Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rechner Sperrung durch Trojaner Bundespolizei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.12.2012, 19:07   #1
Thorini
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hallo,

gestern abend hat ein Trojaner meinen Rechner gesperrt mit einem Hinweis "Die Bundespolizei hat Ihren Rechner gesperrt"
Auf dieser Seite habe ich die ersten Schritte gefunden. Ich habe Malwarebytes Anti-Malware runtergeladen, aktualisiert und durchgeführt. Es wurde 4 Sachen gefunden und in Quarantäne gesetzt. Was soll ich jetzt noch weiter machen?

Danke für Eure Hilfe auf der Seite!

Hier das Log dazu:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
XXX :: XXX-PC [Administrator]

Schutz: Aktiviert

19.12.2012 16:45:18
mbam-log-2012-12-19 (18-18-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431311
Laufzeit: 1 Stunde(n), 23 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\XXX\Downloads\SoftonicDownloader_fuer_nvidia-gpu-temp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)

Alt 19.12.2012, 19:08   #2
markusg
/// Malware-holic
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 19.12.2012, 19:37   #3
Thorini
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hallo Markusg,

hier die Logs von OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.12.2012 19:14:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Linger\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,79% Memory free
5,98 Gb Paging File | 4,88 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 880,93 Gb Total Space | 660,22 Gb Free Space | 74,95% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 19,00 Gb Free Space | 75,99% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1334,57 Gb Free Space | 95,51% Space Free | Partition Type: NTFS
 
Computer Name: LINGER-PC | User Name: Linger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.19 19:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linger\Desktop\OTL.exe
PRC - [2012.12.17 23:29:50 | 029,428,448 | ---- | M] (Dropbox, Inc.) -- C:\Users\Linger\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.28 14:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2012.08.08 20:06:37 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.06 11:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.11.11 12:59:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 09:16:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012.11.16 06:32:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.16 06:32:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.16 06:32:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.16 06:32:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.16 06:32:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.16 06:32:04 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.16 06:32:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.16 06:31:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.11 20:38:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.07 12:11:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.05.05 13:38:00 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Linger\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.09 08:26:23 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {D5F9DFA3-301E-4E7A-9958-8553A872E756}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{74BC814E-3CE7-4BB7-A3CC-60292DD9A783}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C60A5E2A-5712-405A-A803-9784B771B8FD&apn_sauid=4CA689FE-A2B6-4721-B763-5005FAA8D958
IE - HKCU\..\SearchScopes\{76DE1DDB-D807-471D-9B85-85F371026840}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\..\SearchScopes\{D5F9DFA3-301E-4E7A-9958-8553A872E756}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.159
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.7.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Linger\AppData\Roaming\Mozilla\Firefox\Profiles\klbsbtco.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:10:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:11:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:10:59 | 000,000,000 | ---D | M]
 
[2012.01.14 21:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linger\AppData\Roaming\mozilla\Extensions
[2012.12.11 11:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions
[2012.01.07 23:15:00 | 000,000,000 | ---D | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012.11.16 06:34:04 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.11.18 09:39:03 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.01.14 21:35:16 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.12.11 11:44:15 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\toolbar@ask.com
[2012.11.06 19:02:57 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.11 11:44:15 | 000,002,308 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\askcom.xml
[2012.07.29 12:59:50 | 000,000,925 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\conduit.xml
[2011.11.08 17:53:47 | 000,005,604 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\Linkury Smartbar Search.xml
[2012.01.14 21:35:14 | 000,002,519 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\Search_Results.xml
[2011.11.12 08:30:40 | 000,003,915 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\SweetIM Search.xml
[2011.11.12 08:30:34 | 000,003,915 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\sweetim.xml
[2012.12.07 12:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.07 12:11:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 22:48:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.14 21:35:14 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=48
CHR - Extension: YouTube = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Avanquest App'-Anwendungsleiste = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg\2.3.2.4_0\
CHR - Extension: Google-Suche = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent File not found
O4 - Startup: C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Linger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E493564-5745-4AD0-8493-2D0AB5ABB6AE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk K:\
O33 - MountPoints2\{8bdccc09-04aa-11e1-9938-4061867cba24}\Shell - "" = AutoRun
O33 - MountPoints2\{8bdccc09-04aa-11e1-9938-4061867cba24}\Shell\AutoRun\command - "" = J:\INSTALL.EXE
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.19 19:11:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Linger\Desktop\OTL.exe
[2012.12.19 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Linger\AppData\Local\Programs
[2012.12.19 16:44:25 | 000,000,000 | ---D | C] -- C:\Users\Linger\AppData\Roaming\Malwarebytes
[2012.12.19 16:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.19 16:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.19 16:44:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.19 16:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.19 16:43:35 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Linger\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.19 16:43:32 | 007,105,872 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Linger\Desktop\mbam-rules.exe
[2012.12.18 21:58:07 | 000,336,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Linger\wgsdgsdgdsgsd.dll
[2012.12.11 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.12.11 11:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.12.11 11:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.11 11:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.12.11 11:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.09 18:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meine CEWE FOTOWELT
[2012.12.09 18:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\corporate benefits
[2012.12.07 12:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.25 20:12:19 | 000,000,000 | ---D | C] -- C:\Users\Linger\Documents\gothic3
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.19 19:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linger\Desktop\OTL.exe
[2012.12.19 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.19 18:31:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 18:31:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 18:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.19 18:24:07 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.19 16:44:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.19 16:44:06 | 000,664,618 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.19 16:44:06 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.19 16:44:06 | 000,134,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.19 16:44:06 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.19 08:48:14 | 007,105,872 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Linger\Desktop\mbam-rules.exe
[2012.12.19 08:41:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Linger\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.19 00:22:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\8F24d!.pad
[2012.12.18 21:58:09 | 000,001,079 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.18 21:43:11 | 000,001,016 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.13 20:02:06 | 000,341,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.09 18:46:48 | 000,001,306 | ---- | M] () -- C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
[2012.12.09 18:46:48 | 000,001,281 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2012.12.08 18:13:25 | 291,841,609 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.25 20:08:59 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Gothic 3 Spielen!.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.19 16:44:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.18 21:58:09 | 000,001,079 | ---- | C] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.18 21:58:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\8F24d!.pad
[2012.12.09 18:46:48 | 000,001,306 | ---- | C] () -- C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
[2012.12.09 18:46:48 | 000,001,281 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2012.11.25 20:08:59 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Gothic 3 Spielen!.lnk
[2012.03.17 22:06:06 | 000,011,776 | ---- | C] () -- C:\Users\Linger\MagicListe.wps
[2012.03.17 21:23:01 | 000,000,756 | ---- | C] () -- C:\Users\Linger\AppData\Roaming\wklnhst.dat
[2011.12.01 20:12:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.11.06 20:09:11 | 000,073,089 | ---- | C] () -- C:\Users\Linger\nebenkostenabrechnung.pdf
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.17 16:35:42 | 000,011,264 | ---- | C] () -- C:\Users\Linger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.08 08:31:32 | 001,035,104 | ---- | C] () -- C:\Users\Linger\20110708110554280.pdf
[2011.08.28 19:31:53 | 001,824,655 | ---- | C] () -- C:\Users\Linger\001 - 2011_08_18_Ausschreibung_Systemintegration_validation[1].pdf
[2011.07.30 14:13:20 | 007,320,097 | ---- | C] () -- C:\Users\Linger\OblivionManual.pdf
[2011.03.21 07:27:56 | 000,019,197 | ---- | C] () -- C:\Users\Linger\Telefax_(1_Datei-_Telefax.tif).pdf
[2011.02.03 21:08:36 | 000,143,681 | ---- | C] () -- C:\Users\Linger\diplome.pdf
[2010.12.22 08:37:37 | 000,005,948 | ---- | C] () -- C:\Users\Linger\Personalienbogen.pdf
[2010.12.22 08:37:19 | 000,038,157 | ---- | C] () -- C:\Users\Linger\Linger Strafprozessvollmacht.pdf
[2010.11.05 20:22:04 | 000,000,094 | ---- | C] () -- C:\Users\Linger\AppData\Local\fusioncache.dat
[2010.07.27 15:56:15 | 000,106,713 | ---- | C] () -- C:\Users\Linger\pralinenbox-faltplan.pdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.09.14 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Audacity
[2012.12.17 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\BitTorrent
[2010.07.26 15:18:04 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\BitZipper
[2011.12.31 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Canneverbe Limited
[2012.09.09 18:44:02 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\DAEMON Tools Lite
[2012.12.19 18:26:42 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Dropbox
[2010.09.14 09:46:17 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\EurekaLog
[2011.12.04 13:22:49 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\FFSJ
[2010.07.19 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\ITTerritory
[2012.09.09 08:26:19 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\OpenCandy
[2012.02.05 07:52:52 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\PhotoScape
[2011.07.29 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\runic games
[2012.07.19 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Screenbrush
[2010.06.28 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\TablePlanner
[2012.03.17 21:23:04 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Template
[2011.11.12 08:58:00 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\TuneUp Software
[2011.09.10 06:42:30 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Wizards of the Coast
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.05.23 18:40:08 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.05.23 18:39:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.08.25 06:33:35 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.12.17 08:16:53 | 000,000,000 | ---D | M] -- C:\Intel
[2009.12.17 08:48:34 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.09.15 09:12:30 | 000,000,000 | ---D | M] -- C:\Nebenkostenabrechnung
[2010.10.09 16:02:32 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.12.19 16:44:13 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.19 18:23:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.05.23 18:39:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.05.23 18:39:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.12 08:57:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.10 06:42:07 | 000,000,000 | ---D | M] -- C:\temp
[2011.11.05 19:24:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.18 23:06:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.06.06 18:35:31 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2010.11.20 13:19:18 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
 
