Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 100 Euro Paysafe Virus / Computer gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2013, 10:40   #1
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Hallo an Alle,

auch mein Computer wurde von einem dieser 100 Euro Paysafe Viren/Trojaner infiziert, was mich als absoluten Computerleien ziemlich ratlos macht . Ich habe meinen Laptop (Windows Vista) beim Bilderstöbern auf Google infiziert und jetzt hoffe ich, dass ich hier vielleicht Hilfe finden kann.

Nachdem der Computer infiziert wurde (ich habe weder irgendetwas runtergeladen, noch irgendwelche Files aufgemacht), erschien eine dieser Nachrichten, die einen zum Zahlen auffordert (auch die Webcam war aktiv). Ich habe sofort den Computer ausgemacht und die Internetverbindung gekappt.

Beim Neustart wurde zuerst der Desktop normal geladen, jedoch verschwand dann alles (ausser dem Hintergrundbild) und nach einer Weile kam wieder die Zahlungsaufforderung (man konnte sonst absolut nichts machen, da der Computer gesperrt war). Gleichzeit forderte mich ein Fenster auf (Benutzerkonto), meine Zustimmung zum Windows-Start zu geben. Da ich unsicher war, habe ich nichts zugestimmt, sondern den Computer wieder ausgemacht.

Ich habe dann über das Telefon im Internet nach Lösungen gesucht und habe diese Seite gefunden. Habe daraufhin meinen Computer im abgesicherten Modus (mit Netzwerktreibern) gestartet und mich hier angemeldet.

Da ich hier gelesen habe, dass die Lösungen individuell sind, habe ich noch keine weiteren Schritte unternommen.

Ich hoffe, mein Problem kann hier gelöst werden.

Grüsse
J

Habe schon mal den Schritt mit dem OTL Scan gemacht und das ist das Ergebnis:

OTL.Txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.01.2013 12:18:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bernd\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 86,30% Memory free
6,69 Gb Paging File | 6,45 Gb Available in Paging File | 96,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 48,01 Gb Free Space | 32,22% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 112,27 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
 
Computer Name: MYASUS | User Name: Bernd | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.11 12:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2013.01.09 16:02:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.11 14:06:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 14:06:14 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.11 09:13:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010.04.02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.01.22 08:01:00 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.09.25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009.04.07 18:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Stopped] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV - [2008.08.14 04:59:52 | 000,100,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Stopped] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.12.11 14:06:25 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 14:06:25 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 09:56:34 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.02.13 19:29:26 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.02.13 19:29:25 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.02.13 19:29:25 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.01.22 08:12:40 | 005,191,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.01.22 07:07:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.11.12 14:42:29 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009.09.05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.29 00:44:11 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009.04.28 04:16:09 | 001,019,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.04.01 22:12:48 | 000,233,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008.12.24 09:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008.11.27 12:16:47 | 000,135,680 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.11.03 08:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.08.11 03:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.05.29 17:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.29 01:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.27 21:55:53 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 14:26:41 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.07 07:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://crewportal.fra.dlh.de/
IE - HKCU\..\SearchScopes,DefaultScope = {798C4647-60AB-4264-BF19-CE71A8338F13}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{798C4647-60AB-4264-BF19-CE71A8338F13}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 08:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.11 09:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.11 09:13:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.11 09:13:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.11 09:13:48 | 000,000,000 | ---D | M]
 
