- | M] () -- C:\Users\Besitzer\Desktop\rescue2usb.exe
[2012.11.25 17:35:33 | 000,000,680 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2012.11.17 13:13:00 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 18:21:00 | 007,992,528 | ---- | M] () -- C:\Users\Besitzer\Desktop\ca_setup.exe
[2012.11.04 19:36:54 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.02 18:41:42 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.02 17:53:52 | 000,387,584 | ---- | C] () -- C:\Users\Besitzer\Desktop\rescue2usb.exe
[2012.12.02 17:52:55 | 210,292,736 | ---- | C] () -- C:\Users\Besitzer\Desktop\KWU_1.0.3.upd.iso
[2012.11.29 21:05:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.11.16 18:20:46 | 007,992,528 | ---- | C] () -- C:\Users\Besitzer\Desktop\ca_setup.exe
[2012.11.04 19:36:54 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.17 21:38:25 | 000,838,935 | ---- | C] () -- C:\Windows\System32\sig.bin
[2010.11.19 09:33:35 | 000,004,096 | -H-- | C] () -- C:\Users\Besitzer\AppData\Local\keyfile3.drm
[2010.06.12 17:08:29 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2010.03.01 21:23:26 | 000,017,376 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\internal.grp
[2010.03.01 21:04:06 | 000,004,354 | -H-- | C] () -- C:\Program Files\U32FILE.CFG
[2010.03.01 21:02:55 | 000,027,718 | ---- | C] () -- C:\Program Files\PI5 ReadMe.wri
[2010.03.01 21:02:49 | 000,545,088 | R--- | C] () -- C:\Program Files\STYLE.PST
[2010.03.01 21:02:49 | 000,172,032 | ---- | C] () -- C:\Program Files\wcsPage.dll
[2010.03.01 21:02:49 | 000,163,840 | ---- | C] () -- C:\Program Files\wcs.exe
[2010.03.01 21:02:49 | 000,077,824 | ---- | C] () -- C:\Program Files\wWebComp.dll
[2010.03.01 21:02:49 | 000,057,344 | ---- | C] () -- C:\Program Files\wJavaCom.dll
[2010.03.01 21:02:49 | 000,057,344 | ---- | C] () -- C:\Program Files\wButnCom.dll
[2010.03.01 21:02:49 | 000,053,248 | ---- | C] () -- C:\Program Files\wBBarCom.dll
[2010.03.01 21:02:49 | 000,040,960 | ---- | C] () -- C:\Program Files\wImgFile.dll
[2010.03.01 21:02:49 | 000,040,960 | ---- | C] () -- C:\Program Files\wcsTL.dll
[2010.03.01 21:02:49 | 000,036,864 | ---- | C] () -- C:\Program Files\wpe.dll
[2010.03.01 21:02:49 | 000,023,644 | ---- | C] () -- C:\Program Files\U16APS.DLL
[2010.03.01 21:02:49 | 000,009,136 | ---- | C] () -- C:\Program Files\INETWH16.DLL
[2010.03.01 21:02:49 | 000,006,144 | ---- | C] () -- C:\Program Files\UTHMIO16.DLL
[2010.03.01 21:02:49 | 000,003,966 | ---- | C] () -- C:\Program Files\In3d.ani
[2010.03.01 21:02:49 | 000,003,507 | ---- | C] () -- C:\Program Files\IEDEFORM.DAT
[2010.03.01 21:02:49 | 000,003,188 | ---- | C] () -- C:\Program Files\Out3D.ani
[2010.03.01 21:02:48 | 000,032,768 | ---- | C] () -- C:\Program Files\u32Misc.dll
[2010.03.01 21:02:48 | 000,003,766 | ---- | C] () -- C:\Program Files\iearrowhead.dat
[2010.03.01 21:02:47 | 000,147,456 | ---- | C] () -- C:\Program Files\UpiCtrl.dll
[2010.03.01 21:02:47 | 000,065,536 | ---- | C] () -- C:\Program Files\ScPost.dll
[2010.03.01 21:02:47 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCPNTBP.dll
[2010.03.01 21:02:47 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCCOMM.dll
[2010.03.01 21:02:47 | 000,045,056 | ---- | C] () -- C:\Program Files\SCap.dll
[2010.03.01 21:02:47 | 000,040,960 | ---- | C] () -- C:\Program Files\UFCPNMGR.dll
[2010.03.01 21:02:47 | 000,036,864 | ---- | C] () -- C:\Program Files\UFCCOLOR.dll
[2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCSTATU.dll
[2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCCNBTN.dll
[2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCBUF.dll
[2010.03.01 21:02:47 | 000,032,768 | ---- | C] () -- C:\Program Files\scanres.dll
[2010.03.01 21:02:47 | 000,028,672 | ---- | C] () -- C:\Program Files\ucimg.dll
[2010.03.01 21:02:47 | 000,024,576 | ---- | C] () -- C:\Program Files\UFCDLGBR.dll
[2010.03.01 21:02:46 | 000,200,704 | ---- | C] () -- C:\Program Files\ss3base.dll
[2010.03.01 21:02:46 | 000,159,744 | ---- | C] () -- C:\Program Files\UFCPNTBS.dll
[2010.03.01 21:02:46 | 000,040,960 | ---- | C] () -- C:\Program Files\u32lfile.dll
[2010.03.01 21:02:46 | 000,032,768 | ---- | C] () -- C:\Program Files\uwUpdate.dll
[2010.03.01 21:02:46 | 000,028,672 | ---- | C] () -- C:\Program Files\callview.exe
[2010.03.01 21:02:46 | 000,024,576 | ---- | C] () -- C:\Program Files\wcsRWUFO.dll
[2010.03.01 21:02:45 | 000,004,528 | ---- | C] () -- C:\Program Files\SETBROWS.EXE
[2010.03.01 20:58:37 | 000,503,808 | ---- | C] () -- C:\Program Files\IERC.DLL
[2010.03.01 20:58:29 | 000,673,199 | ---- | C] () -- C:\Program Files\Uninst.isu
[2010.02.25 23:28:32 | 000,032,768 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.12.10 21:55:46 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Bekup
[2012.03.11 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\elsterformular
[2011.10.27 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\MyPhoneExplorer
[2011.10.27 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenCandy
[2010.12.10 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Paza
[2011.04.04 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sync App Settings
[2011.02.25 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ulead Systems
[2011.10.27 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue
[2012.04.09 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\XLMSoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.02.24 10:36:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.08.12 15:57:28 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2010.02.24 11:21:22 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.17 20:33:11 | 000,000,000 | ---D | M] -- C:\Download
[2010.08.24 15:17:57 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.09.02 19:29:54 | 000,000,000 | -HSD | M] -- C:\found.001
[2010.12.05 19:59:05 | 000,000,000 | -HSD | M] -- C:\found.002
[2010.12.19 22:00:38 | 000,000,000 | -HSD | M] -- C:\found.003
[2008.08.12 12:05:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.25 18:45:28 | 000,000,000 | ---D | M] -- C:\PIX3_GER
[2012.12.02 22:39:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.02 22:39:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.03 19:46:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.08.12 15:32:37 | 000,000,000 | ---D | M] -- C:\temp
[2010.02.24 10:29:34 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.16 18:23:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[1999.08.18 11:44:22 | 000,036,864 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\ABMTSR.EXE
[1999.09.22 11:03:42 | 001,351,680 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\ALBUM.EXE
[1999.08.18 12:01:12 | 000,028,672 | ---- | M] () -- C:\Program Files\callview.exe
[1999.09.15 15:50:18 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\HTMLAST.EXE
[1999.09.22 12:02:20 | 003,170,304 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Iedit.exe
[1999.08.03 13:57:46 | 000,077,824 | ---- | M] (Ulead Systems, Inc) -- C:\Program Files\OLREG.EXE
[1996.08.28 06:48:46 | 000,004,528 | ---- | M] () -- C:\Program Files\SETBROWS.EXE
[1999.08.18 15:37:50 | 000,163,840 | ---- | M] () -- C:\Program Files\wcs.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.10 23:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.10.27 21:32:02 | 000,000,334 | ---- | C] () -- C:\Windows\Tasks\DriverScanner.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.06.04 04:21:19 | 000,413,696 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
< %USERPROFILE%\*.* >
[2012.12.03 19:39:27 | 002,359,296 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT
[2012.12.03 19:39:27 | 000,262,144 | -H-- | M] () -- C:\Users\Besitzer\ntuser.dat.LOG1
[2010.02.24 10:29:35 | 000,000,000 | -H-- | M] () -- C:\Users\Besitzer\ntuser.dat.LOG2
[2012.12.02 23:18:25 | 000,065,536 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.12.02 23:18:25 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.02.24 10:59:18 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.02.24 10:29:36 | 000,000,020 | -HS- | M] () -- C:\Users\Besitzer\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
und das ist der Inhalt von Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 03.12.2012 19:39:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Besitzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 67,04% Memory free
5,71 Gb Paging File | 4,39 Gb Available in Paging File | 76,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 93,14 Gb Free Space | 62,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 94,18 Gb Free Space | 67,62% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {B18C7E67-2B2A-4180-A927-2EEE52EBF624}