< %USERPROFILE%\*.* >
[2011.08.28 19:31:57 | 001,824,655 | ---- | M] () -- C:\Users\Linger\001 - 2011_08_18_Ausschreibung_Systemintegration_validation[1].pdf
[2011.09.08 08:31:34 | 001,035,104 | ---- | M] () -- C:\Users\Linger\20110708110554280.pdf
[2011.02.03 21:08:36 | 000,143,681 | ---- | M] () -- C:\Users\Linger\diplome.pdf
[2010.12.22 08:37:19 | 000,038,157 | ---- | M] () -- C:\Users\Linger\Linger Strafprozessvollmacht.pdf
[2011.09.04 18:51:20 | 000,000,542 | ---- | M] () -- C:\Users\Linger\Liste.txt
[2012.03.17 22:06:06 | 000,011,776 | ---- | M] () -- C:\Users\Linger\MagicListe.wps
[2011.11.06 20:09:11 | 000,073,089 | ---- | M] () -- C:\Users\Linger\nebenkostenabrechnung.pdf
[2012.12.19 19:19:27 | 002,883,584 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT
[2012.12.19 19:19:27 | 000,262,144 | -HS- | M] () -- C:\Users\Linger\ntuser.dat.LOG1
[2010.05.23 18:40:04 | 000,000,000 | -HS- | M] () -- C:\Users\Linger\ntuser.dat.LOG2
[2010.05.23 18:44:27 | 000,065,536 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.05.23 18:44:27 | 000,524,288 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.05.23 18:44:27 | 000,524,288 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.05.23 18:40:04 | 000,000,020 | -HS- | M] () -- C:\Users\Linger\ntuser.ini
[2010.12.08 17:50:14 | 007,320,097 | ---- | M] () -- C:\Users\Linger\OblivionManual.pdf
[2010.12.22 08:37:37 | 000,005,948 | ---- | M] () -- C:\Users\Linger\Personalienbogen.pdf
[2010.07.22 11:17:02 | 000,106,713 | ---- | M] () -- C:\Users\Linger\pralinenbox-faltplan.pdf
[2010.05.24 10:51:25 | 000,012,264 | ---- | M] () -- C:\Users\Linger\Preisdetails.txt
[2011.03.21 07:27:57 | 000,019,197 | ---- | M] () -- C:\Users\Linger\Telefax_(1_Datei-_Telefax.tif).pdf
[2012.12.18 21:58:07 | 000,336,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Linger\wgsdgsdgdsgsd.dll
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E

< End of report >
         
--- --- ---


und hier für Extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 19.12.2012 19:14:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,79% Memory free
5,98 Gb Paging File | 4,88 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 880,93 Gb Total Space | 660,22 Gb Free Space | 74,95% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 19,00 Gb Free Space | 75,99% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1334,57 Gb Free Space | 95,51% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\corporate benefits\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\corporate benefits\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
         
__________________

Alt 19.12.2012, 20:20   #4
markusg
/// Malware-holic
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.12.18 21:58:07 | 000,336,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Linger\wgsdgsdgdsgsd.dll
[2012.12.19 00:22:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\8F24d!.pad
[2012.12.18 21:58:09 | 000,001,079 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.12.2012, 09:53   #5
Thorini
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hallo markusg,

Ich habe OTL mit dem neuen Text ausgeführt.

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\XXX\wgsdgsdgdsgsd.dll moved successfully.
C:\ProgramData\8F24d!.pad moved successfully.
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: XXX
->Flash cache emptied: 432630 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 201074928 bytes
->Temporary Internet Files folder emptied: 216094902 bytes
->Java cache emptied: 346651 bytes
->FireFox cache emptied: 95470776 bytes
->Google Chrome cache emptied: 6783297 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133088005 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 623,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12202012_092142

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Upload war erfolgreich!

Danke für eure schnelle und qualifizierte Hilfe!


Alt 20.12.2012, 13:29   #6
markusg
/// Malware-holic
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hi,
danke fürs hochladen, weiter gehts:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Rechner Sperrung durch Trojaner Bundespolizei

Alt 20.12.2012, 21:33   #7
Thorini
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hi,

Es gab keinen Fund.
Gibt es noch was zu tun?

Gruß

Thorini

Alt 21.12.2012, 13:57   #8
markusg
/// Malware-holic
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Das log posten.
es ist unter c:\TDSSkiller-Version-Datum.txt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 15:43   #9
Thorini
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hallo,

ich war die letzte Woche nicht da. Hier das Log.