[2009.09.02 21:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions
[2012.02.09 10:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\51w5fv28.default\extensions
[2011.12.19 20:02:22 | 000,000,933 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\51w5fv28.default\searchplugins\11-suche.xml
[2011.12.19 20:02:23 | 000,002,419 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\51w5fv28.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 20:02:22 | 000,010,525 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\51w5fv28.default\searchplugins\gmx-suche.xml
[2011.12.19 20:02:23 | 000,002,457 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\51w5fv28.default\searchplugins\lastminute.xml
[2011.12.19 20:02:22 | 000,005,508 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\51w5fv28.default\searchplugins\webde-suche.xml
[2012.12.11 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.11 09:13:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.09.04 12:35:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.12.11 09:13:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 18:48:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DisableS3S4] c:\DisableS3S4.cmd File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC87E2C-4D06-4603-8825-86F262FC5282}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E82D3FC2-11B0-4439-8B2E-4FB7CE21B4AA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d591d25-995f-11de-b328-0026188b82f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0d591d25-995f-11de-b328-0026188b82f9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{240713d0-c88e-11de-a8e5-0026188b82f9}\Shell - "" = AutoRun
O33 - MountPoints2\{240713d0-c88e-11de-a8e5-0026188b82f9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 12:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bernd\Desktop\OTL.exe
[2013.01.11 09:47:08 | 000,184,832 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Bernd\wgsdgsdgdsgsd.exe
[2013.01.01 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{4A7D2E03-230C-4B4F-B6BA-1BC03DFFFF1C}
[2012.12.29 04:57:55 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{465F967A-25E1-408A-ADD1-17302B710947}
[2012.12.25 01:30:22 | 000,000,000 | ---D | C] -- C:\Temp
[2012.12.25 01:26:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.12.25 01:26:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.12.25 01:26:44 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Samsung
[2012.12.25 01:26:41 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\Samsung
[2012.12.25 01:26:36 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Documents\samsung
[2012.12.25 01:21:39 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.12.25 01:21:39 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.12.25 01:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.12.25 01:18:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.12.25 01:18:15 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.12.25 01:18:15 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.12.25 01:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.12.25 01:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012.12.25 01:10:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.17 16:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\honestech
[2012.12.17 16:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech Audio Recorder 2.0 Deluxe
[2012.12.17 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\honestech Audio Recorder 2.0 Deluxe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 12:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd\Desktop\OTL.exe
[2013.01.11 11:14:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 11:07:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.11 11:07:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.01.11 11:04:24 | 000,001,791 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk
[2013.01.11 11:04:20 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.11 11:03:36 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 11:03:36 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 11:03:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.11 10:33:09 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.01.11 10:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.11 09:47:16 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.11 09:47:16 | 000,000,891 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.11 09:47:08 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Bernd\wgsdgsdgdsgsd.exe
[2013.01.11 09:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.11 08:53:15 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.11 08:53:15 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.11 08:53:15 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.11 08:53:15 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.06 19:16:27 | 000,007,728 | ---- | M] () -- C:\Users\Bernd\AppData\Local\d3d9caps.dat
[2013.01.01 20:23:33 | 000,460,824 | ---- | M] () -- C:\img2-001.raw
[2012.12.22 23:18:14 | 000,026,225 | ---- | M] () -- C:\Users\Bernd\Desktop\crewlist05nov12.odt
[2012.12.22 23:04:04 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.12.22 23:02:20 | 000,398,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.17 16:38:34 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\honestech Audio Recorder 2.0 Deluxe.lnk
[2012.12.17 16:38:34 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\honestech Audio Recorder 2.0 Deluxe Launcher.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.11 09:47:16 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.11 09:47:16 | 000,000,891 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.11 09:47:09 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.01 20:23:33 | 000,460,824 | ---- | C] () -- C:\img2-001.raw
[2012.12.22 23:18:11 | 000,026,225 | ---- | C] () -- C:\Users\Bernd\Desktop\crewlist05nov12.odt
[2012.12.17 16:38:34 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\honestech Audio Recorder 2.0 Deluxe.lnk
[2012.12.17 16:38:34 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\honestech Audio Recorder 2.0 Deluxe Launcher.lnk
[2012.12.12 12:20:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.12 12:20:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.24 12:02:48 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.07.14 04:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\AppData\Local\{3F946D10-7817-4207-ADEB-2577B3064534}
[2011.01.03 11:35:29 | 000,007,728 | ---- | C] () -- C:\Users\Bernd\AppData\Local\d3d9caps.dat
[2009.11.12 14:46:21 | 000,000,235 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\devices.xml
[2009.11.12 14:46:21 | 000,000,012 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\settings.xml
[2009.09.10 21:52:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.03 22:44:34 | 000,046,080 | ---- | C] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.14 22:57:58 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.11.08 11:42:22 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Leadertech
[2009.10.11 13:45:57 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\LG Electronics
[2009.09.02 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\OpenOffice.org
[2012.01.20 14:33:03 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\PhotoScape
[2012.12.25 01:26:57 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Samsung
[2010.02.08 23:39:20 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Sony
[2010.02.08 23:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Sony Setup
[2009.09.06 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Stellarium
[2012.05.25 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Visan
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.09.02 18:35:25 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.07.29 00:56:23 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2009.09.05 14:22:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.12.25 01:18:11 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.28 06:18:10 | 000,000,000 | -H-D | M] -- C:\LG3G
[2009.12.05 21:44:06 | 000,000,000 | ---D | M] -- C:\lgupload
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.25 01:16:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.11 09:47:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.01.10 16:09:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.25 01:30:22 | 000,000,000 | ---D | M] -- C:\Temp
[2009.09.02 18:21:37 | 000,000,000 | R--D | M] -- C:\Users
[2009.09.02 23:06:04 | 000,000,000 | ---D | M] -- C:\vpn_neu
[2013.01.11 11:08:38 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.09.03 18:09:59 | 000,001,022 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009.09.03 18:19:06 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.09.03 18:19:08 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.29 14:24:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.05.25 13:13:32 | 000,000,324 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Communicator.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.27 21:55:53 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 21:55:53 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.29 00:03:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.07.29 00:03:55 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.07.29 00:03:55 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.07.29 00:03:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.11 12:17:51 | 002,621,440 | -HS- | M] () -- C:\Users\Bernd\NTUSER.DAT
[2013.01.11 12:17:51 | 000,262,144 | -H-- | M] () -- C:\Users\Bernd\ntuser.dat.LOG1
[2009.09.02 18:21:38 | 000,000,000 | -H-- | M] () -- C:\Users\Bernd\ntuser.dat.LOG2
[2013.01.11 11:13:16 | 000,065,536 | -HS- | M] () -- C:\Users\Bernd\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.01.11 11:13:16 | 000,524,288 | -HS- | M] () -- C:\Users\Bernd\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.12.23 10:16:30 | 000,524,288 | -HS- | M] () -- C:\Users\Bernd\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.09.02 18:21:38 | 000,000,020 | -HS- | M] () -- C:\Users\Bernd\ntuser.ini
[2013.01.11 09:47:08 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Bernd\wgsdgsdgdsgsd.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


Extras.Txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2013 12:18:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bernd\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 86,30% Memory free
6,69 Gb Paging File | 6,45 Gb Available in Paging File | 96,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 48,01 Gb Free Space | 32,22% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 112,27 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
 