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{206CF0D4-4C69-426B-B738-E6ECD66B4C90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2ECBFF5B-AAA8-4E7F-B53D-58ABBA6B8F96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8E556792-F7DD-4986-83DD-F96A6E55592F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F91852BB-200E-4D29-AC06-B0C55B99A88D}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386B83A0-9B1E-45DC-B868-129A02B7E892}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{6E86E32A-14A4-4780-938A-845703DF8FA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7CF60E94-5636-4E14-8BE3-0288993EFCFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{01C0AAB0-61A8-0E74-86C3-2155449E3B25}" = CCC Help English
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{042735EA-E4A4-0C5C-06C1-C60B3A5BAABD}" = Catalyst Control Center Localization Chinese Standard
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0746F744-5C03-0686-7B8F-7D19B0D4AF8C}" = Catalyst Control Center Localization Thai
"{09001F1A-0B74-0589-2766-D3EACC8B33B1}" = Catalyst Control Center Localization Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1204A4B6-C995-D11F-6730-9A8C1546DCA7}" = Catalyst Control Center Localization Swedish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15A034FD-503D-36B0-AA10-B6B8B3E3336B}" = Catalyst Control Center Localization Polish
"{185F0B83-ECE1-5E19-3124-533AA2837E2E}" = Catalyst Control Center Localization Hungarian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}" = Steuer-Sparer 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25DC962F-067C-50E8-7F95-1B0183B18CB7}" = Catalyst Control Center Localization Czech
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27F3E373-93BF-441E-826B-98C33DF309B5}" = AMD USB Audio Driver Filter
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{302033BC-A3A3-87C8-4589-BAD43399177A}" = CCC Help Danish
"{34186664-31AA-0AB1-0058-75EF3ED7F421}" = Catalyst Control Center Localization Finnish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37F846DB-AD84-F4D2-5291-1F59AA721A32}" = ccc-utility
"{38D3A025-CBB0-45A3-CF02-7278DF751DC3}" = ccc-core-static
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3933DDBD-4116-3619-8BCE-A16AA10BA819}" = Catalyst Control Center Graphics Full New
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415EB713-1940-D93B-69E3-002079D027C8}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9AD108-1767-B6F3-2B69-5374AECBF0CE}" = CCC Help Hungarian
"{52619A49-6701-96C0-4D72-7E22D751D01D}" = Skins
"{53D4AE93-BC90-9C4F-5C4F-8FB156742018}" = Catalyst Control Center Localization Greek
"{54932BFD-5D20-876C-78B9-75F0FBBE9F16}" = CCC Help Czech
"{54BB6CC4-CF28-649A-E70D-4B4E5556F19F}" = CCC Help Polish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{58E708F3-8A7D-94F2-A7B2-3D3101BCDD61}" = CCC Help French
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C3588B7-36D1-B024-5015-CAE12B381FDA}" = Catalyst Control Center Localization French
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E5210A0-A73D-4F8D-471B-D13CF8E7BA69}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B52A71-CE53-4EB3-2BBA-CBFA151A11FF}" = CCC Help Japanese
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{67A7D0D8-4853-6024-A9B5-692D3B933840}" = Catalyst Control Center Localization Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737C34C7-D989-86F4-B690-AFCA1277E263}" = CCC Help Russian
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79545CD7-9402-068B-4B8C-0280A24670D5}" = CCC Help Finnish
"{798E43F8-C359-A8E7-C57C-F9B552976A30}" = Catalyst Control Center Localization Russian
"{7CF6AD33-12A4-6F7E-C4F5-40A998D1430E}" = Catalyst Control Center Localization Korean
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.7.0
"{82BC1BC7-8CA3-7391-0A09-FF660A103FB6}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8448D435-7543-411F-A0CC-7AA40D815E8F}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981CC000-690F-D82F-CC71-399B01887C01}" = Catalyst Control Center Graphics Full Existing
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A473F2F2-A42F-65DB-E41D-742877FED1D6}" = ATI Catalyst Install Manager
"{A5EA3702-BDD2-6BFA-2E2E-A84D670E5967}" = CCC Help Italian
"{A91316CE-9ADE-FBD2-E35A-CC4F3D85DE8A}" = Catalyst Control Center Localization Danish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA161C2A-82CC-CF2C-140B-DDC0891F5C5C}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{BB67FE57-CAE4-4013-A0E2-42FFA8F406D1}_is1" = Symbian SMS Manager (Test)
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BED73C02-5A45-6E68-F2C0-BEBA766D17D7}" = CCC Help Thai
"{C0129400-CBF2-3FEF-4CC0-0627A18D0C35}" = CCC Help Chinese Standard
"{C01A0960-C988-B8FD-F3A1-4C09DD8C52BE}" = Catalyst Control Center Localization Japanese
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CDA591C3-01C2-79CF-8AA7-E84AF35A2993}" = CCC Help Dutch
"{CE16F42C-1D4B-5F71-BEC6-A47BE9E49163}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2CF122C-52FB-070C-B970-67D078F96CBD}" = Catalyst Control Center Localization German
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D696B8A1-5293-78CA-AA70-E0F55889818C}" = CCC Help Korean
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEFE394E-DD0A-9C22-D186-9FD336F7F676}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E158ABAD-0978-BDD1-02CD-20B479FCECA8}" = Catalyst Control Center Localization Norwegian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9A63121-373F-2776-C249-6BB4450CDAF1}" = Catalyst Control Center Localization Portuguese
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EEF3EE91-1031-808E-BEAD-B580359CD1F6}" = Catalyst Control Center Graphics Light
"{F011218A-519F-C6B5-A115-87CE7F229C60}" = Catalyst Control Center Graphics Previews Vista
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2956220-816B-52C8-4C20-AD11CDAF1818}" = Catalyst Control Center Localization Spanish
"{F4A08B70-E901-6634-C2AB-B00957BBF829}" = Catalyst Control Center Localization Turkish
"{F4CBAB7B-E2BE-0364-3DC6-20770C3F411B}" = CCC Help German
"{F530F970-8DEB-A422-2B49-4BBD3CEA2A72}" = CCC Help Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F784910A-43D4-A7DB-ACE6-CA909C298671}" = CCC Help Turkish
"{F887F9CA-FB5C-6428-6972-2C2D971F6ED0}" = Catalyst Control Center Core Implementation
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE828082-ADFE-FAAF-A4C7-A67BA898C271}" = CCC Help Norwegian
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allway Sync_is1" = Allway Sync version 11.2.2
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GoldWave v5.25" = GoldWave v5.25
"Image Doctor 2 Demo" = Alien Skin Image Doctor 2 Demo
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IsoBuster_is1" = IsoBuster 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"RocketDock_is1" = RocketDock 1.3.5
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead PhotoImpact 5.0" = Ulead PhotoImpact 5
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Xenofex2Demo" = Alien Skin Xenofex 2 Demo
"xp-AntiSpy" = xp-AntiSpy 3.97-9
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.09.2012 17:11:01 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.09.2012 16:15:46 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 02.10.2012 15:16:02 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.10.2012 13:24:55 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.10.2012 13:51:03 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.10.2012 14:51:45 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 16.10.2012 12:30:58 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.10.2012 13:32:40 | Computer Name = Besitzer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.11.2012 08:19:20 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.11.2012 18:01:13 | Computer Name = Besitzer-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 29.11.2012 15:48:27 | Computer Name = Besitzer-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet
 NIC (NDIS 6.0)" (PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\4&1197300&0&0028)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 02.12.2012 10:56:35 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.12.2012 13:07:54 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.12.2012 13:14:05 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.12.2012 13:19:39 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.12.2012 13:20:02 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.12.2012 13:20:23 | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.12.2012 13:26:48 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.12.2012 17:57:04 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 03.12.2012 13:50:56 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
__________________