Code:
ATTFilter
21:28:03.0397 0744  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:28:03.0657 0744  ============================================================
21:28:03.0657 0744  Current date / time: 2012/12/20 21:28:03.0657
21:28:03.0657 0744  SystemInfo:
21:28:03.0657 0744  
21:28:03.0657 0744  OS Version: 6.1.7601 ServicePack: 1.0
21:28:03.0657 0744  Product type: Workstation
21:28:03.0657 0744  ComputerName: LINGER-PC
21:28:03.0657 0744  UserName: Linger
21:28:03.0657 0744  Windows directory: C:\Windows
21:28:03.0657 0744  System windows directory: C:\Windows
21:28:03.0657 0744  Processor architecture: Intel x86
21:28:03.0657 0744  Number of processors: 4
21:28:03.0657 0744  Page size: 0x1000
21:28:03.0657 0744  Boot type: Normal boot
21:28:03.0657 0744  ============================================================
21:28:04.0047 0744  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:28:04.0047 0744  Drive \Device\Harddisk1\DR1 - Size: 0x15D50F60000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:28:04.0067 0744  ============================================================
21:28:04.0067 0744  \Device\Harddisk0\DR0:
21:28:04.0077 0744  MBR partitions:
21:28:04.0077 0744  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:28:04.0077 0744  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E1DB800
21:28:04.0077 0744  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAB686000, BlocksNum 0x3200000
21:28:04.0077 0744  \Device\Harddisk1\DR1:
21:28:04.0077 0744  MBR partitions:
21:28:04.0077 0744  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xAEA86701
21:28:04.0077 0744  ============================================================
21:28:04.0087 0744  C: <-> \Device\Harddisk0\DR0\Partition2
21:28:04.0107 0744  D: <-> \Device\Harddisk0\DR0\Partition3
21:28:04.0117 0744  K: <-> \Device\Harddisk1\DR1\Partition1
21:28:04.0117 0744  ============================================================
21:28:04.0117 0744  Initialize success
21:28:04.0117 0744  ============================================================
21:28:53.0215 2944  ============================================================
21:28:53.0215 2944  Scan started
21:28:53.0215 2944  Mode: Manual; SigCheck; TDLFS; 
21:28:53.0215 2944  ============================================================
21:28:53.0485 2944  ================ Scan system memory ========================
21:28:53.0485 2944  System memory - ok
21:28:53.0485 2944  ================ Scan services =============================
21:28:53.0645 2944  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:28:53.0745 2944  1394ohci - ok
21:28:53.0775 2944  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:28:53.0785 2944  ACPI - ok
21:28:53.0805 2944  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:28:53.0865 2944  AcpiPmi - ok
21:28:53.0945 2944  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:53.0955 2944  AdobeFlashPlayerUpdateSvc - ok
21:28:53.0985 2944  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:54.0005 2944  adp94xx - ok
21:28:54.0015 2944  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:28:54.0025 2944  adpahci - ok
21:28:54.0045 2944  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:28:54.0055 2944  adpu320 - ok
21:28:54.0065 2944  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:28:54.0095 2944  AeLookupSvc - ok
21:28:54.0135 2944  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:28:54.0165 2944  AFD - ok
21:28:54.0205 2944  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:28:54.0215 2944  agp440 - ok
21:28:54.0245 2944  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:28:54.0255 2944  aic78xx - ok
21:28:54.0285 2944  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:28:54.0305 2944  ALG - ok
21:28:54.0325 2944  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:28:54.0335 2944  aliide - ok
21:28:54.0345 2944  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:28:54.0345 2944  amdagp - ok
21:28:54.0355 2944  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:28:54.0355 2944  amdide - ok
21:28:54.0385 2944  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:28:54.0415 2944  AmdK8 - ok
21:28:54.0435 2944  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:28:54.0465 2944  AmdPPM - ok
21:28:54.0495 2944  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:28:54.0505 2944  amdsata - ok
21:28:54.0515 2944  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:54.0525 2944  amdsbs - ok
21:28:54.0535 2944  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:28:54.0535 2944  amdxata - ok
21:28:54.0655 2944  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:28:54.0675 2944  AntiVirSchedulerService - ok
21:28:54.0715 2944  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:28:54.0725 2944  AntiVirService - ok
21:28:54.0755 2944  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:28:54.0845 2944  AppID - ok
21:28:54.0865 2944  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:28:54.0905 2944  AppIDSvc - ok
21:28:54.0935 2944  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:28:54.0965 2944  Appinfo - ok
21:28:55.0045 2944  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:28:55.0045 2944  Apple Mobile Device - ok
21:28:55.0075 2944  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:28:55.0085 2944  arc - ok
21:28:55.0095 2944  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:28:55.0105 2944  arcsas - ok
21:28:55.0175 2944  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:28:55.0185 2944  aspnet_state - ok
21:28:55.0216 2944  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:55.0294 2944  AsyncMac - ok
21:28:55.0341 2944  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:28:55.0356 2944  atapi - ok
21:28:55.0387 2944  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:55.0419 2944  AudioEndpointBuilder - ok
21:28:55.0434 2944  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:28:55.0450 2944  Audiosrv - ok
21:28:55.0528 2944  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:55.0543 2944  avgntflt - ok
21:28:55.0575 2944  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:28:55.0590 2944  avipbb - ok
21:28:55.0606 2944  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:55.0621 2944  avkmgr - ok
21:28:55.0653 2944  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:28:55.0668 2944  AxInstSV - ok
21:28:55.0699 2944  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:55.0715 2944  b06bdrv - ok
21:28:55.0731 2944  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:55.0746 2944  b57nd60x - ok
21:28:55.0762 2944  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:28:55.0809 2944  BDESVC - ok
21:28:55.0840 2944  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:28:55.0871 2944  Beep - ok
21:28:55.0918 2944  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:28:55.0933 2944  BFE - ok
21:28:55.0965 2944  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:28:56.0011 2944  BITS - ok
21:28:56.0011 2944  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:56.0027 2944  blbdrive - ok
21:28:56.0105 2944  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:28:56.0121 2944  Bonjour Service - ok
21:28:56.0152 2944  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:28:56.0183 2944  bowser - ok
21:28:56.0199 2944  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:56.0245 2944  BrFiltLo - ok
21:28:56.0261 2944  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:56.0277 2944  BrFiltUp - ok
21:28:56.0308 2944  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:28:56.0339 2944  Browser - ok
21:28:56.0370 2944  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:28:56.0386 2944  Brserid - ok
21:28:56.0401 2944  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:56.0417 2944  BrSerWdm - ok
21:28:56.0433 2944  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:56.0464 2944  BrUsbMdm - ok
21:28:56.0464 2944  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:56.0464 2944  BrUsbSer - ok
21:28:56.0495 2944  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:56.0511 2944  BTHMODEM - ok
21:28:56.0542 2944  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:28:56.0573 2944  bthserv - ok
21:28:56.0589 2944  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:28:56.0620 2944  cdfs - ok
21:28:56.0667 2944  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:28:56.0682 2944  cdrom - ok
21:28:56.0713 2944  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:28:56.0745 2944  CertPropSvc - ok
21:28:56.0760 2944  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:28:56.0776 2944  circlass - ok
21:28:56.0807 2944  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:28:56.0823 2944  CLFS - ok
21:28:56.0854 2944  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:56.0869 2944  clr_optimization_v2.0.50727_32 - ok
21:28:56.0947 2944  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:56.0947 2944  clr_optimization_v4.0.30319_32 - ok
21:28:56.0963 2944  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:56.0963 2944  CmBatt - ok
21:28:56.0979 2944  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:28:56.0994 2944  cmdide - ok
21:28:57.0025 2944  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:28:57.0041 2944  CNG - ok
21:28:57.0057 2944  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:28:57.0072 2944  Compbatt - ok
21:28:57.0103 2944  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:28:57.0119 2944  CompositeBus - ok
21:28:57.0119 2944  COMSysApp - ok
21:28:57.0213 2944  cpuz132 - ok
21:28:57.0228 2944  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:57.0228 2944  crcdisk - ok
21:28:57.0259 2944  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:28:57.0291 2944  CryptSvc - ok
21:28:57.0306 2944  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:28:57.0353 2944  DcomLaunch - ok
21:28:57.0369 2944  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:28:57.0400 2944  defragsvc - ok
21:28:57.0431 2944  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:28:57.0462 2944  DfsC - ok
21:28:57.0493 2944  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:28:57.0509 2944  Dhcp - ok
21:28:57.0525 2944  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:28:57.0556 2944  discache - ok
21:28:57.0603 2944  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:28:57.0603 2944  Disk - ok
21:28:57.0634 2944  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:28:57.0665 2944  Dnscache - ok
21:28:57.0681 2944  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:28:57.0712 2944  dot3svc - ok
21:28:57.0743 2944  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:28:57.0790 2944  DPS - ok
21:28:57.0821 2944  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:28:57.0821 2944  drmkaud - ok
21:28:57.0868 2944  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:28:57.0868 2944  dtsoftbus01 - ok
21:28:57.0899 2944  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:28:57.0915 2944  DXGKrnl - ok
21:28:57.0930 2944  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:28:57.0961 2944  EapHost - ok
21:28:58.0024 2944  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:28:58.0102 2944  ebdrv - ok
21:28:58.0133 2944  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:28:58.0149 2944  EFS - ok
21:28:58.0211 2944  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:28:58.0227 2944  ehRecvr - ok
21:28:58.0242 2944  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:28:58.0258 2944  ehSched - ok
21:28:58.0273 2944  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:28:58.0289 2944  elxstor - ok