Computer Name: MYASUS | User Name: Bernd | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013A1809-9BAA-4D19-AC04-EF5EDEF0300C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{08DFB609-940D-4531-8392-54A2EDBA8A78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{111DB348-3B7A-4C62-A501-2FDE2E1755B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{13F152CC-3161-4255-9114-DB758E35D644}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19D73947-1AA4-43D9-AFD4-71CCD33175AB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{21E76C16-AE0B-43AE-927A-5C88BC1E5050}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{300C716A-4315-46C7-929E-C12407FBA455}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{46355F56-45BB-4F08-A870-FC011454E3EF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4E303B5D-BAA2-4E11-90F0-AA06E7942DD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{756715B7-19C5-451F-915D-5FA3DAC59CD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83D07D70-5D5C-401F-A3A7-2C2641FDC8DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{956C7F38-099E-4FC6-A5F1-8916615AD44D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AFEBE320-2CC8-4C8E-81C6-A8B0660A44DB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BD18FFD7-5E09-4A57-887B-FD62116876A9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BDF3FA62-9F0A-4824-90E0-D3E893C8E369}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BF9307A1-12D7-40C7-9ED7-231C4F05977C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C0F5DE30-6BA9-41E6-BE43-6B3C7C7FFB0F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4F2791F-78B0-445F-80B2-E9386CC03863}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EA266FEF-A00C-4AD6-94C5-0CC3ACA2E853}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EC339158-C354-44ED-AFDE-C9D47AF7A4C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EFF716E0-DF49-4B8A-8322-9E4F68FA1641}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F6CE111B-6026-455F-9CB0-060C08EDDE85}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C953D3-EFC6-428B-945E-2D1D576AE6F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0CDE0B0C-04CE-4BF8-8FEF-0785F48BC85F}" = protocol=6 | dir=in | app=c:\users\bernd\desktop\update service\update service.exe | 
"{43B17913-297A-4231-8783-6840B9894F60}" = protocol=17 | dir=in | app=c:\users\bernd\desktop\update service\update service.exe | 
"{49AA7933-36C5-46FD-80E2-3792CA0A08A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{645AC3A7-F198-4413-AFCD-6952C71DF970}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{756EB3D9-1AA9-40EE-9346-0620B7796F0E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7939CE7C-65B4-45B7-B338-946448AA2CC7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7B775A16-1833-4D46-AA24-A196A2BAB274}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BE55E035-BBBC-41D1-B7E2-701A2506E556}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C573D90A-FB0B-4634-BAB2-7B6CC225462E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB28281A-D566-467E-BB7B-F2DEBA98D5F7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D40E97E2-0098-4ECB-A960-FF0B5F9C2328}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E9B8FD35-0477-404E-95D2-93E936863BC7}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{F5545535-6BEC-472A-A483-C7E28C11599E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{78667697-616B-4DAC-A163-6104976516AF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{AF96F3F7-414A-4BA1-BF56-78C1DA25C54B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{B42AF43A-8A44-4BEF-BC99-22298733D8CC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{E229E3D8-5723-403C-A1A1-827B8E4FC7A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E48F543C-3FCF-4244-9DB0-6E5B3BB322C4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{194E2252-F859-49B8-8F53-E120F9766501}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{4A722140-D002-4715-8E49-5DE24FF90DBA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{93126F8E-72DB-4812-98CC-7AE1246F3FA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E06965EF-E39E-4933-8F4F-B229252EAAD8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{E0BD7BC3-3C74-4A6D-AFED-51933C607C95}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17B3A135-BAA4-1953-AEDF-1496A5159E2A}" = CCC Help French
"{198D33D2-45AB-4B1F-B9E8-F6E542F81335}" = honestech Audio Recorder 2.0 Deluxe
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206262A9-1646-7014-22A0-41945D93426C}" = CCC Help Dutch
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2677066A-6ACC-8B1B-82C0-7311ED12D73A}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29164718-5C73-D67E-8A3F-A00220D98818}" = CCC Help Portuguese
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DA0C980-2ACE-3F81-0306-131F70BD751B}" = Catalyst Control Center Core Implementation
"{2E1AC6B8-F779-F3D3-3683-E0240D576917}" = CCC Help Italian
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30FDAACF-C49B-5AE6-2AA9-2C050F929B37}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3460BCDC-B45D-84A7-C8ED-C5041B8E2A2B}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{44580BA8-245A-814D-BD25-7EA6FACD5DDC}" = CCC Help Russian
"{47C7E3C7-1E38-85DB-887D-F9FF84F2086A}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{566F3EB2-C09A-F090-F573-169C42E7E381}" = Catalyst Control Center Graphics Full Existing
"{567C654B-7FE9-4970-8323-56E8191D1941}" = ASUS FancyStart
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62CA4D04-7DC8-7ED6-7AE4-833A79AE2DF9}" = Catalyst Control Center Graphics Full New
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{655E04FB-E875-4668-D05A-A3CED767DFF8}" = CCC Help Korean
"{656C519D-C82C-F7E0-93CE-087D5CA75AEA}" = ccc-core-static
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{7099D2EB-872E-5163-3F00-A893AC905042}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E84495-D53C-07FB-76D0-4DD11E710882}" = Catalyst Control Center Localization All
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{806C9880-B087-B336-A86A-5E7E4DB95C39}" = CCC Help Norwegian
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E274487-2617-4339-AD1A-A642E8BA8393}" = Studie zur Verbesserung von HP Photosmart 5510 series Produkten
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}" = honestech Audio Recorder 2.0 Deluxe
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A460F932-27CF-76F6-A291-8C4F7337EFE9}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB429542-1E9D-7479-7ED4-B6D0B5C237E7}" = CCC Help Czech
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32ECB8E-4532-FD59-02C4-CB0B8F90F68D}" = CCC Help Swedish
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B61F7104-884B-D57D-1626-DE5AD5674B51}" = Skins
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B7606E5A-5D01-789F-F5E1-39D78F04854C}" = Catalyst Control Center Graphics Previews Vista
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BB1E1B48-6136-1887-7307-2D9414009516}" = CCC Help Thai
"{BFDAC740-3ACD-50A5-6259-F14FA93C86A5}" = ccc-utility
"{C0AE3E60-6003-AF6F-BF8A-B2829480D39D}" = CCC Help Greek
"{C1DFFC18-D91D-0481-0003-5B968F09AFDF}" = CCC Help Chinese Traditional
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C92877A9-9294-334C-0AEB-A1CCA8905FC6}" = CCC Help Finnish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D463B523-2F2F-A82D-B980-01C9AD578580}" = CCC Help Danish
"{D7385800-AE69-7527-1615-7DFDC02DF55A}" = Catalyst Control Center Graphics Light
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB7752E0-D5F8-93DA-7C34-3CD8ECB123B5}" = CCC Help Polish
"{DBE1E170-3EF6-AAA5-32C4-A78D98DF86A1}" = ATI Catalyst Install Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59AA04C-67BC-C6F8-E8B9-A9E103E3F49B}" = CCC Help German
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FC3D5BBB-CDF6-252C-2212-06D61AD2C628}" = Catalyst Control Center InstallProxy
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Elantech" = ETDWare PS/2-x86 7.0.5.3 WHQL
"Google Updater" = Google Updater
"HP Photo Creations" = HP Photo Creations
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Addon Mod" = Network Addon Mod Version June 2009
"PhotoScape" = PhotoScape
"Update Service" = Update Service
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 10:11:56 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 09:55:39 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 03:47:28 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 04:49:26 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 05:27:24 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 06:04:12 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 06:09:14 | Computer Name = myasus | Source = EventSystem | ID = 4609
Description = 
 
Error - 11.01.2013 06:10:14 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 06:14:58 | Computer Name = myasus | Source = EventSystem | ID = 4609
Description = 
 
Error - 11.01.2013 06:16:07 | Computer Name = myasus | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.01.2013 06:10:15 | Computer Name = myasus | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2013 06:10:15 | Computer Name = myasus | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 11.01.2013 06:14:50 | Computer Name = myasus | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2013 06:14:58 | Computer Name = myasus | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2013 06:15:01 | Computer Name = myasus | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2013 06:15:02 | Computer Name = myasus | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 11.01.2013 06:15:58 | Computer Name = myasus | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2013 06:16:05 | Computer Name = myasus | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2013 06:16:07 | Computer Name = myasus | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2013 06:16:07 | Computer Name = myasus | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---


Gruss

Alt 11.01.2013, 12:21   #2
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2013.01.11 09:47:16 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.11 09:47:16 | 000,000,891 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.11 09:47:08 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Bernd\wgsdgsdgdsgsd.exe
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 11.01.2013, 13:00   #3
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Hi, vielen Dank für die schnelle Antwort und die Hilfe. Computer läuft nach Neustart im Normalmodus.