Alt 04.12.2012, 16:48   #4
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.12.2012, 19:20   #5
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hallöchen,

das Pogramm hat 5 Threads gefunden. Hier ist das Protocol - das ist sicher das gleiche wie so ein Log

Code:
ATTFilter
19:12:50.0184 6320  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:12:52.0212 6320  ============================================================
19:12:52.0212 6320  Current date / time: 2012/12/04 19:12:52.0212
19:12:52.0212 6320  SystemInfo:
19:12:52.0212 6320  
19:12:52.0212 6320  OS Version: 6.0.6002 ServicePack: 2.0
19:12:52.0212 6320  Product type: Workstation
19:12:52.0212 6320  ComputerName: BESITZER-PC
19:12:52.0212 6320  UserName: Besitzer
19:12:52.0212 6320  Windows directory: C:\Windows
19:12:52.0212 6320  System windows directory: C:\Windows
19:12:52.0212 6320  Processor architecture: Intel x86
19:12:52.0212 6320  Number of processors: 2
19:12:52.0212 6320  Page size: 0x1000
19:12:52.0212 6320  Boot type: Normal boot
19:12:52.0212 6320  ============================================================
19:12:54.0162 6320  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
19:12:54.0162 6320  ============================================================
19:12:54.0162 6320  \Device\Harddisk0\DR0:
19:12:54.0162 6320  MBR partitions:
19:12:54.0162 6320  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12A17000
19:12:54.0178 6320  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13DA0000, BlocksNum 0x1168E000
19:12:54.0178 6320  ============================================================
19:12:54.0225 6320  C: <-> \Device\Harddisk0\DR0\Partition1
19:12:54.0287 6320  D: <-> \Device\Harddisk0\DR0\Partition2
19:12:54.0287 6320  ============================================================
19:12:54.0287 6320  Initialize success
19:12:54.0287 6320  ============================================================
19:13:38.0622 2956  ============================================================
19:13:38.0622 2956  Scan started
19:13:38.0622 2956  Mode: Manual; SigCheck; TDLFS; 
19:13:38.0622 2956  ============================================================
19:13:39.0668 2956  ================ Scan system memory ========================
19:13:39.0668 2956  System memory - ok
19:13:39.0668 2956  ================ Scan services =============================
19:13:39.0839 2956  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\AAVUpdateManager\aavus.exe
19:13:40.0136 2956  AAV UpdateService - ok
19:13:40.0432 2956  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:13:40.0510 2956  ACPI - ok
19:13:40.0572 2956  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:13:40.0650 2956  adp94xx - ok
19:13:40.0713 2956  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:13:40.0775 2956  adpahci - ok
19:13:40.0806 2956  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:13:40.0838 2956  adpu160m - ok
19:13:40.0853 2956  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:13:40.0916 2956  adpu320 - ok
19:13:40.0994 2956  [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService     C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:13:41.0056 2956  ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:13:41.0056 2956  ADSMService - detected UnsignedFile.Multi.Generic (1)
19:13:41.0087 2956  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:13:41.0274 2956  AeLookupSvc - ok
19:13:41.0337 2956  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
19:13:41.0477 2956  AFD - ok
19:13:41.0555 2956  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:13:41.0602 2956  agp440 - ok
19:13:41.0664 2956  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:13:41.0758 2956  aic78xx - ok
19:13:41.0805 2956  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
19:13:42.0039 2956  ALG - ok
19:13:42.0054 2956  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:13:42.0101 2956  aliide - ok
19:13:42.0132 2956  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:13:42.0164 2956  amdagp - ok
19:13:42.0210 2956  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:13:42.0242 2956  amdide - ok
19:13:42.0273 2956  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:13:42.0382 2956  AmdK7 - ok
19:13:42.0429 2956  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:13:42.0538 2956  AmdK8 - ok
19:13:42.0616 2956  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
19:13:42.0694 2956  Appinfo - ok
19:13:42.0756 2956  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
19:13:42.0788 2956  arc - ok
19:13:42.0850 2956  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:13:42.0912 2956  arcsas - ok
19:13:42.0959 2956  [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys
19:13:47.0249 2956  AsDsm - ok
19:13:47.0312 2956  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
19:13:47.0390 2956  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0390 2956  ASLDRService - detected UnsignedFile.Multi.Generic (1)
19:13:47.0468 2956  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
19:13:47.0499 2956  ASMMAP - ok
19:13:47.0546 2956  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:47.0624 2956  AsyncMac - ok
19:13:47.0670 2956  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:13:47.0702 2956  atapi - ok
19:13:47.0795 2956  [ 44362605F5FFF00C9B7696B47680A8C5 ] athr            C:\Windows\system32\DRIVERS\athr.sys
19:13:47.0967 2956  athr - ok
19:13:48.0045 2956  [ 14872220A3642D653E32B2B5480C5928 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:13:48.0201 2956  Ati External Event Utility - ok
19:13:48.0357 2956  [ 5A1E51FF7BA5F23AA4585B25AC0E484D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:48.0716 2956  atikmdag - ok
19:13:48.0747 2956  [ 7A09F261577EEAA5B05EB09DFE31FD0E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:48.0778 2956  AtiPcie - ok
19:13:48.0794 2956  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:13:48.0840 2956  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0840 2956  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:13:48.0918 2956  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:13:49.0012 2956  AudioEndpointBuilder - ok
19:13:49.0043 2956  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:13:49.0106 2956  Audiosrv - ok
19:13:49.0293 2956  [ 855173EFDEAC37BE14527F473CED8F75 ] AVKProxy        C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
19:13:49.0464 2956  AVKProxy - ok
19:13:49.0574 2956  [ 1EC1623D18F51D2DAB1090155456AB3D ] AVKService      C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
19:13:49.0636 2956  AVKService - ok
19:13:49.0636 2956  Scan interrupted by user!
19:13:49.0636 2956  ================ Scan global ===============================
19:13:49.0636 2956  Scan interrupted by user!
19:13:49.0636 2956  ================ Scan MBR ==================================
19:13:49.0636 2956  Scan interrupted by user!
19:13:49.0636 2956  ================ Scan VBR ==================================
19:13:49.0636 2956  Scan interrupted by user!
19:13:49.0636 2956  ============================================================
19:13:49.0636 2956  Scan finished
19:13:49.0636 2956  ============================================================
19:13:49.0667 3596  Detected object count: 3
19:13:49.0667 3596  Actual detected object count: 3
19:14:02.0366 3596  ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:02.0366 3596  ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:02.0381 3596  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:02.0381 3596  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:02.0381 3596  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:02.0381 3596  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:07.0872 5656  ============================================================
19:14:07.0872 5656  Scan started
19:14:07.0872 5656  Mode: Manual; SigCheck; TDLFS; 
19:14:07.0872 5656  ============================================================
19:14:08.0262 5656  ================ Scan system memory ========================
19:14:08.0262 5656  System memory - ok
19:14:08.0262 5656  ================ Scan services =============================
19:14:08.0403 5656  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\AAVUpdateManager\aavus.exe
19:14:08.0450 5656  AAV UpdateService - ok
19:14:08.0652 5656  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:14:08.0715 5656  ACPI - ok
19:14:08.0762 5656  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:14:08.0824 5656  adp94xx - ok
19:14:08.0855 5656  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:14:08.0902 5656  adpahci - ok
19:14:08.0949 5656  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:14:08.0980 5656  adpu160m - ok
19:14:09.0011 5656  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:14:09.0042 5656  adpu320 - ok
19:14:09.0120 5656  [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService     C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:14:09.0136 5656  ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:14:09.0136 5656  ADSMService - detected UnsignedFile.Multi.Generic (1)
19:14:09.0167 5656  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:14:09.0230 5656  AeLookupSvc - ok
19:14:09.0276 5656  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
19:14:09.0323 5656  AFD - ok
19:14:09.0339 5656  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:14:09.0370 5656  agp440 - ok
19:14:09.0432 5656  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:14:09.0479 5656  aic78xx - ok
19:14:09.0510 5656  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
19:14:09.0573 5656  ALG - ok
19:14:09.0604 5656  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:14:09.0635 5656  aliide - ok
19:14:09.0666 5656  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:14:09.0698 5656  amdagp - ok
19:14:09.0744 5656  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:14:09.0776 5656  amdide - ok
19:14:09.0807 5656  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:14:09.0869 5656  AmdK7 - ok
19:14:09.0916 5656  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:14:09.0978 5656  AmdK8 - ok
19:14:10.0025 5656  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
19:14:10.0056 5656  Appinfo - ok
19:14:10.0088 5656  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
19:14:10.0119 5656  arc - ok
19:14:10.0166 5656  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:14:10.0197 5656  arcsas - ok
19:14:10.0244 5656  [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys
19:14:10.0275 5656  AsDsm - ok
19:14:10.0322 5656  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
19:14:10.0337 5656  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
19:14:10.0337 5656  ASLDRService - detected UnsignedFile.Multi.Generic (1)
19:14:10.0384 5656  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
19:14:10.0400 5656  ASMMAP - ok
19:14:10.0446 5656  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:10.0509 5656  AsyncMac - ok
19:14:10.0556 5656  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:14:10.0587 5656  atapi - ok
19:14:10.0649 5656  [ 44362605F5FFF00C9B7696B47680A8C5 ] athr            C:\Windows\system32\DRIVERS\athr.sys
19:14:10.0743 5656  athr - ok
19:14:10.0805 5656  [ 14872220A3642D653E32B2B5480C5928 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:14:10.0883 5656  Ati External Event Utility - ok
19:14:11.0055 5656  [ 5A1E51FF7BA5F23AA4585B25AC0E484D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:11.0289 5656  atikmdag - ok
19:14:11.0336 5656  [ 7A09F261577EEAA5B05EB09DFE31FD0E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
19:14:11.0367 5656  AtiPcie - ok
19:14:11.0398 5656  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:14:11.0414 5656  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:14:11.0414 5656  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:14:11.0460 5656  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:14:11.0523 5656  AudioEndpointBuilder - ok
19:14:11.0570 5656  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:14:11.0632 5656  Audiosrv - ok
19:14:11.0788 5656  [ 855173EFDEAC37BE14527F473CED8F75 ] AVKProxy        C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
19:14:11.0913 5656  AVKProxy - ok
19:14:11.0991 5656  [ 1EC1623D18F51D2DAB1090155456AB3D ] AVKService      C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
19:14:12.0038 5656  AVKService - ok
19:14:12.0147 5656  [ 584E5774B997F362BA2DB4624DC42899 ] AVKWCtl         C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
19:14:12.0287 5656  AVKWCtl - ok
19:14:12.0396 5656  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:14:12.0474 5656  Beep - ok
19:14:12.0552 5656  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
19:14:12.0646 5656  BFE - ok
19:14:12.0724 5656  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
19:14:12.0989 5656  BITS - ok
19:14:13.0036 5656  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:14:13.0130 5656  blbdrive - ok