21:28:58.0305 2944  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:28:58.0320 2944  ErrDev - ok
21:28:58.0336 2944  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:28:58.0383 2944  EventSystem - ok
21:28:58.0398 2944  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:28:58.0429 2944  exfat - ok
21:28:58.0461 2944  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:28:58.0476 2944  fastfat - ok
21:28:58.0507 2944  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:28:58.0539 2944  Fax - ok
21:28:58.0554 2944  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:28:58.0570 2944  fdc - ok
21:28:58.0585 2944  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:28:58.0617 2944  fdPHost - ok
21:28:58.0632 2944  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:28:58.0663 2944  FDResPub - ok
21:28:58.0679 2944  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:28:58.0679 2944  FileInfo - ok
21:28:58.0695 2944  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:28:58.0726 2944  Filetrace - ok
21:28:58.0726 2944  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:58.0741 2944  flpydisk - ok
21:28:58.0757 2944  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:28:58.0757 2944  FltMgr - ok
21:28:58.0788 2944  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:28:58.0819 2944  FontCache - ok
21:28:58.0866 2944  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:58.0866 2944  FontCache3.0.0.0 - ok
21:28:58.0897 2944  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:28:58.0897 2944  FsDepends - ok
21:28:58.0929 2944  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:28:58.0929 2944  Fs_Rec - ok
21:28:58.0960 2944  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:28:58.0975 2944  fvevol - ok
21:28:58.0991 2944  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:58.0991 2944  gagp30kx - ok
21:28:59.0022 2944  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:28:59.0022 2944  GEARAspiWDM - ok
21:28:59.0053 2944  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:28:59.0085 2944  gpsvc - ok
21:28:59.0163 2944  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:59.0163 2944  gusvc - ok
21:28:59.0178 2944  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:28:59.0209 2944  hcw85cir - ok
21:28:59.0241 2944  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:28:59.0256 2944  HdAudAddService - ok
21:28:59.0287 2944  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:28:59.0319 2944  HDAudBus - ok
21:28:59.0334 2944  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:59.0350 2944  HidBatt - ok
21:28:59.0381 2944  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:28:59.0397 2944  HidBth - ok
21:28:59.0428 2944  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:28:59.0459 2944  HidIr - ok
21:28:59.0475 2944  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:28:59.0506 2944  hidserv - ok
21:28:59.0521 2944  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:28:59.0537 2944  HidUsb - ok
21:28:59.0553 2944  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:28:59.0584 2944  hkmsvc - ok
21:28:59.0615 2944  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:28:59.0631 2944  HomeGroupListener - ok
21:28:59.0646 2944  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:28:59.0693 2944  HomeGroupProvider - ok
21:28:59.0709 2944  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:28:59.0724 2944  HpSAMD - ok
21:28:59.0755 2944  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:28:59.0787 2944  HTTP - ok
21:28:59.0802 2944  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:28:59.0802 2944  hwpolicy - ok
21:28:59.0833 2944  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:28:59.0865 2944  i8042prt - ok
21:28:59.0880 2944  [ D5EDB998656E6ECF1A17C78DAB019A3C ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:28:59.0896 2944  iaStor - ok
21:28:59.0943 2944  [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:28:59.0958 2944  IAStorDataMgrSvc - ok
21:28:59.0989 2944  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:28:59.0989 2944  iaStorV - ok
21:29:00.0036 2944  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:00.0067 2944  idsvc - ok
21:29:00.0083 2944  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:29:00.0099 2944  iirsp - ok
21:29:00.0130 2944  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:29:00.0161 2944  IKEEXT - ok
21:29:00.0177 2944  IntcAzAudAddService - ok
21:29:00.0177 2944  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:29:00.0192 2944  intelide - ok
21:29:00.0208 2944  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:29:00.0223 2944  intelppm - ok
21:29:00.0255 2944  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:29:00.0286 2944  IPBusEnum - ok
21:29:00.0301 2944  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:00.0348 2944  IpFilterDriver - ok
21:29:00.0379 2944  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:29:00.0411 2944  iphlpsvc - ok
21:29:00.0457 2944  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:29:00.0473 2944  IPMIDRV - ok
21:29:00.0489 2944  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:29:00.0520 2944  IPNAT - ok
21:29:00.0567 2944  [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:29:00.0582 2944  iPod Service - ok
21:29:00.0582 2944  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:29:00.0613 2944  IRENUM - ok
21:29:00.0629 2944  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:29:00.0645 2944  isapnp - ok
21:29:00.0660 2944  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:29:00.0676 2944  iScsiPrt - ok
21:29:00.0691 2944  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:29:00.0707 2944  kbdclass - ok
21:29:00.0738 2944  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:29:00.0754 2944  kbdhid - ok
21:29:00.0769 2944  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:29:00.0785 2944  KeyIso - ok
21:29:00.0801 2944  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:29:00.0816 2944  KSecDD - ok
21:29:00.0832 2944  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:29:00.0847 2944  KSecPkg - ok
21:29:00.0879 2944  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:29:00.0910 2944  KtmRm - ok
21:29:00.0941 2944  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:29:00.0972 2944  LanmanServer - ok
21:29:00.0972 2944  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:29:01.0003 2944  LanmanWorkstation - ok
21:29:01.0050 2944  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:29:01.0097 2944  lltdio - ok
21:29:01.0113 2944  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:29:01.0128 2944  lltdsvc - ok
21:29:01.0144 2944  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:29:01.0159 2944  lmhosts - ok
21:29:01.0175 2944  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:01.0191 2944  LSI_FC - ok
21:29:01.0206 2944  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:01.0206 2944  LSI_SAS - ok
21:29:01.0222 2944  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:01.0222 2944  LSI_SAS2 - ok
21:29:01.0237 2944  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:01.0237 2944  LSI_SCSI - ok
21:29:01.0253 2944  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:29:01.0269 2944  luafv - ok
21:29:01.0315 2944  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:29:01.0315 2944  MBAMProtector - ok
21:29:01.0347 2944  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:29:01.0362 2944  MBAMScheduler - ok
21:29:01.0393 2944  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:29:01.0409 2944  MBAMService - ok
21:29:01.0456 2944  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
21:29:01.0471 2944  McComponentHostService - ok
21:29:01.0487 2944  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:29:01.0503 2944  Mcx2Svc - ok
21:29:01.0503 2944  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:29:01.0518 2944  megasas - ok
21:29:01.0534 2944  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:01.0549 2944  MegaSR - ok
21:29:01.0565 2944  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:29:01.0596 2944  MMCSS - ok
21:29:01.0612 2944  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:29:01.0627 2944  Modem - ok
21:29:01.0627 2944  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:29:01.0659 2944  monitor - ok
21:29:01.0674 2944  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:29:01.0690 2944  mouclass - ok
21:29:01.0705 2944  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:29:01.0737 2944  mouhid - ok
21:29:01.0783 2944  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:29:01.0799 2944  mountmgr - ok
21:29:01.0877 2944  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:29:01.0893 2944  MozillaMaintenance - ok
21:29:01.0893 2944  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:29:01.0908 2944  mpio - ok
21:29:01.0924 2944  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:29:01.0955 2944  mpsdrv - ok
21:29:01.0971 2944  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:29:02.0017 2944  MpsSvc - ok
21:29:02.0049 2944  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:29:02.0064 2944  MRxDAV - ok
21:29:02.0095 2944  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:02.0142 2944  mrxsmb - ok
21:29:02.0158 2944  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:02.0189 2944  mrxsmb10 - ok
21:29:02.0205 2944  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:02.0220 2944  mrxsmb20 - ok
21:29:02.0220 2944  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:29:02.0236 2944  msahci - ok
21:29:02.0251 2944  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:29:02.0251 2944  msdsm - ok
21:29:02.0283 2944  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:29:02.0298 2944  MSDTC - ok
21:29:02.0314 2944  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:29:02.0329 2944  Msfs - ok
21:29:02.0345 2944  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:29:02.0376 2944  mshidkmdf - ok
21:29:02.0392 2944  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:29:02.0407 2944  msisadrv - ok
21:29:02.0439 2944  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:29:02.0454 2944  MSiSCSI - ok
21:29:02.0470 2944  msiserver - ok
21:29:02.0470 2944  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:29:02.0517 2944  MSKSSRV - ok
21:29:02.0517 2944  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:02.0563 2944  MSPCLOCK - ok
21:29:02.0579 2944  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:29:02.0610 2944  MSPQM - ok
21:29:02.0626 2944  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:29:02.0641 2944  MsRPC - ok
21:29:02.0641 2944  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:29:02.0657 2944  mssmbios - ok
21:29:02.0657 2944  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:29:02.0673 2944  MSTEE - ok
21:29:02.0688 2944  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:02.0688 2944  MTConfig - ok
21:29:02.0704 2944  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:29:02.0719 2944  Mup - ok
21:29:02.0751 2944  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:29:02.0782 2944  napagent - ok
21:29:02.0813 2944  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:29:02.0829 2944  NativeWifiP - ok
21:29:02.0860 2944  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:29:02.0875 2944  NDIS - ok
21:29:02.0891 2944  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:02.0922 2944  NdisCap - ok
21:29:02.0938 2944  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:02.0969 2944  NdisTapi - ok
21:29:02.0985 2944  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:03.0000 2944  Ndisuio - ok
21:29:03.0031 2944  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:03.0063 2944  NdisWan - ok