Hier nun der Text:

Zitat:
All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
C:\Users\Bernd\wgsdgsdgdsgsd.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bernd
->Flash cache emptied: 123142 bytes

User: Default
->Flash cache emptied: 41 bytes

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Bernd
->Temp folder emptied: 2072741172 bytes
->Temporary Internet Files folder emptied: 650210486 bytes
->Java cache emptied: 1496292 bytes
->FireFox cache emptied: 88750829 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 634059011 bytes
RecycleBin emptied: 2221114986 bytes

Total Files Cleaned = 5.406,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01112013_132545

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Edit: Der Upload hat geklappt. Die Zip-Datei wurde hochgeladen.
__________________

Alt 11.01.2013, 14:59   #4
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Danke dir.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 15:28   #5
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Habe den Scan durchgeführt, es gab 6 Funde, die geskippt wurden. Kann den Report sehen, aber aus irgendeinem Grund kann ich kein Rechtsklick machen und den Report kopieren, um ihn hier zu posten. Rechtsklick auf trojaner-board.de funktioniert normal. Was lief schief?

(Beim zweiten Scan kam das selbe Problem).


Alt 11.01.2013, 15:44   #6
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



öffne bitte c: tdss-killer-version-datum.txt, Inhalt posten, danke.
__________________
--> 100 Euro Paysafe Virus / Computer gesperrt

Alt 11.01.2013, 15:45   #7
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Sorry, wie dumm von mir, bin gerade selbst darauf gekommen.