19:14:13.0176 5656  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:14:13.0254 5656  bowser - ok
19:14:13.0317 5656  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:14:13.0395 5656  BrFiltLo - ok
19:14:13.0426 5656  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:14:13.0504 5656  BrFiltUp - ok
19:14:13.0551 5656  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
19:14:13.0629 5656  Browser - ok
19:14:13.0676 5656  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:14:13.0941 5656  Brserid - ok
19:14:13.0972 5656  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:14:14.0081 5656  BrSerWdm - ok
19:14:14.0112 5656  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:14:14.0253 5656  BrUsbMdm - ok
19:14:14.0268 5656  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:14:14.0393 5656  BrUsbSer - ok
19:14:14.0456 5656  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:14:14.0580 5656  BTHMODEM - ok
19:14:14.0721 5656  [ 09CB316DB9D61ED9FC9A7B07A1A301F6 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:14:14.0799 5656  btwdins - ok
19:14:14.0846 5656  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:14:14.0939 5656  cdfs - ok
19:14:15.0002 5656  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:14:15.0080 5656  cdrom - ok
19:14:15.0142 5656  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:14:15.0329 5656  CertPropSvc - ok
19:14:15.0360 5656  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
19:14:15.0454 5656  circlass - ok
19:14:15.0485 5656  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
19:14:15.0579 5656  CLFS - ok
19:14:15.0688 5656  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:15.0813 5656  clr_optimization_v2.0.50727_32 - ok
19:14:16.0031 5656  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:16.0172 5656  clr_optimization_v4.0.30319_32 - ok
19:14:16.0250 5656  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:14:16.0343 5656  CmBatt - ok
19:14:16.0390 5656  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:14:16.0421 5656  cmdide - ok
19:14:16.0546 5656  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:14:16.0593 5656  Compbatt - ok
19:14:16.0671 5656  COMSysApp - ok
19:14:16.0718 5656  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:14:16.0749 5656  crcdisk - ok
19:14:16.0811 5656  [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER        C:\Windows\system32\DRIVERS\CRFILTER.sys
19:14:16.0905 5656  CRFILTER - ok
19:14:16.0936 5656  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:14:17.0030 5656  Crusoe - ok
19:14:17.0139 5656  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:14:17.0248 5656  CryptSvc - ok
19:14:17.0342 5656  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:14:17.0654 5656  DcomLaunch - ok
19:14:17.0685 5656  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:14:17.0747 5656  DfsC - ok
19:14:17.0888 5656  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
19:14:18.0184 5656  DFSR - ok
19:14:18.0324 5656  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:14:18.0449 5656  Dhcp - ok
19:14:18.0527 5656  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
19:14:18.0574 5656  disk - ok
19:14:18.0652 5656  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:14:18.0761 5656  Dnscache - ok
19:14:18.0824 5656  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:14:18.0933 5656  dot3svc - ok
19:14:18.0995 5656  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
19:14:19.0151 5656  DPS - ok
19:14:19.0229 5656  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:14:19.0292 5656  drmkaud - ok
19:14:19.0401 5656  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:14:19.0572 5656  DXGKrnl - ok
19:14:19.0682 5656  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:14:19.0775 5656  E1G60 - ok
19:14:19.0853 5656  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
19:14:19.0978 5656  EapHost - ok
19:14:20.0103 5656  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:14:20.0150 5656  Ecache - ok
19:14:20.0243 5656  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:14:20.0368 5656  ehRecvr - ok
19:14:20.0399 5656  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
19:14:20.0540 5656  ehSched - ok
19:14:20.0571 5656  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
19:14:20.0602 5656  ehstart - ok
19:14:20.0696 5656  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:14:20.0805 5656  elxstor - ok
19:14:20.0883 5656  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:14:21.0101 5656  EMDMgmt - ok
19:14:21.0132 5656  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:14:21.0226 5656  ErrDev - ok
19:14:21.0288 5656  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
19:14:21.0444 5656  EventSystem - ok
19:14:21.0522 5656  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
19:14:21.0616 5656  exfat - ok
19:14:21.0663 5656  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:14:21.0741 5656  fastfat - ok
19:14:21.0803 5656  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:14:21.0881 5656  fdc - ok
19:14:21.0928 5656  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:14:22.0068 5656  fdPHost - ok
19:14:22.0115 5656  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:14:22.0287 5656  FDResPub - ok
19:14:22.0349 5656  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:14:22.0505 5656  FileInfo - ok
19:14:22.0552 5656  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:14:22.0646 5656  Filetrace - ok
19:14:22.0677 5656  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:14:22.0786 5656  flpydisk - ok
19:14:22.0817 5656  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:14:22.0864 5656  FltMgr - ok
19:14:23.0020 5656  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
19:14:23.0223 5656  FontCache - ok
19:14:23.0316 5656  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:14:23.0379 5656  FontCache3.0.0.0 - ok
19:14:23.0488 5656  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:14:23.0550 5656  Fs_Rec - ok
19:14:23.0628 5656  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:14:23.0691 5656  gagp30kx - ok
19:14:23.0753 5656  [ 68BE63BE7F9C96059E39660C657C9364 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
19:14:23.0862 5656  GDBehave - ok
19:14:23.0972 5656  [ FC08F64E60E09430A9213267EE2B7123 ] GDFwSvc         C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
19:14:24.0159 5656  GDFwSvc - ok
19:14:24.0268 5656  [ AA7C179522BA2913054F6E1E217511C2 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
19:14:24.0315 5656  GDMnIcpt - ok
19:14:24.0377 5656  [ 4170EB2A2ACCA7AC7A525399E781D40E ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
19:14:24.0424 5656  GDPkIcpt - ok
19:14:24.0455 5656  [ 4E39778E0E3A90D4BB90D607578BB6BD ] GDScan          C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
19:14:24.0518 5656  GDScan - ok
19:14:24.0549 5656  [ C334BFE7D1F081B0FCCF35B0868701E7 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd32.sys
19:14:24.0596 5656  gdwfpcd - ok
19:14:24.0658 5656  [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
19:14:24.0689 5656  GearAspiWDM - ok
19:14:24.0752 5656  [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio           C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
19:14:24.0783 5656  ghaio - ok
19:14:24.0876 5656  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:14:25.0048 5656  gpsvc - ok
19:14:25.0126 5656  [ 8EB5731238C4A4007FFB63A0BB1BC7DA ] GRD             C:\Windows\system32\drivers\GRD.sys
19:14:25.0157 5656  GRD - ok
19:14:25.0235 5656  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:14:25.0391 5656  HdAudAddService - ok
19:14:25.0469 5656  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:14:25.0610 5656  HDAudBus - ok
19:14:25.0625 5656  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:14:25.0750 5656  HidBth - ok
19:14:25.0797 5656  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:14:25.0922 5656  HidIr - ok
19:14:25.0984 5656  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
19:14:26.0109 5656  hidserv - ok
19:14:26.0140 5656  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:14:26.0202 5656  HidUsb - ok
19:14:26.0234 5656  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:14:26.0421 5656  hkmsvc - ok
19:14:26.0468 5656  [ 2AE66B3C0B9000918C97A14EB5D6D6EF ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
19:14:26.0499 5656  HookCentre - ok
19:14:26.0546 5656  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:14:26.0592 5656  HpCISSs - ok
19:14:26.0655 5656  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:14:26.0748 5656  HTTP - ok
19:14:26.0764 5656  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:14:26.0811 5656  i2omp - ok
19:14:26.0858 5656  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:26.0920 5656  i8042prt - ok
19:14:26.0951 5656  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:14:27.0029 5656  iaStorV - ok
19:14:27.0185 5656  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:14:27.0341 5656  idsvc - ok
19:14:27.0388 5656  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:14:27.0435 5656  iirsp - ok
19:14:27.0497 5656  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:14:27.0653 5656  IKEEXT - ok
19:14:27.0778 5656  [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:14:28.0012 5656  IntcAzAudAddService - ok
19:14:28.0090 5656  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:14:28.0137 5656  intelide - ok
19:14:28.0215 5656  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:14:28.0308 5656  intelppm - ok
19:14:28.0355 5656  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:14:28.0527 5656  IPBusEnum - ok
19:14:28.0542 5656  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:14:28.0636 5656  IpFilterDriver - ok
19:14:28.0730 5656  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:14:28.0854 5656  iphlpsvc - ok
19:14:28.0870 5656  IpInIp - ok
19:14:28.0917 5656  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:14:29.0010 5656  IPMIDRV - ok
19:14:29.0042 5656  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:14:29.0135 5656  IPNAT - ok
19:14:29.0151 5656  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:14:29.0260 5656  IRENUM - ok
19:14:29.0276 5656  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:14:29.0322 5656  isapnp - ok
19:14:29.0369 5656  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:14:29.0447 5656  iScsiPrt - ok
19:14:29.0463 5656  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:14:29.0510 5656  iteatapi - ok
19:14:29.0541 5656  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:14:29.0572 5656  iteraid - ok
19:14:29.0603 5656  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:14:29.0650 5656  kbdclass - ok
19:14:29.0666 5656  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:14:29.0744 5656  kbdhid - ok
19:14:29.0775 5656  [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
19:14:29.0806 5656  kbfiltr - ok
19:14:29.0837 5656  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
19:14:29.0993 5656  KeyIso - ok
19:14:30.0040 5656  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:14:30.0149 5656  KSecDD - ok
19:14:30.0212 5656  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:14:30.0414 5656  KtmRm - ok
19:14:30.0461 5656  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:14:30.0742 5656  LanmanServer - ok
19:14:30.0789 5656  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:14:31.0116 5656  LanmanWorkstation - ok
19:14:31.0163 5656  [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:14:31.0210 5656  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:14:31.0210 5656  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:14:31.0272 5656  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:14:31.0366 5656  lltdio - ok
19:14:31.0444 5656  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:14:31.0631 5656  lltdsvc - ok
19:14:31.0662 5656  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:14:31.0881 5656  lmhosts - ok
19:14:31.0974 5656  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:14:32.0021 5656  LSI_FC - ok
19:14:32.0052 5656  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:14:32.0099 5656  LSI_SAS - ok
19:14:32.0146 5656  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:14:32.0193 5656  LSI_SCSI - ok
19:14:32.0240 5656  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
19:14:32.0318 5656  luafv - ok
19:14:32.0333 5656  [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
19:14:32.0380 5656  lullaby - ok
19:14:32.0411 5656  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:14:32.0536 5656  Mcx2Svc - ok
19:14:32.0567 5656  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:14:32.0614 5656  megasas - ok
19:14:32.0645 5656  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
19:14:32.0723 5656  MegaSR - ok
19:14:32.0754 5656  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
19:14:32.0910 5656  MMCSS - ok
19:14:32.0988 5656  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
19:14:33.0082 5656  Modem - ok