21:29:03.0078 2944  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:29:03.0109 2944  NDProxy - ok
21:29:03.0109 2944  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:29:03.0125 2944  NetBIOS - ok
21:29:03.0156 2944  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:29:03.0172 2944  NetBT - ok
21:29:03.0187 2944  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:29:03.0187 2944  Netlogon - ok
21:29:03.0234 2944  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:29:03.0265 2944  Netman - ok
21:29:03.0281 2944  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:29:03.0297 2944  netprofm - ok
21:29:03.0328 2944  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
21:29:03.0359 2944  netr28u - ok
21:29:03.0390 2944  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:03.0406 2944  NetTcpPortSharing - ok
21:29:03.0437 2944  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:03.0437 2944  nfrd960 - ok
21:29:03.0468 2944  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:29:03.0484 2944  NlaSvc - ok
21:29:03.0531 2944  [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
21:29:03.0546 2944  nmwcd - ok
21:29:03.0562 2944  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:29:03.0577 2944  Npfs - ok
21:29:03.0593 2944  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:29:03.0609 2944  nsi - ok
21:29:03.0609 2944  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:29:03.0640 2944  nsiproxy - ok
21:29:03.0687 2944  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:29:03.0702 2944  Ntfs - ok
21:29:03.0718 2944  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:29:03.0733 2944  Null - ok
21:29:03.0765 2944  [ 93C0F383B39B1F5FE7203E3270D4CF52 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
21:29:03.0765 2944  NVHDA - ok
21:29:05.0559 2944  [ 19F5C4949B2E4CBD2E95B8ECDFC84D25 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:29:05.0668 2944  nvlddmkm - ok
21:29:05.0699 2944  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:29:05.0715 2944  nvraid - ok
21:29:05.0746 2944  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:29:05.0761 2944  nvstor - ok
21:29:05.0808 2944  [ 7A68320FA236ED0479EFF93540391568 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:29:05.0808 2944  nvsvc - ok
21:29:05.0933 2944  [ 003CB0A155568B4A53A301F07C734233 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:29:05.0964 2944  nvUpdatusService - ok
21:29:06.0011 2944  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:29:06.0011 2944  nv_agp - ok
21:29:06.0073 2944  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:06.0073 2944  odserv - ok
21:29:06.0120 2944  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:29:06.0136 2944  ohci1394 - ok
21:29:06.0151 2944  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:06.0167 2944  ose - ok
21:29:06.0198 2944  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:29:06.0229 2944  p2pimsvc - ok
21:29:06.0245 2944  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:29:06.0261 2944  p2psvc - ok
21:29:06.0292 2944  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:29:06.0307 2944  Parport - ok
21:29:06.0323 2944  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:29:06.0339 2944  partmgr - ok
21:29:06.0339 2944  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:29:06.0370 2944  Parvdm - ok
21:29:06.0370 2944  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:29:06.0385 2944  PcaSvc - ok
21:29:06.0401 2944  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:29:06.0417 2944  pci - ok
21:29:06.0417 2944  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:29:06.0432 2944  pciide - ok
21:29:06.0448 2944  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:06.0463 2944  pcmcia - ok
21:29:06.0463 2944  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:29:06.0463 2944  pcw - ok
21:29:06.0479 2944  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:29:06.0526 2944  PEAUTH - ok
21:29:06.0573 2944  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:29:06.0619 2944  pla - ok
21:29:06.0666 2944  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:29:06.0697 2944  PlugPlay - ok
21:29:06.0713 2944  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:29:06.0729 2944  PNRPAutoReg - ok
21:29:06.0744 2944  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:29:06.0760 2944  PNRPsvc - ok
21:29:06.0775 2944  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:29:06.0791 2944  PolicyAgent - ok
21:29:06.0822 2944  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:29:06.0838 2944  Power - ok
21:29:06.0869 2944  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:29:06.0900 2944  PptpMiniport - ok
21:29:06.0900 2944  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:29:06.0931 2944  Processor - ok
21:29:06.0947 2944  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:29:06.0963 2944  ProfSvc - ok
21:29:06.0978 2944  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:29:06.0994 2944  ProtectedStorage - ok
21:29:07.0009 2944  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:29:07.0025 2944  Psched - ok
21:29:07.0072 2944  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:29:07.0087 2944  ql2300 - ok
21:29:07.0119 2944  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:07.0119 2944  ql40xx - ok
21:29:07.0150 2944  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:29:07.0150 2944  QWAVE - ok
21:29:07.0181 2944  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:29:07.0197 2944  QWAVEdrv - ok
21:29:07.0212 2944  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:29:07.0243 2944  RasAcd - ok
21:29:07.0259 2944  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:07.0290 2944  RasAgileVpn - ok
21:29:07.0306 2944  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:29:07.0321 2944  RasAuto - ok
21:29:07.0321 2944  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:07.0353 2944  Rasl2tp - ok
21:29:07.0368 2944  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:29:07.0399 2944  RasMan - ok
21:29:07.0415 2944  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:07.0446 2944  RasPppoe - ok
21:29:07.0477 2944  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:29:07.0493 2944  RasSstp - ok
21:29:07.0524 2944  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:29:07.0555 2944  rdbss - ok
21:29:07.0555 2944  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:07.0571 2944  rdpbus - ok
21:29:07.0587 2944  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:07.0602 2944  RDPCDD - ok
21:29:07.0633 2944  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:29:07.0649 2944  RDPENCDD - ok
21:29:07.0649 2944  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:29:07.0665 2944  RDPREFMP - ok
21:29:07.0696 2944  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:29:07.0711 2944  RDPWD - ok
21:29:07.0743 2944  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:29:07.0743 2944  rdyboost - ok
21:29:07.0774 2944  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:29:07.0805 2944  RemoteAccess - ok
21:29:07.0821 2944  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:29:07.0852 2944  RemoteRegistry - ok
21:29:07.0852 2944  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:29:07.0899 2944  RpcEptMapper - ok
21:29:07.0914 2944  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:29:07.0930 2944  RpcLocator - ok
21:29:07.0930 2944  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:29:07.0961 2944  RpcSs - ok
21:29:07.0961 2944  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:29:07.0992 2944  rspndr - ok
21:29:08.0008 2944  [ 05C2613F661584190C752F6184D1C8EF ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
21:29:08.0055 2944  RTL8167 - ok
21:29:08.0070 2944  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:29:08.0086 2944  SamSs - ok
21:29:08.0101 2944  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:29:08.0101 2944  sbp2port - ok
21:29:08.0133 2944  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:29:08.0148 2944  SCardSvr - ok
21:29:08.0179 2944  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:29:08.0195 2944  scfilter - ok
21:29:08.0257 2944  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:29:08.0289 2944  Schedule - ok
21:29:08.0304 2944  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:29:08.0320 2944  SCPolicySvc - ok
21:29:08.0335 2944  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:29:08.0351 2944  SDRSVC - ok
21:29:08.0398 2944  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:29:08.0413 2944  SeaPort - ok
21:29:08.0445 2944  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:29:08.0460 2944  secdrv - ok
21:29:08.0460 2944  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:29:08.0491 2944  seclogon - ok
21:29:08.0507 2944  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:29:08.0523 2944  SENS - ok
21:29:08.0538 2944  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:29:08.0554 2944  SensrSvc - ok
21:29:08.0569 2944  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:29:08.0601 2944  Serenum - ok
21:29:08.0632 2944  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:29:08.0647 2944  Serial - ok
21:29:08.0663 2944  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:29:08.0679 2944  sermouse - ok
21:29:08.0710 2944  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:29:08.0725 2944  SessionEnv - ok
21:29:08.0741 2944  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:29:08.0772 2944  sffdisk - ok
21:29:08.0788 2944  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:29:08.0803 2944  sffp_mmc - ok
21:29:08.0803 2944  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:29:08.0819 2944  sffp_sd - ok
21:29:08.0819 2944  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:08.0835 2944  sfloppy - ok
21:29:08.0850 2944  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:29:08.0897 2944  SharedAccess - ok
21:29:08.0928 2944  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:29:08.0975 2944  ShellHWDetection - ok
21:29:08.0991 2944  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:29:09.0006 2944  sisagp - ok
21:29:09.0022 2944  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:09.0022 2944  SiSRaid2 - ok
21:29:09.0037 2944  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:09.0053 2944  SiSRaid4 - ok
21:29:09.0069 2944  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:29:09.0084 2944  Smb - ok
21:29:09.0115 2944  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:29:09.0131 2944  SNMPTRAP - ok
21:29:09.0147 2944  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:29:09.0147 2944  spldr - ok
21:29:09.0193 2944  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:29:09.0209 2944  Spooler - ok
21:29:09.0287 2944  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:29:09.0318 2944  sppsvc - ok
21:29:09.0349 2944  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:29:09.0381 2944  sppuinotify - ok
21:29:09.0412 2944  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:29:09.0443 2944  srv - ok
21:29:09.0459 2944  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:29:09.0459 2944  srv2 - ok
21:29:09.0474 2944  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:29:09.0490 2944  srvnet - ok
21:29:09.0505 2944  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:29:09.0552 2944  SSDPSRV - ok
21:29:09.0599 2944  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:09.0615 2944  ssmdrv - ok
21:29:09.0615 2944  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:29:09.0646 2944  SstpSvc - ok
21:29:09.0677 2944  Steam Client Service - ok