Zitat:
16:25:20.0453 5364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:25:20.0687 5364 ============================================================
16:25:20.0687 5364 Current date / time: 2013/01/11 16:25:20.0687
16:25:20.0687 5364 SystemInfo:
16:25:20.0687 5364
16:25:20.0687 5364 OS Version: 6.0.6002 ServicePack: 2.0
16:25:20.0687 5364 Product type: Workstation
16:25:20.0687 5364 ComputerName: MYASUS
16:25:20.0687 5364 UserName: Bernd
16:25:20.0687 5364 Windows directory: C:\Windows
16:25:20.0687 5364 System windows directory: C:\Windows
16:25:20.0687 5364 Processor architecture: Intel x86
16:25:20.0687 5364 Number of processors: 2
16:25:20.0687 5364 Page size: 0x1000
16:25:20.0687 5364 Boot type: Normal boot
16:25:20.0687 5364 ============================================================
16:25:21.0764 5364 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:25:21.0779 5364 ============================================================
16:25:21.0779 5364 \Device\Harddisk0\DR0:
16:25:21.0779 5364 MBR partitions:
16:25:21.0779 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
16:25:21.0795 5364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
16:25:21.0795 5364 ============================================================
16:25:21.0842 5364 C: <-> \Device\Harddisk0\DR0\Partition1
16:25:21.0889 5364 D: <-> \Device\Harddisk0\DR0\Partition2
16:25:21.0889 5364 ============================================================
16:25:21.0889 5364 Initialize success
16:25:21.0889 5364 ============================================================
16:25:32.0122 2264 ============================================================
16:25:32.0122 2264 Scan started
16:25:32.0122 2264 Mode: Manual; SigCheck; TDLFS;
16:25:32.0122 2264 ============================================================
16:25:32.0668 2264 ================ Scan system memory ========================
16:25:32.0668 2264 System memory - ok
16:25:32.0668 2264 ================ Scan services =============================
16:25:32.0855 2264 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:25:33.0058 2264 ACPI - ok
16:25:33.0167 2264 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:25:33.0183 2264 AdobeARMservice - ok
16:25:33.0277 2264 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:25:33.0308 2264 AdobeFlashPlayerUpdateSvc - ok
16:25:33.0370 2264 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:25:33.0433 2264 adp94xx - ok
16:25:33.0479 2264 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:25:33.0511 2264 adpahci - ok
16:25:33.0542 2264 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:25:33.0573 2264 adpu160m - ok
16:25:33.0620 2264 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:25:33.0651 2264 adpu320 - ok
16:25:33.0713 2264 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
16:25:33.0729 2264 ADSMService ( UnsignedFile.Multi.Generic ) - warning
16:25:33.0729 2264 ADSMService - detected UnsignedFile.Multi.Generic (1)
16:25:33.0760 2264 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:25:33.0791 2264 AeLookupSvc - ok
16:25:33.0838 2264 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:25:33.0854 2264 AFD - ok
16:25:33.0901 2264 [ BE913403ED7219894B30E362FD8D4313 ] AFS C:\Windows\system32\drivers\AFS.sys
16:25:33.0916 2264 AFS ( UnsignedFile.Multi.Generic ) - warning
16:25:33.0916 2264 AFS - detected UnsignedFile.Multi.Generic (1)
16:25:33.0947 2264 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:25:33.0963 2264 agp440 - ok
16:25:34.0010 2264 [ FBE4016F9EF3AB3DB547E40A936B6CD9 ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys
16:25:34.0072 2264 ahcix86s - ok
16:25:34.0103 2264 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:25:34.0119 2264 aic78xx - ok
16:25:34.0166 2264 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:25:34.0213 2264 ALG - ok
16:25:34.0244 2264 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:25:34.0259 2264 aliide - ok
16:25:34.0306 2264 [ 86E479DB9E34653E0B0A604BFD65262D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:25:34.0322 2264 AMD External Events Utility - ok
16:25:34.0353 2264 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:25:34.0369 2264 amdagp - ok
16:25:34.0384 2264 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
16:25:34.0400 2264 amdide - ok
16:25:34.0415 2264 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:25:34.0447 2264 AmdK7 - ok
16:25:34.0462 2264 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:25:34.0493 2264 AmdK8 - ok
16:25:34.0681 2264 [ 7012FAAC2534B6DBB701517CA5ECD59B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
16:25:34.0821 2264 amdkmdag - ok
16:25:34.0868 2264 [ 9DF5761EE9CBEF80199E737D85541BD4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:25:34.0883 2264 amdkmdap - ok
16:25:34.0961 2264 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:25:34.0977 2264 AntiVirSchedulerService - ok
16:25:35.0024 2264 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:25:35.0039 2264 AntiVirService - ok
16:25:35.0086 2264 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:25:35.0102 2264 Appinfo - ok
16:25:35.0149 2264 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:25:35.0180 2264 arc - ok
16:25:35.0227 2264 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:25:35.0242 2264 arcsas - ok
16:25:35.0289 2264 [ 104DB777372411C55850C4A2AE6877EF ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
16:25:35.0305 2264 AsDsm - ok
16:25:35.0336 2264 [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
16:25:35.0351 2264 ASLDRService - ok
16:25:35.0383 2264 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
16:25:35.0398 2264 ASMMAP - ok
16:25:35.0445 2264 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:35.0492 2264 AsyncMac - ok
16:25:35.0539 2264 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:25:35.0554 2264 atapi - ok
16:25:35.0617 2264 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
16:25:35.0741 2264 athr - ok
16:25:35.0788 2264 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:25:35.0819 2264 AtiPcie - ok
16:25:35.0835 2264 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
16:25:35.0851 2264 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
16:25:35.0851 2264 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
16:25:35.0897 2264 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:25:35.0944 2264 AudioEndpointBuilder - ok
16:25:35.0991 2264 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:25:36.0038 2264 Audiosrv - ok
16:25:36.0085 2264 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:25:36.0100 2264 avgntflt - ok
16:25:36.0163 2264 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:25:36.0178 2264 avipbb - ok
16:25:36.0225 2264 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:25:36.0241 2264 avkmgr - ok
16:25:36.0287 2264 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:25:36.0319 2264 Beep - ok
16:25:36.0365 2264 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:25:36.0428 2264 BFE - ok
16:25:36.0521 2264 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:25:36.0615 2264 BITS - ok
16:25:36.0646 2264 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:25:36.0709 2264 blbdrive - ok
16:25:36.0755 2264 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:25:36.0771 2264 bowser - ok
16:25:36.0818 2264 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:25:36.0833 2264 BrFiltLo - ok
16:25:36.0849 2264 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:25:36.0896 2264 BrFiltUp - ok
16:25:36.0911 2264 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:25:36.0943 2264 Browser - ok
16:25:36.0974 2264 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:25:37.0021 2264 Brserid - ok
16:25:37.0036 2264 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:25:37.0083 2264 BrSerWdm - ok
16:25:37.0114 2264 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:25:37.0161 2264 BrUsbMdm - ok
16:25:37.0177 2264 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:25:37.0223 2264 BrUsbSer - ok
16:25:37.0270 2264 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:25:37.0286 2264 BthEnum - ok
16:25:37.0333 2264 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:25:37.0364 2264 BTHMODEM - ok
16:25:37.0379 2264 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:25:37.0411 2264 BthPan - ok
16:25:37.0442 2264 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:25:37.0504 2264 BTHPORT - ok
16:25:37.0567 2264 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
16:25:37.0582 2264 BthServ - ok
16:25:37.0598 2264 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:25:37.0613 2264 BTHUSB - ok
16:25:37.0660 2264 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:25:37.0691 2264 cdfs - ok
16:25:37.0738 2264 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:25:37.0769 2264 cdrom - ok