19:14:33.0129 5656  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
19:14:33.0238 5656  MODEMCSA - ok
19:14:33.0285 5656  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:14:33.0363 5656  monitor - ok
19:14:33.0394 5656  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:14:33.0425 5656  mouclass - ok
19:14:33.0456 5656  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:14:33.0550 5656  mouhid - ok
19:14:33.0581 5656  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:14:33.0628 5656  MountMgr - ok
19:14:33.0690 5656  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:14:33.0737 5656  MozillaMaintenance - ok
19:14:33.0784 5656  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:14:33.0831 5656  mpio - ok
19:14:33.0878 5656  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:14:33.0956 5656  mpsdrv - ok
19:14:34.0018 5656  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:14:34.0236 5656  MpsSvc - ok
19:14:34.0299 5656  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:14:34.0346 5656  Mraid35x - ok
19:14:34.0392 5656  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:14:34.0486 5656  MRxDAV - ok
19:14:34.0548 5656  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:34.0611 5656  mrxsmb - ok
19:14:34.0673 5656  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:34.0736 5656  mrxsmb10 - ok
19:14:34.0767 5656  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:34.0845 5656  mrxsmb20 - ok
19:14:34.0892 5656  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:14:34.0938 5656  msahci - ok
19:14:34.0970 5656  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:14:35.0016 5656  msdsm - ok
19:14:35.0063 5656  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
19:14:35.0235 5656  MSDTC - ok
19:14:35.0266 5656  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:14:35.0360 5656  Msfs - ok
19:14:35.0375 5656  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:14:35.0422 5656  msisadrv - ok
19:14:35.0469 5656  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:14:35.0625 5656  MSiSCSI - ok
19:14:35.0640 5656  msiserver - ok
19:14:35.0687 5656  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:14:35.0765 5656  MSKSSRV - ok
19:14:35.0796 5656  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:35.0890 5656  MSPCLOCK - ok
19:14:35.0906 5656  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:14:35.0999 5656  MSPQM - ok
19:14:36.0046 5656  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:14:36.0093 5656  MsRPC - ok
19:14:36.0124 5656  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:14:36.0171 5656  mssmbios - ok
19:14:36.0186 5656  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:14:36.0296 5656  MSTEE - ok
19:14:36.0342 5656  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
19:14:36.0389 5656  MTsensor - ok
19:14:36.0420 5656  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
19:14:36.0467 5656  Mup - ok
19:14:36.0514 5656  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
19:14:36.0732 5656  napagent - ok
19:14:36.0779 5656  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:14:36.0857 5656  NativeWifiP - ok
19:14:36.0935 5656  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:14:37.0029 5656  NDIS - ok
19:14:37.0076 5656  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:37.0154 5656  NdisTapi - ok
19:14:37.0169 5656  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:37.0263 5656  Ndisuio - ok
19:14:37.0310 5656  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:37.0388 5656  NdisWan - ok
19:14:37.0434 5656  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:14:37.0512 5656  NDProxy - ok
19:14:37.0528 5656  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:14:37.0622 5656  NetBIOS - ok
19:14:37.0668 5656  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:14:37.0731 5656  netbt - ok
19:14:37.0778 5656  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
19:14:37.0902 5656  Netlogon - ok
19:14:37.0965 5656  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
19:14:38.0168 5656  Netman - ok
19:14:38.0214 5656  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
19:14:38.0417 5656  netprofm - ok
19:14:38.0464 5656  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:38.0495 5656  NetTcpPortSharing - ok
19:14:38.0542 5656  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:14:38.0589 5656  nfrd960 - ok
19:14:38.0636 5656  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:14:38.0838 5656  NlaSvc - ok
19:14:38.0916 5656  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\Windows\system32\drivers\npf.sys
19:14:38.0963 5656  NPF - ok
19:14:38.0994 5656  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:14:39.0072 5656  Npfs - ok
19:14:39.0104 5656  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
19:14:39.0306 5656  nsi - ok
19:14:39.0353 5656  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:14:39.0431 5656  nsiproxy - ok
19:14:39.0540 5656  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:14:39.0759 5656  Ntfs - ok
19:14:39.0806 5656  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:14:39.0946 5656  ntrigdigi - ok
19:14:39.0962 5656  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
19:14:40.0040 5656  Null - ok
19:14:40.0086 5656  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:14:40.0149 5656  nvraid - ok
19:14:40.0164 5656  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:14:40.0211 5656  nvstor - ok
19:14:40.0289 5656  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:14:40.0336 5656  nv_agp - ok
19:14:40.0367 5656  NwlnkFlt - ok
19:14:40.0383 5656  NwlnkFwd - ok
19:14:40.0414 5656  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:14:40.0508 5656  ohci1394 - ok
19:14:40.0664 5656  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
19:14:40.0679 5656  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
19:14:40.0679 5656  OMSI download service - detected UnsignedFile.Multi.Generic (1)
19:14:40.0773 5656  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:40.0820 5656  ose - ok
19:14:40.0882 5656  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:14:41.0132 5656  p2pimsvc - ok
19:14:41.0194 5656  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:14:41.0397 5656  p2psvc - ok
19:14:41.0459 5656  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
19:14:41.0600 5656  Parport - ok
19:14:41.0709 5656  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:14:41.0756 5656  partmgr - ok
19:14:41.0787 5656  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:14:41.0896 5656  Parvdm - ok
19:14:41.0943 5656  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:14:42.0161 5656  PcaSvc - ok
19:14:42.0224 5656  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
19:14:42.0286 5656  pci - ok
19:14:42.0317 5656  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
19:14:42.0364 5656  pciide - ok
19:14:42.0395 5656  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:14:42.0458 5656  pcmcia - ok
19:14:42.0520 5656  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:14:42.0738 5656  PEAUTH - ok
19:14:42.0863 5656  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
19:14:43.0175 5656  pla - ok
19:14:43.0222 5656  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:14:43.0472 5656  PlugPlay - ok
19:14:43.0534 5656  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:14:43.0706 5656  PNRPAutoReg - ok
19:14:43.0768 5656  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:14:43.0940 5656  PNRPsvc - ok
19:14:44.0018 5656  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:14:44.0158 5656  PolicyAgent - ok
19:14:44.0220 5656  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:14:44.0298 5656  PptpMiniport - ok
19:14:44.0345 5656  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:14:44.0423 5656  Processor - ok
19:14:44.0470 5656  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:14:44.0673 5656  ProfSvc - ok
19:14:44.0704 5656  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:14:44.0829 5656  ProtectedStorage - ok
19:14:44.0860 5656  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:14:44.0922 5656  PSched - ok
19:14:45.0016 5656  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:14:45.0188 5656  ql2300 - ok
19:14:45.0219 5656  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:14:45.0266 5656  ql40xx - ok
19:14:45.0328 5656  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
19:14:45.0531 5656  QWAVE - ok
19:14:45.0562 5656  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:14:45.0624 5656  QWAVEdrv - ok
19:14:45.0656 5656  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:14:45.0749 5656  RasAcd - ok
19:14:45.0780 5656  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
19:14:46.0046 5656  RasAuto - ok
19:14:46.0108 5656  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:46.0202 5656  Rasl2tp - ok
19:14:46.0233 5656  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
19:14:46.0451 5656  RasMan - ok
19:14:46.0498 5656  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:46.0560 5656  RasPppoe - ok
19:14:46.0607 5656  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:14:46.0670 5656  RasSstp - ok
19:14:46.0716 5656  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:14:46.0794 5656  rdbss - ok
19:14:46.0841 5656  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:46.0935 5656  RDPCDD - ok
19:14:46.0997 5656  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:14:47.0075 5656  rdpdr - ok
19:14:47.0091 5656  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:14:47.0184 5656  RDPENCDD - ok
19:14:47.0262 5656  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:14:47.0356 5656  RDPWD - ok
19:14:47.0434 5656  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:14:47.0606 5656  RemoteAccess - ok
19:14:47.0652 5656  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:14:47.0902 5656  RemoteRegistry - ok
19:14:48.0011 5656  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
19:14:48.0058 5656  rpcapd - ok
19:14:48.0105 5656  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
19:14:48.0261 5656  RpcLocator - ok
19:14:48.0308 5656  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
19:14:48.0542 5656  RpcSs - ok
19:14:48.0588 5656  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:14:48.0682 5656  rspndr - ok
19:14:48.0760 5656  [ 2FC33077F85D7DC0D03678C06D43898C ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
19:14:48.0885 5656  RTL8169 - ok
19:14:48.0916 5656  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
19:14:49.0025 5656  SamSs - ok
19:14:49.0072 5656  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:14:49.0134 5656  sbp2port - ok
19:14:49.0181 5656  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:14:49.0368 5656  SCardSvr - ok
19:14:49.0446 5656  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
19:14:49.0680 5656  Schedule - ok
19:14:49.0712 5656  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:14:49.0774 5656  SCPolicySvc - ok
19:14:49.0821 5656  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:14:49.0914 5656  sdbus - ok
19:14:49.0961 5656  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:14:50.0164 5656  SDRSVC - ok
19:14:50.0195 5656  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:14:50.0320 5656  secdrv - ok
19:14:50.0336 5656  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
19:14:50.0554 5656  seclogon - ok
19:14:50.0585 5656  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
19:14:50.0819 5656  SENS - ok
19:14:50.0866 5656  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:14:50.0991 5656  Serenum - ok
19:14:51.0022 5656  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
19:14:51.0178 5656  Serial - ok
19:14:51.0194 5656  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:14:51.0272 5656  sermouse - ok
19:14:51.0334 5656  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:14:51.0568 5656  SessionEnv - ok
19:14:51.0599 5656  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:14:51.0693 5656  sffdisk - ok
19:14:51.0708 5656  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:14:51.0786 5656  sffp_mmc - ok
19:14:51.0818 5656  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:14:51.0896 5656  sffp_sd - ok
19:14:51.0927 5656  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:14:52.0005 5656  sfloppy - ok
19:14:52.0067 5656  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:14:52.0254 5656  SharedAccess - ok
19:14:52.0301 5656  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:14:52.0535 5656  ShellHWDetection - ok
19:14:52.0598 5656  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:14:52.0644 5656  sisagp - ok
19:14:52.0676 5656  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:14:52.0722 5656  SiSRaid2 - ok
19:14:52.0769 5656  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:14:52.0816 5656  SiSRaid4 - ok
19:14:52.0863 5656  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:14:52.0894 5656  SkypeUpdate - ok
19:14:53.0081 5656  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