21:29:09.0693 2944  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:29:09.0693 2944  stexstor - ok
21:29:09.0739 2944  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:29:09.0755 2944  StiSvc - ok
21:29:09.0786 2944  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:29:09.0802 2944  swenum - ok
21:29:09.0817 2944  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:29:09.0849 2944  swprv - ok
21:29:09.0880 2944  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:29:09.0911 2944  SysMain - ok
21:29:09.0927 2944  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:29:09.0958 2944  TabletInputService - ok
21:29:09.0989 2944  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:29:10.0020 2944  TapiSrv - ok
21:29:10.0020 2944  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:29:10.0051 2944  TBS - ok
21:29:10.0114 2944  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:29:10.0129 2944  Tcpip - ok
21:29:10.0145 2944  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:29:10.0176 2944  TCPIP6 - ok
21:29:10.0207 2944  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:29:10.0223 2944  tcpipreg - ok
21:29:10.0254 2944  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:29:10.0270 2944  TDPIPE - ok
21:29:10.0285 2944  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:29:10.0301 2944  TDTCP - ok
21:29:10.0332 2944  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:29:10.0348 2944  tdx - ok
21:29:10.0348 2944  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:29:10.0363 2944  TermDD - ok
21:29:10.0395 2944  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:29:10.0410 2944  TermService - ok
21:29:10.0426 2944  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:29:10.0441 2944  Themes - ok
21:29:10.0457 2944  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:29:10.0473 2944  THREADORDER - ok
21:29:10.0488 2944  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:29:10.0519 2944  TrkWks - ok
21:29:10.0566 2944  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:29:10.0597 2944  TrustedInstaller - ok
21:29:10.0613 2944  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:10.0644 2944  tssecsrv - ok
21:29:10.0675 2944  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:29:10.0691 2944  TsUsbFlt - ok
21:29:10.0785 2944  [ 6CF09C021F4A4D67B2234B53FF0A0B6B ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
21:29:10.0800 2944  TuneUp.UtilitiesSvc - ok
21:29:10.0831 2944  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
21:29:10.0831 2944  TuneUpUtilitiesDrv - ok
21:29:10.0863 2944  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:29:10.0894 2944  tunnel - ok
21:29:10.0909 2944  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:29:10.0925 2944  uagp35 - ok
21:29:10.0941 2944  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:29:10.0972 2944  udfs - ok
21:29:10.0972 2944  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:29:10.0987 2944  UI0Detect - ok
21:29:11.0019 2944  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:29:11.0034 2944  uliagpkx - ok
21:29:11.0050 2944  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:29:11.0050 2944  umbus - ok
21:29:11.0065 2944  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:29:11.0097 2944  UmPass - ok
21:29:11.0128 2944  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:29:11.0175 2944  upnphost - ok
21:29:11.0206 2944  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:11.0253 2944  usbccgp - ok
21:29:11.0284 2944  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:29:11.0315 2944  usbcir - ok
21:29:11.0346 2944  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:29:11.0346 2944  usbehci - ok
21:29:11.0362 2944  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:29:11.0393 2944  usbhub - ok
21:29:11.0409 2944  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:29:11.0424 2944  usbohci - ok
21:29:11.0440 2944  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:29:11.0455 2944  usbprint - ok
21:29:11.0487 2944  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:29:11.0518 2944  usbscan - ok
21:29:11.0533 2944  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:11.0549 2944  USBSTOR - ok
21:29:11.0565 2944  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:29:11.0580 2944  usbuhci - ok
21:29:11.0580 2944  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:29:11.0611 2944  UxSms - ok
21:29:11.0627 2944  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:29:11.0627 2944  VaultSvc - ok
21:29:11.0627 2944  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:29:11.0643 2944  vdrvroot - ok
21:29:11.0674 2944  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:29:11.0721 2944  vds - ok
21:29:11.0721 2944  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:11.0752 2944  vga - ok
21:29:11.0752 2944  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:29:11.0767 2944  VgaSave - ok
21:29:11.0783 2944  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:29:11.0799 2944  vhdmp - ok
21:29:11.0814 2944  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:29:11.0830 2944  viaagp - ok
21:29:11.0830 2944  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:29:11.0845 2944  ViaC7 - ok
21:29:11.0861 2944  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:29:11.0861 2944  viaide - ok
21:29:11.0892 2944  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:29:11.0892 2944  volmgr - ok
21:29:11.0908 2944  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:29:11.0923 2944  volmgrx - ok
21:29:11.0939 2944  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:29:11.0939 2944  volsnap - ok
21:29:11.0955 2944  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:11.0970 2944  vsmraid - ok
21:29:12.0017 2944  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:29:12.0048 2944  VSS - ok
21:29:12.0064 2944  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:29:12.0079 2944  vwifibus - ok
21:29:12.0095 2944  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:12.0111 2944  vwififlt - ok
21:29:12.0142 2944  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:29:12.0157 2944  W32Time - ok
21:29:12.0173 2944  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:29:12.0204 2944  WacomPen - ok
21:29:12.0220 2944  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:29:12.0251 2944  WANARP - ok
21:29:12.0251 2944  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:29:12.0267 2944  Wanarpv6 - ok
21:29:12.0313 2944  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:29:12.0360 2944  wbengine - ok
21:29:12.0376 2944  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:29:12.0391 2944  WbioSrvc - ok
21:29:12.0423 2944  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:29:12.0438 2944  wcncsvc - ok
21:29:12.0454 2944  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:29:12.0469 2944  WcsPlugInService - ok
21:29:12.0485 2944  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:29:12.0485 2944  Wd - ok
21:29:12.0516 2944  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:29:12.0532 2944  Wdf01000 - ok
21:29:12.0547 2944  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:29:12.0563 2944  WdiServiceHost - ok
21:29:12.0563 2944  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:29:12.0579 2944  WdiSystemHost - ok
21:29:12.0610 2944  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:29:12.0641 2944  WebClient - ok
21:29:12.0657 2944  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:29:12.0672 2944  Wecsvc - ok
21:29:12.0688 2944  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:29:12.0735 2944  wercplsupport - ok
21:29:12.0766 2944  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:29:12.0797 2944  WerSvc - ok
21:29:12.0813 2944  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:12.0828 2944  WfpLwf - ok
21:29:12.0844 2944  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:29:12.0844 2944  WIMMount - ok
21:29:12.0891 2944  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:29:12.0953 2944  WinDefend - ok
21:29:12.0953 2944  WinHttpAutoProxySvc - ok
21:29:12.0984 2944  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:29:13.0015 2944  Winmgmt - ok
21:29:13.0062 2944  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:29:13.0109 2944  WinRM - ok
21:29:13.0140 2944  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:13.0171 2944  WinUsb - ok
21:29:13.0187 2944  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:29:13.0234 2944  Wlansvc - ok
21:29:13.0281 2944  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:13.0312 2944  wlidsvc - ok
21:29:13.0327 2944  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:29:13.0343 2944  WmiAcpi - ok
21:29:13.0343 2944  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:29:13.0359 2944  wmiApSrv - ok
21:29:13.0405 2944  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:13.0437 2944  WMPNetworkSvc - ok
21:29:13.0452 2944  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:29:13.0452 2944  WPCSvc - ok
21:29:13.0483 2944  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:29:13.0515 2944  WPDBusEnum - ok
21:29:13.0530 2944  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:29:13.0561 2944  ws2ifsl - ok
21:29:13.0577 2944  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:29:13.0593 2944  wscsvc - ok
21:29:13.0593 2944  WSearch - ok
21:29:13.0780 2944  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:29:13.0811 2944  wuauserv - ok
21:29:13.0827 2944  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:29:13.0842 2944  WudfPf - ok
21:29:13.0873 2944  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:13.0889 2944  WUDFRd - ok
21:29:13.0905 2944  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:29:13.0920 2944  wudfsvc - ok
21:29:13.0936 2944  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:29:13.0967 2944  WwanSvc - ok
21:29:13.0998 2944  ================ Scan global ===============================
21:29:14.0014 2944  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:29:14.0045 2944  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:29:14.0045 2944  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:29:14.0076 2944  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:29:14.0076 2944  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:29:14.0092 2944  [Global] - ok
21:29:14.0092 2944  ================ Scan MBR ==================================
21:29:14.0092 2944  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
21:29:16.0229 2944  \Device\Harddisk0\DR0 - ok
21:29:16.0229 2944  [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
21:29:16.0479 2944  \Device\Harddisk1\DR1 - ok
21:29:16.0479 2944  ================ Scan VBR ==================================
21:29:16.0494 2944  [ 685CEB5172EAC80DC897B5F84AA02CAE ] \Device\Harddisk0\DR0\Partition1
21:29:16.0494 2944  \Device\Harddisk0\DR0\Partition1 - ok
21:29:16.0510 2944  [ DF9CD658E5F8CA4D63044E7356099036 ] \Device\Harddisk0\DR0\Partition2
21:29:16.0510 2944  \Device\Harddisk0\DR0\Partition2 - ok
21:29:16.0525 2944  [ 8CAD67ACC50098F6A49CFC1D45189B2F ] \Device\Harddisk0\DR0\Partition3
21:29:16.0541 2944  \Device\Harddisk0\DR0\Partition3 - ok
21:29:16.0541 2944  [ 9E0DE3C72F0EB4000645949AFFE70E4E ] \Device\Harddisk1\DR1\Partition1
21:29:16.0541 2944  \Device\Harddisk1\DR1\Partition1 - ok
21:29:16.0541 2944  ============================================================
21:29:16.0541 2944  Scan finished
21:29:16.0541 2944  ============================================================
21:29:16.0557 2988  Detected object count: 0
21:29:16.0557 2988  Actual detected object count: 0
21:56:24.0023 2004  Deinitialize success
         