16:25:37.0785 2264 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:25:37.0816 2264 CertPropSvc - ok
16:25:37.0847 2264 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
16:25:37.0879 2264 circlass - ok
16:25:37.0925 2264 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:25:37.0941 2264 CLFS - ok
16:25:38.0019 2264 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:38.0050 2264 clr_optimization_v2.0.50727_32 - ok
16:25:38.0113 2264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:25:38.0128 2264 clr_optimization_v4.0.30319_32 - ok
16:25:38.0175 2264 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:38.0206 2264 CmBatt - ok
16:25:38.0222 2264 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:25:38.0237 2264 cmdide - ok
16:25:38.0269 2264 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:25:38.0269 2264 Compbatt - ok
16:25:38.0284 2264 COMSysApp - ok
16:25:38.0300 2264 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:25:38.0331 2264 crcdisk - ok
16:25:38.0362 2264 [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys
16:25:38.0362 2264 CRFILTER - ok
16:25:38.0393 2264 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:25:38.0425 2264 Crusoe - ok
16:25:38.0471 2264 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:25:38.0503 2264 CryptSvc - ok
16:25:38.0534 2264 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
16:25:38.0549 2264 CVirtA - ok
16:25:38.0659 2264 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
16:25:38.0768 2264 CVPND - ok
16:25:38.0815 2264 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
16:25:38.0830 2264 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
16:25:38.0830 2264 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
16:25:38.0893 2264 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:25:38.0986 2264 DcomLaunch - ok
16:25:39.0049 2264 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:25:39.0064 2264 DfsC - ok
16:25:39.0142 2264 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:25:39.0205 2264 DFSR - ok
16:25:39.0314 2264 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:25:39.0329 2264 dg_ssudbus - ok
16:25:39.0407 2264 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:25:39.0439 2264 Dhcp - ok
16:25:39.0470 2264 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:25:39.0501 2264 disk - ok
16:25:39.0532 2264 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
16:25:39.0563 2264 DNE - ok
16:25:39.0610 2264 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:25:39.0641 2264 Dnscache - ok
16:25:39.0673 2264 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:25:39.0704 2264 dot3svc - ok
16:25:39.0735 2264 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:25:39.0782 2264 DPS - ok
16:25:39.0813 2264 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:25:39.0844 2264 drmkaud - ok
16:25:39.0891 2264 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:25:39.0953 2264 DXGKrnl - ok
16:25:40.0000 2264 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:25:40.0047 2264 E1G60 - ok
16:25:40.0094 2264 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:25:40.0141 2264 EapHost - ok
16:25:40.0172 2264 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:25:40.0187 2264 Ecache - ok
16:25:40.0234 2264 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:25:40.0265 2264 ehRecvr - ok
16:25:40.0281 2264 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:25:40.0312 2264 ehSched - ok
16:25:40.0328 2264 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:25:40.0343 2264 ehstart - ok
16:25:40.0390 2264 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:25:40.0421 2264 elxstor - ok
16:25:40.0468 2264 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:25:40.0499 2264 EMDMgmt - ok
16:25:40.0531 2264 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:25:40.0562 2264 ErrDev - ok
16:25:40.0577 2264 [ 27D322191A177793448AFB6B9B11C75A ] ETD C:\Windows\system32\DRIVERS\ETD.sys
16:25:40.0593 2264 ETD - ok
16:25:40.0624 2264 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:25:40.0655 2264 EventSystem - ok
16:25:40.0687 2264 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:25:40.0702 2264 exfat - ok
16:25:40.0733 2264 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:25:40.0765 2264 fastfat - ok
16:25:40.0796 2264 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:25:40.0827 2264 fdc - ok
16:25:40.0858 2264 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:25:40.0905 2264 fdPHost - ok
16:25:40.0905 2264 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:25:40.0983 2264 FDResPub - ok
16:25:41.0014 2264 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:25:41.0030 2264 FileInfo - ok
16:25:41.0045 2264 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:25:41.0077 2264 Filetrace - ok
16:25:41.0092 2264 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:25:41.0123 2264 flpydisk - ok
16:25:41.0155 2264 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:25:41.0170 2264 FltMgr - ok
16:25:41.0248 2264 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:25:41.0279 2264 FontCache - ok
16:25:41.0357 2264 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:25:41.0373 2264 FontCache3.0.0.0 - ok
16:25:41.0467 2264 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
16:25:41.0482 2264 FreeAgentGoNext Service - ok
16:25:41.0529 2264 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:25:41.0560 2264 fssfltr - ok
16:25:41.0716 2264 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:25:41.0919 2264 fsssvc - ok
16:25:41.0966 2264 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:25:41.0981 2264 Fs_Rec - ok
16:25:42.0028 2264 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:25:42.0059 2264 gagp30kx - ok
16:25:42.0106 2264 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
16:25:42.0122 2264 ggflt - ok
16:25:42.0169 2264 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
16:25:42.0184 2264 ggsemc - ok
16:25:42.0247 2264 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:25:42.0325 2264 gpsvc - ok
16:25:42.0465 2264 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca2cb98325b811 C:\Program Files\Google\Update\GoogleUpdate.exe
16:25:42.0465 2264 gupdate1ca2cb98325b811 - ok
16:25:42.0496 2264 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:25:42.0512 2264 gupdatem - ok
16:25:42.0543 2264 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:25:42.0574 2264 gusvc - ok
16:25:42.0621 2264 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:25:42.0683 2264 HdAudAddService - ok
16:25:42.0730 2264 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:42.0777 2264 HDAudBus - ok
16:25:42.0793 2264 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:25:42.0871 2264 HidBth - ok
16:25:42.0902 2264 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:25:42.0949 2264 HidIr - ok
16:25:42.0980 2264 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:25:42.0995 2264 hidserv - ok
16:25:43.0011 2264 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:25:43.0042 2264 HidUsb - ok
16:25:43.0073 2264 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:25:43.0105 2264 hkmsvc - ok
16:25:43.0136 2264 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:25:43.0151 2264 HpCISSs - ok
16:25:43.0198 2264 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:25:43.0214 2264 HTTP - ok
16:25:43.0245 2264 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:25:43.0276 2264 i2omp - ok
16:25:43.0307 2264 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:43.0323 2264 i8042prt - ok
16:25:43.0354 2264 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:25:43.0401 2264 iaStorV - ok
16:25:43.0463 2264 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:25:43.0495 2264 idsvc - ok
16:25:43.0557 2264 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:25:43.0573 2264 iirsp - ok
16:25:43.0635 2264 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:25:43.0682 2264 IKEEXT - ok
16:25:43.0713 2264 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:25:43.0729 2264 intelide - ok
16:25:43.0775 2264 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:25:43.0822 2264 intelppm - ok
16:25:43.0853 2264 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:25:43.0885 2264 IPBusEnum - ok
16:25:43.0916 2264 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:43.0947 2264 IpFilterDriver - ok
16:25:43.0978 2264 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:25:44.0009 2264 iphlpsvc - ok
16:25:44.0009 2264 IpInIp - ok
16:25:44.0056 2264 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:25:44.0087 2264 IPMIDRV - ok
16:25:44.0103 2264 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:25:44.0150 2264 IPNAT - ok
16:25:44.0181 2264 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:25:44.0212 2264 IRENUM - ok