19:14:53.0549 5656  slsvc - ok
19:14:53.0612 5656  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:14:53.0861 5656  SLUINotify - ok
19:14:53.0892 5656  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:14:53.0986 5656  Smb - ok
19:14:54.0095 5656  [ 09CBB7A04C5D6E9FE876BA5D97EB873D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
19:14:54.0267 5656  smserial - ok
19:14:54.0314 5656  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:14:54.0501 5656  SNMPTRAP - ok
19:14:54.0672 5656  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:14:54.0719 5656  Sony Ericsson PCCompanion - ok
19:14:54.0750 5656  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
19:14:54.0797 5656  spldr - ok
19:14:54.0860 5656  [ 739DB668DBD812285ECC553E64A5E212 ] spmgr           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
19:14:54.0906 5656  spmgr - ok
19:14:54.0938 5656  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
19:14:55.0172 5656  Spooler - ok
19:14:55.0250 5656  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:14:55.0343 5656  srv - ok
19:14:55.0390 5656  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:14:55.0452 5656  srv2 - ok
19:14:55.0499 5656  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:14:55.0562 5656  srvnet - ok
19:14:55.0593 5656  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:14:57.0356 5656  SSDPSRV - ok
19:14:57.0449 5656  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:14:57.0714 5656  SstpSvc - ok
19:14:57.0808 5656  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
19:14:58.0151 5656  stisvc - ok
19:14:58.0198 5656  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:14:58.0292 5656  swenum - ok
19:14:58.0354 5656  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
19:14:58.0744 5656  swprv - ok
19:14:58.0791 5656  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:14:58.0916 5656  Symc8xx - ok
19:14:58.0978 5656  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:14:59.0025 5656  Sym_hi - ok
19:14:59.0118 5656  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:14:59.0150 5656  Sym_u3 - ok
19:14:59.0228 5656  [ 55F6E55CC2430CA8713387106FA79817 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:14:59.0337 5656  SynTP - ok
19:14:59.0446 5656  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
19:14:59.0914 5656  SysMain - ok
19:14:59.0945 5656  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:15:00.0242 5656  TabletInputService - ok
19:15:00.0335 5656  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:15:00.0725 5656  TapiSrv - ok
19:15:00.0741 5656  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
19:15:01.0068 5656  TBS - ok
19:15:01.0146 5656  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:15:01.0302 5656  Tcpip - ok
19:15:01.0365 5656  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:15:01.0474 5656  Tcpip6 - ok
19:15:01.0521 5656  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:15:01.0677 5656  tcpipreg - ok
19:15:01.0739 5656  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:15:01.0864 5656  TDPIPE - ok
19:15:01.0911 5656  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:15:02.0036 5656  TDTCP - ok
19:15:02.0067 5656  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:15:02.0160 5656  tdx - ok
19:15:02.0207 5656  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:15:02.0285 5656  TermDD - ok
19:15:02.0316 5656  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
19:15:02.0597 5656  TermService - ok
19:15:02.0660 5656  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
19:15:02.0862 5656  Themes - ok
19:15:02.0925 5656  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:15:03.0081 5656  THREADORDER - ok
19:15:03.0128 5656  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
19:15:03.0393 5656  TrkWks - ok
19:15:03.0440 5656  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:15:03.0502 5656  TrustedInstaller - ok
19:15:03.0549 5656  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:15:03.0627 5656  tssecsrv - ok
19:15:03.0689 5656  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:15:03.0736 5656  tunmp - ok
19:15:03.0814 5656  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:15:03.0876 5656  tunnel - ok
19:15:03.0908 5656  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:15:03.0954 5656  uagp35 - ok
19:15:03.0986 5656  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:15:04.0079 5656  udfs - ok
19:15:04.0126 5656  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:15:04.0376 5656  UI0Detect - ok
19:15:04.0391 5656  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:15:04.0454 5656  uliagpkx - ok
19:15:04.0485 5656  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:15:04.0547 5656  uliahci - ok
19:15:04.0578 5656  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:15:04.0656 5656  UlSata - ok
19:15:04.0703 5656  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:15:04.0766 5656  ulsata2 - ok
19:15:04.0797 5656  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:15:04.0890 5656  umbus - ok
19:15:04.0922 5656  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
19:15:05.0187 5656  upnphost - ok
19:15:05.0249 5656  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:15:05.0327 5656  usbaudio - ok
19:15:05.0343 5656  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:15:05.0421 5656  usbccgp - ok
19:15:05.0421 5656  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:15:05.0561 5656  usbcir - ok
19:15:05.0717 5656  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:15:05.0780 5656  usbehci - ok
19:15:05.0811 5656  [ 80CFE695C3A32E846D3E79694AC528D1 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
19:15:05.0858 5656  usbfilter - ok
19:15:05.0904 5656  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:15:05.0982 5656  usbhub - ok
19:15:05.0998 5656  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:15:06.0060 5656  usbohci - ok
19:15:06.0092 5656  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:15:06.0216 5656  usbprint - ok
19:15:06.0263 5656  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
19:15:06.0326 5656  usbser - ok
19:15:06.0388 5656  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:15:06.0466 5656  USBSTOR - ok
19:15:06.0497 5656  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:15:06.0575 5656  usbuhci - ok
19:15:06.0716 5656  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:15:06.0809 5656  usbvideo - ok
19:15:06.0856 5656  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
19:15:07.0074 5656  UxSms - ok
19:15:07.0121 5656  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
19:15:07.0402 5656  vds - ok
19:15:07.0433 5656  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:15:07.0527 5656  vga - ok
19:15:07.0542 5656  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:15:07.0620 5656  VgaSave - ok
19:15:07.0636 5656  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:15:07.0698 5656  viaagp - ok
19:15:07.0730 5656  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:15:07.0808 5656  ViaC7 - ok
19:15:07.0839 5656  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
19:15:07.0886 5656  viaide - ok
19:15:07.0932 5656  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:15:07.0979 5656  volmgr - ok
19:15:08.0026 5656  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:15:08.0104 5656  volmgrx - ok
19:15:08.0120 5656  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:15:08.0182 5656  volsnap - ok
19:15:08.0213 5656  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:15:08.0276 5656  vsmraid - ok
19:15:08.0338 5656  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
19:15:08.0650 5656  VSS - ok
19:15:08.0712 5656  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
19:15:08.0962 5656  W32Time - ok
19:15:08.0993 5656  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:15:09.0102 5656  WacomPen - ok
19:15:09.0149 5656  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:15:09.0243 5656  Wanarp - ok
19:15:09.0258 5656  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:15:09.0352 5656  Wanarpv6 - ok
19:15:09.0383 5656  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:15:09.0680 5656  wcncsvc - ok
19:15:09.0726 5656  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:15:09.0976 5656  WcsPlugInService - ok
19:15:10.0023 5656  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
19:15:10.0070 5656  Wd - ok
19:15:10.0116 5656  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:15:10.0272 5656  Wdf01000 - ok
19:15:10.0304 5656  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:15:10.0553 5656  WdiServiceHost - ok
19:15:10.0584 5656  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:15:10.0850 5656  WdiSystemHost - ok
19:15:10.0974 5656  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
19:15:11.0177 5656  WebClient - ok
19:15:11.0240 5656  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:15:11.0489 5656  Wecsvc - ok
19:15:11.0552 5656  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:15:11.0770 5656  wercplsupport - ok
19:15:11.0817 5656  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:15:12.0066 5656  WerSvc - ok
19:15:12.0129 5656  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:15:12.0191 5656  WinDefend - ok
19:15:12.0222 5656  WinHttpAutoProxySvc - ok
19:15:12.0300 5656  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:15:12.0597 5656  Winmgmt - ok
19:15:12.0753 5656  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:15:13.0127 5656  WinRM - ok
19:15:13.0221 5656  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:15:13.0502 5656  Wlansvc - ok
19:15:13.0626 5656  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:15:13.0814 5656  wlidsvc - ok
19:15:13.0876 5656  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:15:13.0938 5656  WmiAcpi - ok
19:15:13.0985 5656  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:15:14.0079 5656  wmiApSrv - ok
19:15:14.0188 5656  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:15:14.0328 5656  WMPNetworkSvc - ok
19:15:14.0344 5656  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:15:14.0578 5656  WPCSvc - ok
19:15:14.0640 5656  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:15:14.0890 5656  WPDBusEnum - ok
19:15:14.0952 5656  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:15:14.0999 5656  WpdUsb - ok
19:15:15.0218 5656  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:15:15.0327 5656  WPFFontCache_v0400 - ok
19:15:15.0374 5656  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:15:15.0467 5656  ws2ifsl - ok
19:15:15.0514 5656  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
19:15:15.0732 5656  wscsvc - ok
19:15:15.0748 5656  WSearch - ok
19:15:15.0888 5656  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:15:16.0263 5656  wuauserv - ok
19:15:16.0310 5656  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:15:16.0434 5656  WUDFRd - ok
19:15:16.0481 5656  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:15:16.0793 5656  wudfsvc - ok
19:15:16.0840 5656  [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
19:15:17.0012 5656  yukonwlh - ok
19:15:17.0027 5656  ================ Scan global ===============================
19:15:17.0090 5656  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:15:17.0199 5656  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:15:17.0480 5656  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:15:17.0745 5656  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:15:17.0916 5656  [Global] - ok
19:15:17.0916 5656  ================ Scan MBR ==================================
19:15:17.0948 5656  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
19:15:18.0618 5656  \Device\Harddisk0\DR0 - ok
19:15:18.0618 5656  ================ Scan VBR ==================================
19:15:18.0681 5656  [ A7A971148C43542CBCA4112CE13AA7C7 ] \Device\Harddisk0\DR0\Partition1
19:15:18.0681 5656  \Device\Harddisk0\DR0\Partition1 - ok
19:15:18.0712 5656  [ 8096D4F3762CEE3D0EEC13F93DE80056 ] \Device\Harddisk0\DR0\Partition2
19:15:18.0712 5656  \Device\Harddisk0\DR0\Partition2 - ok
19:15:18.0728 5656  ============================================================
19:15:18.0728 5656  Scan finished
19:15:18.0728 5656  ============================================================
19:15:18.0759 6708  Detected object count: 5
19:15:18.0759 6708  Actual detected object count: 5
19:17:22.0098 6708  ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708  ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:22.0098 6708  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:22.0098 6708  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:22.0098 6708  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:17:22.0098 6708  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:22.0098 6708  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 04.12.2012, 19:24   #6
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Bundespolizei-Virus/Trojaner