Alt 02.01.2013, 20:25   #10
markusg
/// Malware-holic
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Macht nichts, ich auch nicht :d
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 07:53   #11
Thorini
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hallo,

ich habe es durchgeführt.

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-05.01 - XXX 06.01.2013   7:33.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3063.1964 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
K:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-06 bis 2013-01-06  ))))))))))))))))))))))))))))))
.
.
2013-01-04 17:25 . 2013-01-04 17:25	--------	d-----w-	c:\program files\AGEIA Technologies
2013-01-04 17:23 . 2012-12-03 15:39	9373032	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-01-04 17:23 . 2012-12-03 15:39	889192	----a-w-	c:\windows\system32\nvdispgenco32.dll
2013-01-04 17:23 . 2012-12-03 15:39	7819016	----a-w-	c:\windows\system32\nvcuda.dll
2013-01-04 17:23 . 2012-12-03 15:39	6149904	----a-w-	c:\windows\system32\nvopencl.dll
2013-01-04 17:23 . 2012-12-03 15:39	2606440	----a-w-	c:\windows\system32\nvcuvid.dll
2013-01-04 17:23 . 2012-12-03 15:39	20335976	----a-w-	c:\windows\system32\nvoglv32.dll
2013-01-04 17:23 . 2012-12-03 15:39	1874280	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-01-04 17:23 . 2012-12-03 15:39	17559912	----a-w-	c:\windows\system32\nvcompiler.dll
2013-01-04 17:23 . 2012-12-03 15:39	1011048	----a-w-	c:\windows\system32\nvdispco32.dll
2013-01-04 17:23 . 2012-07-03 15:25	28008	----a-w-	c:\windows\system32\nvhdap32.dll
2013-01-04 17:23 . 2012-07-03 15:25	149352	----a-w-	c:\windows\system32\drivers\nvhda32v.sys
2013-01-04 17:23 . 2012-07-03 07:37	884072	----a-w-	c:\windows\system32\nvhdagenco3220103.dll
2012-12-23 21:37 . 2012-12-23 21:37	--------	d-----w-	c:\program files\Common Files\Adobe
2012-12-22 00:16 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 00:16 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 08:21 . 2012-12-20 08:38	--------	d-----w-	C:\_OTL
2012-12-19 15:44 . 2012-12-19 15:44	--------	d-----w-	c:\users\XXX\AppData\Local\Programs
2012-12-19 15:44 . 2012-12-19 15:44	--------	d-----w-	c:\users\XXX\AppData\Roaming\Malwarebytes
2012-12-19 15:44 . 2012-12-19 15:44	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-19 15:44 . 2013-01-01 01:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-19 15:44 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-11 10:44 . 2012-12-11 10:44	--------	d-----w-	c:\program files\Ask.com
2012-12-11 10:33 . 2012-12-11 10:33	--------	d-----w-	c:\programdata\Ask
2012-12-11 10:33 . 2012-12-11 10:33	--------	d-----w-	c:\program files\Common Files\Java
2012-12-11 10:33 . 2012-12-11 10:33	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-11 10:33 . 2012-12-11 10:33	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-11 10:33 . 2012-12-11 10:33	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-11 10:33 . 2012-12-11 10:33	--------	d-----w-	c:\program files\Java
2012-12-09 17:42 . 2012-12-09 17:42	--------	d-----w-	c:\program files\corporate benefits
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:38 . 2012-06-06 17:35	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:38 . 2012-06-06 17:35	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-03 15:39 . 2010-01-08 07:00	12603960	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-12-03 15:39 . 2010-01-08 07:00	15122280	----a-w-	c:\windows\system32\nvd3dum.dll
2012-12-03 15:39 . 2010-01-08 07:00	2496976	----a-w-	c:\windows\system32\nvapi.dll
2012-12-01 04:38 . 2009-11-20 19:33	2869608	----a-w-	c:\windows\system32\nvsvc.dll
2012-12-01 04:38 . 2009-11-20 19:33	3984744	----a-w-	c:\windows\system32\nvcpl.dll
2012-12-01 04:37 . 2009-11-20 19:33	645480	----a-w-	c:\windows\system32\nvvsvc.exe
2012-12-01 04:37 . 2009-11-20 19:33	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-12-01 04:37 . 2009-11-20 19:33	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-12-01 04:37 . 2009-11-20 19:33	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-11-30 21:43 . 2012-11-30 21:43	438632	----a-w-	c:\windows\system32\nvStreaming.exe
2012-10-16 07:39 . 2012-11-28 19:31	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-15 11:41	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 11:41	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-12-07 11:11 . 2012-12-07 11:10	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49	176936	----a-w-	c:\program files\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-16 1573576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
.
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 19:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\klbsbtco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - ExtSQL: 2012-12-11 11:44; toolbar@ask.com; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\klbsbtco.default\extensions\toolbar@ask.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1d8566bd-f06f-4029-a3be-ba80af5a09f3} - (no file)
Toolbar-10 - (no file)
Toolbar-!{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-06  07:40:44
ComboFix-quarantined-files.txt  2013-01-06 06:40
.
Vor Suchlauf: 9 Verzeichnis(se), 729.344.266.240 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 729.272.909.824 Bytes frei
.
- - End Of File - - 3E0859045AC74ABCFCAAE73968C64909
         