16:25:44.0228 2264 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:25:44.0243 2264 isapnp - ok
16:25:44.0290 2264 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:25:44.0306 2264 iScsiPrt - ok
16:25:44.0321 2264 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:25:44.0337 2264 iteatapi - ok
16:25:44.0368 2264 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:25:44.0384 2264 iteraid - ok
16:25:44.0415 2264 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:44.0431 2264 kbdclass - ok
16:25:44.0446 2264 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:25:44.0462 2264 kbdhid - ok
16:25:44.0509 2264 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
16:25:44.0524 2264 kbfiltr - ok
16:25:44.0571 2264 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:25:44.0602 2264 KeyIso - ok
16:25:44.0680 2264 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:25:44.0758 2264 KSecDD - ok
16:25:44.0805 2264 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:25:44.0867 2264 KtmRm - ok
16:25:44.0914 2264 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:25:44.0961 2264 LanmanServer - ok
16:25:44.0992 2264 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:25:45.0039 2264 LanmanWorkstation - ok
16:25:45.0101 2264 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:25:45.0117 2264 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:25:45.0117 2264 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:25:45.0148 2264 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:25:45.0195 2264 lltdio - ok
16:25:45.0226 2264 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:25:45.0273 2264 lltdsvc - ok
16:25:45.0304 2264 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:25:45.0351 2264 lmhosts - ok
16:25:45.0382 2264 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:25:45.0413 2264 LSI_FC - ok
16:25:45.0445 2264 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:25:45.0460 2264 LSI_SAS - ok
16:25:45.0476 2264 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:25:45.0491 2264 LSI_SCSI - ok
16:25:45.0523 2264 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:25:45.0554 2264 luafv - ok
16:25:45.0585 2264 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
16:25:45.0601 2264 lullaby - ok
16:25:45.0663 2264 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
16:25:45.0694 2264 McComponentHostService - ok
16:25:45.0725 2264 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:25:45.0741 2264 Mcx2Svc - ok
16:25:45.0788 2264 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:25:45.0803 2264 megasas - ok
16:25:45.0850 2264 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:25:45.0881 2264 MegaSR - ok
16:25:45.0928 2264 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:25:45.0959 2264 MMCSS - ok
16:25:45.0975 2264 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:25:46.0022 2264 Modem - ok
16:25:46.0037 2264 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:25:46.0084 2264 monitor - ok
16:25:46.0115 2264 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:25:46.0131 2264 mouclass - ok
16:25:46.0147 2264 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:25:46.0178 2264 mouhid - ok
16:25:46.0209 2264 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:25:46.0225 2264 MountMgr - ok
16:25:46.0303 2264 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:25:46.0334 2264 MozillaMaintenance - ok
16:25:46.0381 2264 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:25:46.0412 2264 mpio - ok
16:25:46.0427 2264 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:25:46.0459 2264 mpsdrv - ok
16:25:46.0490 2264 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:25:46.0521 2264 MpsSvc - ok
16:25:46.0568 2264 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:25:46.0583 2264 Mraid35x - ok
16:25:46.0630 2264 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:25:46.0646 2264 MRxDAV - ok
16:25:46.0693 2264 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:46.0708 2264 mrxsmb - ok
16:25:46.0755 2264 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:46.0786 2264 mrxsmb10 - ok
16:25:46.0802 2264 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:46.0833 2264 mrxsmb20 - ok
16:25:46.0864 2264 [ DE77526BDE93142BDC90CFA9F5CEAD36 ] msahci C:\Windows\system32\drivers\msahci.sys
16:25:46.0880 2264 msahci - ok
16:25:46.0911 2264 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:25:46.0927 2264 msdsm - ok
16:25:46.0958 2264 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:25:46.0989 2264 MSDTC - ok
16:25:47.0020 2264 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:25:47.0051 2264 Msfs - ok
16:25:47.0083 2264 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:25:47.0098 2264 msisadrv - ok
16:25:47.0129 2264 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:25:47.0161 2264 MSiSCSI - ok
16:25:47.0161 2264 msiserver - ok
16:25:47.0192 2264 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:25:47.0223 2264 MSKSSRV - ok
16:25:47.0254 2264 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:47.0301 2264 MSPCLOCK - ok
16:25:47.0301 2264 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:25:47.0332 2264 MSPQM - ok
16:25:47.0379 2264 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:25:47.0395 2264 MsRPC - ok
16:25:47.0410 2264 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:47.0426 2264 mssmbios - ok
16:25:47.0441 2264 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:25:47.0473 2264 MSTEE - ok
16:25:47.0504 2264 [ BB16693616427EAC1A436E106EA8D318 ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
16:25:47.0519 2264 MTsensor - ok
16:25:47.0551 2264 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:25:47.0566 2264 Mup - ok
16:25:47.0582 2264 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:25:47.0613 2264 napagent - ok
16:25:47.0644 2264 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:25:47.0675 2264 NativeWifiP - ok
16:25:47.0707 2264 NAVENG - ok
16:25:47.0722 2264 NAVEX15 - ok
16:25:47.0769 2264 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:25:47.0816 2264 NDIS - ok
16:25:47.0847 2264 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:47.0878 2264 NdisTapi - ok
16:25:47.0909 2264 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:47.0941 2264 Ndisuio - ok
16:25:47.0987 2264 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:48.0019 2264 NdisWan - ok
16:25:48.0034 2264 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:25:48.0065 2264 NDProxy - ok
16:25:48.0065 2264 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:25:48.0097 2264 NetBIOS - ok
16:25:48.0128 2264 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:25:48.0159 2264 netbt - ok
16:25:48.0175 2264 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:25:48.0190 2264 Netlogon - ok
16:25:48.0221 2264 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:25:48.0268 2264 Netman - ok
16:25:48.0284 2264 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:25:48.0315 2264 netprofm - ok
16:25:48.0346 2264 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:48.0362 2264 NetTcpPortSharing - ok
16:25:48.0393 2264 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:25:48.0409 2264 nfrd960 - ok
16:25:48.0440 2264 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:25:48.0471 2264 NlaSvc - ok
16:25:48.0471 2264 Norton Internet Security - ok
16:25:48.0502 2264 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:25:48.0533 2264 Npfs - ok
16:25:48.0565 2264 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:25:48.0596 2264 nsi - ok
16:25:48.0596 2264 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:25:48.0627 2264 nsiproxy - ok
16:25:48.0689 2264 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:25:48.0767 2264 Ntfs - ok
16:25:48.0814 2264 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:25:48.0908 2264 ntrigdigi - ok
16:25:48.0923 2264 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:25:48.0986 2264 Null - ok
16:25:49.0001 2264 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:25:49.0033 2264 nvraid - ok
16:25:49.0064 2264 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:25:49.0079 2264 nvstor - ok
16:25:49.0095 2264 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:25:49.0111 2264 nv_agp - ok
16:25:49.0111 2264 NwlnkFlt - ok
16:25:49.0126 2264 NwlnkFwd - ok
16:25:49.0173 2264 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:25:49.0204 2264 ohci1394 - ok
16:25:49.0235 2264 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:25:49.0282 2264 p2pimsvc - ok
16:25:49.0313 2264 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:25:49.0360 2264 p2psvc - ok
16:25:49.0391 2264 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:25:49.0485 2264 Parport - ok
16:25:49.0532 2264 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:25:49.0563 2264 partmgr - ok