Alt 05.12.2012, 18:20   #7
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hi,

hier der Inhalt der Log-Datei

Code:
ATTFilter
ComboFix 12-12-04.01 - Besitzer 05.12.2012  17:50:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2814.1853 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\0tbpw.pad
c:\programdata\hpeBA0D.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-05 bis 2012-12-05  ))))))))))))))))))))))))))))))
.
.
2012-12-05 17:08 . 2012-12-05 17:10	--------	d-----w-	c:\users\Besitzer\AppData\Local\temp
2012-12-05 17:08 . 2012-12-05 17:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-04 17:58 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA533D26-D544-4163-BF8D-683ADE148AF9}\mpengine.dll
2012-12-02 17:42 . 2012-12-02 17:42	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\Malwarebytes
2012-12-02 17:41 . 2012-12-02 17:41	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-02 17:41 . 2012-12-02 17:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-02 17:41 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-16 17:24 . 2012-11-16 17:24	--------	d-----w-	c:\program files\WinPcap
2012-11-16 17:23 . 2012-11-16 18:11	--------	d-----w-	c:\program files\Cain
2012-11-16 16:43 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 16:43 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 21:53 . 2010-02-24 09:29	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-09-13 13:28 . 2012-10-09 17:55	2048	----a-w-	c:\windows\system32\tzres.dll
1999-09-23 14:20 . 2010-03-01 20:02	53248	----a-w-	c:\program files\U32CFG.DLL
1999-09-22 18:31 . 2010-03-01 20:02	200704	----a-w-	c:\program files\ss3base.dll
1999-09-22 16:31 . 2010-03-01 19:58	503808	----a-w-	c:\program files\IERC.DLL
1999-09-22 11:02 . 2010-03-01 19:58	3170304	----a-w-	c:\program files\Iedit.exe
1999-09-22 10:48 . 2010-03-01 20:02	32768	----a-w-	c:\program files\uwUpdate.dll
1999-09-22 10:03 . 2010-03-01 19:59	1351680	----a-w-	c:\program files\ALBUM.EXE
1999-09-20 17:32 . 2010-03-01 20:02	159744	----a-w-	c:\program files\UFCPNTBS.dll
1999-09-19 15:10 . 2010-03-01 20:02	110592	----a-w-	c:\program files\u32File.dll
1999-09-15 19:27 . 2010-03-01 20:02	172032	----a-w-	c:\program files\wcsPage.dll
1999-09-15 14:50 . 2010-03-01 20:02	61440	----a-w-	c:\program files\HTMLAST.EXE
1999-09-14 17:16 . 2010-03-01 20:02	40960	----a-w-	c:\program files\UFCPNMGR.dll
1999-09-10 15:03 . 2010-03-01 20:02	77824	----a-w-	c:\program files\wWebComp.dll
1999-09-09 17:24 . 2010-03-01 20:02	102400	----a-w-	c:\program files\uRender.dll
1999-09-07 10:00 . 2010-03-01 20:02	98304	----a-w-	c:\program files\u32Comm.dll
1999-09-06 16:34 . 2010-03-01 20:02	65536	----a-w-	c:\program files\uvofn.dll
1999-09-06 15:58 . 2010-03-01 20:02	167936	----a-w-	c:\program files\u32Prod.dll
1999-09-02 16:32 . 2010-03-01 20:02	53248	----a-w-	c:\program files\wBBarCom.dll
1999-09-02 10:54 . 2010-03-01 20:02	110592	----a-w-	c:\program files\u32Clips.dll
1999-09-01 13:21 . 2010-03-01 20:02	45056	----a-w-	c:\program files\USSGifsa.dll
1999-08-27 15:20 . 2010-03-01 20:02	53248	----a-w-	c:\program files\UFCCOMM.dll
1999-08-18 14:37 . 2010-03-01 20:02	163840	----a-w-	c:\program files\wcs.exe
1999-08-18 14:10 . 2010-03-01 20:02	53248	----a-w-	c:\program files\UFCPNTBP.dll
1999-08-18 13:37 . 2010-03-01 20:02	40960	----a-w-	c:\program files\u32lfile.dll
1999-08-18 13:32 . 2010-03-01 20:02	65536	----a-w-	c:\program files\ScPost.dll
1999-08-18 13:31 . 2010-03-01 20:02	45056	----a-w-	c:\program files\SCap.dll
1999-08-18 13:30 . 2010-03-01 20:02	73728	----a-w-	c:\program files\PopView.dll
1999-08-18 13:04 . 2010-03-01 20:02	32768	----a-w-	c:\program files\u32Misc.dll
1999-08-18 11:15 . 2010-03-01 20:02	225280	----a-w-	c:\program files\u32Fido.dll
1999-08-18 11:06 . 2010-03-01 20:02	45056	----a-w-	c:\program files\u32Brows.dll
1999-08-18 11:05 . 2010-03-01 20:02	163840	----a-w-	c:\program files\u32Afm.dll
1999-08-18 11:04 . 2010-03-01 20:02	32768	----a-w-	c:\program files\scanres.dll
1999-08-18 11:01 . 2010-03-01 20:02	28672	----a-w-	c:\program files\callview.exe
1999-08-18 10:44 . 2010-03-01 19:59	36864	----a-w-	c:\program files\ABMTSR.EXE
1999-08-03 12:57 . 2010-03-01 20:02	77824	----a-w-	c:\program files\OLREG.EXE
1999-07-30 15:37 . 2010-03-01 20:02	57344	----a-w-	c:\program files\wJavaCom.dll
1999-07-30 15:37 . 2010-03-01 20:02	36864	----a-w-	c:\program files\wpe.dll
1999-07-30 15:36 . 2010-03-01 20:02	40960	----a-w-	c:\program files\wImgFile.dll
1999-07-30 15:36 . 2010-03-01 20:02	40960	----a-w-	c:\program files\wcsTL.dll
1999-07-30 15:36 . 2010-03-01 20:02	57344	----a-w-	c:\program files\wButnCom.dll
1999-07-30 15:35 . 2010-03-01 20:02	24576	----a-w-	c:\program files\wcsRWUFO.dll
1999-07-30 15:34 . 2010-03-01 20:02	147456	----a-w-	c:\program files\UpiCtrl.dll
1999-07-28 18:00 . 2010-03-01 20:02	28672	----a-w-	c:\program files\ucimg.dll
1999-07-28 18:00 . 2010-03-01 20:02	32768	----a-w-	c:\program files\UFCSTATU.dll
1999-07-28 17:59 . 2010-03-01 20:02	24576	----a-w-	c:\program files\UFCDLGBR.dll
1999-07-28 17:59 . 2010-03-01 20:02	36864	----a-w-	c:\program files\UFCCOLOR.dll
1999-07-28 17:59 . 2010-03-01 20:02	32768	----a-w-	c:\program files\UFCCNBTN.dll
1999-07-28 17:58 . 2010-03-01 20:02	32768	----a-w-	c:\program files\UFCBUF.dll
1999-07-28 17:07 . 2010-03-01 20:02	98304	----a-w-	c:\program files\UL3DUI32.DLL
1999-07-28 16:59 . 2010-03-01 20:02	57344	----a-w-	c:\program files\u32Scan.dll
1999-07-28 16:51 . 2010-03-01 20:02	225280	----a-w-	c:\program files\u32Base.dll
1996-09-10 05:33 . 2010-03-01 20:02	48640	----a-w-	c:\program files\INETWH32.DLL
1996-08-28 05:48 . 2010-03-01 20:02	4528	----a-w-	c:\program files\SETBROWS.EXE
1996-08-26 21:48 . 2010-03-01 20:02	9136	----a-w-	c:\program files\INETWH16.DLL
1995-12-12 03:24 . 2010-03-01 20:02	23644	----a-w-	c:\program files\U16APS.DLL
1995-07-30 08:45 . 2010-03-01 20:02	6144	----a-w-	c:\program files\UTHMIO16.DLL
2012-11-04 18:11 . 2012-11-04 18:11	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-05-20 1540616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-08-12 15:00	47672	----a-w-	c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50	1144104	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-05-16 09:22	338296	----a-w-	c:\program files\Uniblue\DriverScanner\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-18 00:59	2289664	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-10-11 10:03	220744	----a-w-	c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 10:41	433360	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08	95504	----a-w-	c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-05 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-10-27 09:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\kf4lmb8c.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-02-28 11:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Ulead PhotoImpact 5.0 - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-05 18:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-12-05  18:14:25
ComboFix-quarantined-files.txt  2012-12-05 17:14
.
Vor Suchlauf: 8 Verzeichnis(se), 101.165.850.624 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 102.046.441.472 Bytes frei
.
- - End Of File - - 2B80066D5763D6C28F5B4E1F10091801
         

Alt 06.12.2012, 16:39   #8
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 19:58   #9
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Guten Abend