--- --- ---

Alt 06.01.2013, 17:35   #12
markusg
/// Malware-holic
 
Rechner Sperrung durch Trojaner Bundespolizei - Standard

Rechner Sperrung durch Trojaner Bundespolizei



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Rechner Sperrung durch Trojaner Bundespolizei
administrator, aktion, anti-malware, autostart, dateien, explorer, gen, gesperrt, hinweis, log, malwarebytes, microsoft, quarantäne, rechner, rechner sperrung durch trojaner bundespolizei, sache, sachen, seite, service, software, speicher, sperrung, test, trojaner, version



Ähnliche Themen: Rechner Sperrung durch Trojaner Bundespolizei


  1. Plötzliche Sperrung des Laptops durch die NSA Interpol und Aufforderung zur Zahlung von 100 EUR
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (3)
  2. Windows 7 x64: Sperrung durch Interpol-Trojaner / scramware
    Log-Analyse und Auswertung - 03.09.2014 (9)
  3. Bundespolizei Virus-ohne Sperrung
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (13)
  4. Trojaner-Problem durch Sperrung meiner E-Mailadresse aufgefallen
    Plagegeister aller Art und deren Bekämpfung - 03.11.2013 (1)
  5. Sperrung des PCs durch Bundesamt für Internetsicherheit ?
    Log-Analyse und Auswertung - 04.06.2013 (95)
  6. Sperrung des Rechnerst durch AVU-Meldung
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (5)
  7. BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)?
    Log-Analyse und Auswertung - 02.10.2012 (30)
  8. Bundespolizei-Informationskontrolle-Sperrung
    Log-Analyse und Auswertung - 30.08.2012 (5)
  9. Kleiner Tipp: Sperrung durch Ukash Trojaner verhindern!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (4)
  10. Bundespolizei Trojaner (Computer-Sperrung) - CH Version
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (51)
  11. Trojaner - GVU/Bundespolizei/ PC-Sperrung
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (24)
  12. Trojaner - GVU/Bundespolizei/ PC-Sperrung
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (1)
  13. Sperrung durch Bundespolizei (Cyber Crimes Unit)
    Log-Analyse und Auswertung - 10.04.2012 (13)
  14. PC Sperrung durch Windows Security Center
    Log-Analyse und Auswertung - 15.03.2012 (15)
  15. Sperrung des Windowssystems durch einen Virus der 50€ für Entsperrung haben will.
    Log-Analyse und Auswertung - 07.03.2012 (8)
  16. Pc Sperrung durch Windows Sicherheitscenter
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (1)
  17. Internetbanking Sperrung durch Gozi
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (9)

Zum Thema Rechner Sperrung durch Trojaner Bundespolizei - Hallo, gestern abend hat ein Trojaner meinen Rechner gesperrt mit einem Hinweis "Die Bundespolizei hat Ihren Rechner gesperrt" Auf dieser Seite habe ich die ersten Schritte gefunden. Ich habe Malwarebytes - Rechner Sperrung durch Trojaner Bundespolizei...
Archiv
Du betrachtest: Rechner Sperrung durch Trojaner Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.