Code:
ATTFilter
AAVUpdateManager	Wolters Kluwer Deutschland GmbH	13.08.2012	32,0MB	18.00.0000 - unbekannt
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	30.01.2012		10.3.183.11 - notwendig
Adobe Flash Player 9 ActiveX	Adobe Systems			9 - notwendig
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	24.02.2010	99,6MB	8.1.2 - notwendig
Alien Skin Image Doctor 2 Demo		01.03.2010	8,39MB	- notwendig
Alien Skin Xenofex 2 Demo - notwendig				
Allway Sync version 11.2.2	Botkind Inc	04.04.2011	25,6MB - unbekannt	
ASUS CopyProtect	ASUS	12.08.2008	3,17MB	1.0.0006 - notwendig
ASUS Data Security Manager	ASUS	12.08.2008		1.00.0006 - notwendig
ASUS InstantFun	ASUS	12.08.2008	14,6MB	1.0.0015 - notwendig
ASUS Live Update	ASUS	12.08.2008		2.5.6 - notwendig
ASUS Power4Gear eXtreme	ASUS	12.08.2008	7,14MB	1.0.17 - notwendig
ASUS SmartLogon	ASUS	12.08.2008	10,7MB	1.0.0005 - notwendig
ASUS Splendid Video Enhancement Technology	ASUS	12.08.2008		1.02.0020 - notwendig
Asus_Camera_ScreenSaver	ASUS	12.08.2008		2.0.0007 - notwendig
Atheros Driver Installation Program	Atheros	12.08.2008		7.1 - unbekannt
ATI Catalyst Install Manager	ATI Technologies, Inc.	12.08.2008	13,9MB	3.0.678.0 - unbekannt
ATK Generic Function Service	ATK	12.08.2008		1.00.0008 - notwendig
ATK Hotkey	ATK	12.08.2008		1.00.0034- notwendig
ATK Media				- notwendig
ATKOSD2	ATK	12.08.2008		6.64.1.8 - notwendig 
Avanquest update	Avanquest Software	27.10.2011		1.29 - unbekannt
CCleaner	Piriform	25.11.2012	5,05MB	3.25 - notwendig
CyberLink LabelPrint	CyberLink Corp.			2.0.2830 - unnötig
DHTML Editing Component	Microsoft Corporation	25.02.2011	462KB	6.02.0001 - unbekannt
DivX-Setup	DivX, Inc. 	26.07.2010	1,97MB	1.0.2.23 - notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	28.02.2012	159MB	13.0.0.8086p - unnötig
Express Gate	devicevm	12.08.2008	231MB	0.7.5.0 - unbekannt
Free M4a to MP3 Converter 6.1	ManiacTools.com	13.02.2011	3,71MB	- unnötig
G Data InternetSecurity 2012	G Data Software AG	17.07.2011	204MB	22.0.0.0 - notwendig
GoldWave v5.25		24.05.2010	5,08MB	- notwendig
IsoBuster 2.2	Smart Projects	25.02.2011	8,57MB	2.2 - notwendig
Java(TM) 6 Update 22	Sun Microsystems, Inc.	23.04.2010	94,5MB	6.0.220 - notwendig
LightScribe System Software  1.12.37.1	LightScribe	12.08.2008	20,8MB	1.12.37.1 - unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	02.12.2012	12,7MB	1.65.1.1000 - notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation - notwendig			
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	14.05.2012 - notwendig		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	19.11.2012		4.0.30319 - notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	29.06.2011		4.0.30319 - notwendig
Microsoft Office Professional Edition 2003	Microsoft Corporation	17.11.2012	1,34GB	11.0.8173.0 - notwendig
Microsoft Silverlight	Microsoft Corporation	14.05.2012	80,0MB	4.1.10329.0 - notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	27.02.2010	251KB	8.0.50727.4053 - notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.06.2011	294KB	8.0.61001- notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	17.07.2011	590KB	9.0.30729.4148- notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.07.2011	594KB	9.0.30729.6161- notwendig
Motorola SM56 Speakerphone Modem - unbekannt, bin aber nicht sicher ob es nötig ist			
Mozilla Firefox 16.0.2 (x86 de)	Mozilla			16.0.2 - notwendig
Mozilla Maintenance Service	Mozilla			16.0.2 - notwendig
Multimedia Card Reader	 	12.08.2008		1.01.0000.00 - notwendig
MyPhoneExplorer	F.J. Wechselberger			1.8.2 - unnötig
NB Probe - unbekannt				
PDF24 Creator 3.7.0	PDF24.org	31.10.2011 - notwendig	
Power2Go	CyberLink Corp.			5.6.3917 - unbekannt
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	12.08.2008		1.00.0000 - unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	12.08.2008		6.0.1.5605 - unbekannt
RocketDock 1.3.5	Punk Software	25.02.2010 - notwendig	
Skype™ 6.0	Skype Technologies S.A.	05.12.2012	37,3MB	6.0.126 - notwendig
Sony Ericsson PC Companion 2.01.231	Sony Ericsson	30.10.2011		2.01.231 - unnötig
Sony Ericsson PC Suite 6.012.00	Sony Ericsson	27.10.2011		6.012.00 - unnötig
Steuer-Sparer 2012	Wolters Kluwer Deutschland GmbH	13.08.2012	236MB	17.02 - notwendig
Sun ODF Plugin for Microsoft Office 3.2	Sun Microsystems	07.02.2011	220MB	3.2.9483 - notwendig
Symbian SMS Manager (Test)	Oxygen Software	27.10.2011		2.18.24 - unnötig
Synaptics Pointing Device Driver	Synaptics			10.1.8.0 - unbekannt
Ulead PhotoImpact X3	Corel	25.02.2011	765MB	1.00.0000 - notwendig
Uniblue DriverScanner	Uniblue Systems Ltd	27.10.2011		4.0.1.6 - unbekannt
VLC media player 1.1.11	VideoLAN			1.1.11 - unnötig
WIDCOMM Bluetooth Software	Broadcom Corporation	12.08.2008	31,7MB	5.2.0.500 - notwendig
Windows Live Essentials	Microsoft Corporation	13.08.2012		15.4.3555.0308 - notwendig
WinFlash - unbekannt	
WinPcap 4.1.2	CACE Technologies			4.1.0.2001- notwendig
WinRAR - notwendig
Wireless Console 2	ATK	12.08.2008		2.0.10- notwendig
         

Alt 06.12.2012, 21:16   #10
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



deinstaliere:
AAVUpdateManager
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
CyberLink
ElsterFormular
Free M4a

GDATA:
Besuche bitte deren Homepage, und upgrade auf Version 2013
Antivirus Download, Antivirus-Software, Bankguard, Mobile Security - G Data Software AG

Deinstaliere:
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
LightScribe
MyPhoneExplorer
Power2Go
Sony : alle
Symbian
Uniblue
VLC

Öffne OTL bereinigen, PC startet neu, löscht Remover.
Öffne CCleaner, analysieren, starten, PC neustarten, testen wie das System läuft.

Anmerkung, bin von morgen, bis Mittwoch im urlaub.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.12.2012, 20:17   #11
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hi,

die Programme habe ich bereits deinstalliert. Jetzt muss ich die neuen Versionen noch installieren und die letzten beiden Schritte durchführen. Das mache ich morgen und melde mich dann. Bis dahin

Alt 13.12.2012, 15:20   #12
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hi
danach haben wir noch ein paar Kleinigkeiten zu tun, also, auf jeden fall noch mal melden, wenn du eine Neuinfektion vermeiden willst :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 12:33   #13
Bibi86
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hallöchen,

ich habe nun die Programme installiert, der Remover ist gelöscht und den CCleaner habe ich auch durchlaufen lassen. Mein Rechner läuft ohne Probleme.

Kann ich nun davon ausgehen, dass dieser doofe Trojaner weg ist?

Was muss ich nun tun, damit sowas nicht nochmal passiert?

LG

Alt 15.12.2012, 13:58   #14
markusg
/// Malware-holic
 
Bundespolizei-Virus/Trojaner - Standard

Bundespolizei-Virus/Trojaner



Hi
davon kannst du ausgehen.
Nu sichern wir das Gerät ab:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Bundespolizei-Virus/Trojaner
.dll, administrator, anti-malware, appdata, autostart, bundestrojaner, dateien, desktop, explorer, gelöscht, gen, hilfe!, kopieren, löschen, malwarebytes, microsoft, programm, rechner, roaming, runctf.lnk, scan, software, speicher, temp, trojan.ransom.sugen, trojaner, vista



Ähnliche Themen: Bundespolizei-Virus/Trojaner


  1. Bundespolizei Virus/Trojaner
    Log-Analyse und Auswertung - 05.01.2014 (5)
  2. Umfrage zur Schadsoftware des sog. "BKA-, GVU-, GEMA-, Bundespolizei-Virus/Trojaner"
    Diskussionsforum - 17.11.2013 (4)
  3. Virus Bundespolizei/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (15)
  4. Der Bundespolizei-Virus/Trojaner-wie werde ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (9)
  5. Bundespolizei Virus,Ucash Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (1)
  6. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  7. Virus/Trojaner von der Bundespolizei
    Log-Analyse und Auswertung - 30.07.2012 (2)
  8. Bundespolizei Virus/trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (6)
  9. Trojaner / Virus - Bundespolizei Einheit 5.2 - 100 Euro...
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (10)
  10. Virus/Trojaner Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  11. Bundespolizei Virus Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  12. Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  13. Bundespolizei - Virus, Trojaner: Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  14. Trojaner/Virus: Bundespolizei verlangt 100€
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (12)
  15. Bundespolizei Virus/Trojaner
    Log-Analyse und Auswertung - 22.11.2011 (27)
  16. Bundespolizei Virus / Trojaner eingefangen und total hilflos :-( PC immer noch "gefährdet"
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  17. Bundespolizei Virus / Trojaner - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (1)

Zum Thema Bundespolizei-Virus/Trojaner - Hallo liebes Forum-Team, ich habe mich heute hier angemeldet, weil ich mir diesen Trojaner eingefangen habe, der den Rechner sperrt, bis man nicht ne gewisse Summe bezahlt. Ich könnte wirklich - Bundespolizei-Virus/Trojaner...
Archiv
Du betrachtest: Bundespolizei-Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.