16:25:49.0579 2264 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:25:49.0625 2264 Parvdm - ok
16:25:49.0657 2264 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:25:49.0672 2264 PcaSvc - ok
16:25:49.0703 2264 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:25:49.0719 2264 pci - ok
16:25:49.0750 2264 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
16:25:49.0766 2264 pciide - ok
16:25:49.0781 2264 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:25:49.0797 2264 pcmcia - ok
16:25:49.0844 2264 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:25:49.0953 2264 PEAUTH - ok
16:25:50.0047 2264 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:25:50.0187 2264 pla - ok
16:25:50.0218 2264 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:25:50.0249 2264 PlugPlay - ok
16:25:50.0296 2264 [ 2B81B089D9364083F5046AD1307A65BE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:25:50.0312 2264 Pml Driver HPZ12 - ok
16:25:50.0374 2264 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:25:50.0452 2264 PNRPAutoReg - ok
16:25:50.0515 2264 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:25:50.0624 2264 PNRPsvc - ok
16:25:50.0655 2264 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:25:50.0717 2264 PolicyAgent - ok
16:25:50.0764 2264 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:25:50.0827 2264 PptpMiniport - ok
16:25:50.0842 2264 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:25:50.0905 2264 Processor - ok
16:25:50.0936 2264 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:25:50.0967 2264 ProfSvc - ok
16:25:50.0998 2264 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:51.0029 2264 ProtectedStorage - ok
16:25:51.0045 2264 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:25:51.0076 2264 PSched - ok
16:25:51.0139 2264 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:25:51.0279 2264 ql2300 - ok
16:25:51.0326 2264 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:25:51.0341 2264 ql40xx - ok
16:25:51.0388 2264 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:25:51.0404 2264 QWAVE - ok
16:25:51.0419 2264 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:25:51.0435 2264 QWAVEdrv - ok
16:25:51.0451 2264 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:25:51.0482 2264 RasAcd - ok
16:25:51.0513 2264 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:25:51.0544 2264 RasAuto - ok
16:25:51.0591 2264 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:51.0622 2264 Rasl2tp - ok
16:25:51.0653 2264 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:25:51.0700 2264 RasMan - ok
16:25:51.0731 2264 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:51.0763 2264 RasPppoe - ok
16:25:51.0794 2264 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:25:51.0825 2264 RasSstp - ok
16:25:51.0856 2264 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:25:51.0903 2264 rdbss - ok
16:25:51.0919 2264 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:51.0981 2264 RDPCDD - ok
16:25:52.0012 2264 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:25:52.0075 2264 rdpdr - ok
16:25:52.0090 2264 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:25:52.0121 2264 RDPENCDD - ok
16:25:52.0168 2264 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:25:52.0184 2264 RDPWD - ok
16:25:52.0215 2264 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:25:52.0246 2264 RemoteAccess - ok
16:25:52.0277 2264 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:25:52.0309 2264 RemoteRegistry - ok
16:25:52.0355 2264 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:52.0371 2264 RFCOMM - ok
16:25:52.0402 2264 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:25:52.0418 2264 RpcLocator - ok
16:25:52.0433 2264 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:25:52.0511 2264 RpcSs - ok
16:25:52.0558 2264 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:25:52.0589 2264 rspndr - ok
16:25:52.0636 2264 [ F875E277A79EF9D6F3AC89ABB557A689 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:25:52.0652 2264 RTL8169 - ok
16:25:52.0683 2264 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:25:52.0714 2264 SamSs - ok
16:25:52.0730 2264 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:25:52.0745 2264 sbp2port - ok
16:25:52.0777 2264 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:25:52.0823 2264 SCardSvr - ok
16:25:52.0870 2264 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:25:52.0948 2264 Schedule - ok
16:25:52.0964 2264 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:25:52.0995 2264 SCPolicySvc - ok
16:25:53.0042 2264 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:25:53.0073 2264 sdbus - ok
16:25:53.0120 2264 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:25:53.0135 2264 SDRSVC - ok
16:25:53.0151 2264 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:25:53.0198 2264 secdrv - ok
16:25:53.0213 2264 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:25:53.0245 2264 seclogon - ok
16:25:53.0291 2264 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
16:25:53.0307 2264 seehcri - ok
16:25:53.0323 2264 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:25:53.0369 2264 SENS - ok
16:25:53.0401 2264 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:25:53.0447 2264 Serenum - ok
16:25:53.0479 2264 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:25:53.0525 2264 Serial - ok
16:25:53.0557 2264 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:25:53.0588 2264 sermouse - ok
16:25:53.0619 2264 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:25:53.0650 2264 SessionEnv - ok
16:25:53.0681 2264 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:25:53.0697 2264 sffdisk - ok
16:25:53.0744 2264 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:25:53.0759 2264 sffp_mmc - ok
16:25:53.0775 2264 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:25:53.0806 2264 sffp_sd - ok
16:25:53.0837 2264 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:25:53.0853 2264 sfloppy - ok
16:25:53.0900 2264 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:25:53.0931 2264 SharedAccess - ok
16:25:53.0978 2264 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:53.0993 2264 ShellHWDetection - ok
16:25:54.0025 2264 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:25:54.0040 2264 sisagp - ok
16:25:54.0071 2264 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:25:54.0087 2264 SiSRaid2 - ok
16:25:54.0103 2264 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:25:54.0118 2264 SiSRaid4 - ok
16:25:54.0181 2264 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:25:54.0196 2264 SkypeUpdate - ok
16:25:54.0305 2264 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:25:54.0727 2264 slsvc - ok
16:25:54.0758 2264 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:25:54.0789 2264 SLUINotify - ok
16:25:54.0820 2264 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:25:54.0836 2264 Smb - ok
16:25:54.0898 2264 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
16:25:54.0976 2264 smserial - ok
16:25:55.0023 2264 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:25:55.0039 2264 SNMPTRAP - ok
16:25:55.0117 2264 [ 060F51141B20B8156804446A04AB8B2A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
16:25:55.0179 2264 SNP2UVC - ok
16:25:55.0538 2264 [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
16:25:55.0897 2264 SNPSTD3 - ok
16:25:55.0990 2264 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
16:25:56.0006 2264 Sony PC Companion - ok
16:25:56.0084 2264 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
16:25:56.0084 2264 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
16:25:56.0084 2264 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
16:25:56.0099 2264 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:25:56.0131 2264 spldr - ok
16:25:56.0177 2264 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:25:56.0209 2264 Spooler - ok
16:25:56.0255 2264 [ B747EA555A72070F258B3E31E1392D62 ] SRS_PremiumSound_Service C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
16:25:56.0271 2264 SRS_PremiumSound_Service - ok
16:25:56.0302 2264 [ 543B82F5846CEF761EE98D727C15D539 ] SRS_VolSync_Service C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
16:25:56.0333 2264 SRS_VolSync_Service - ok
16:25:56.0349 2264 SRTSP - ok
16:25:56.0365 2264 SRTSPX - ok
16:25:56.0411 2264 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:25:56.0427 2264 srv - ok
16:25:56.0458 2264 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:25:56.0474 2264 srv2 - ok
16:25:56.0505 2264 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:25:56.0521 2264 srvnet - ok
16:25:56.0567 2264 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:25:56.0599 2264 SSDPSRV - ok
16:25:56.0645 2264 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:25:56.0661 2264 ssmdrv - ok
16:25:56.0677 2264 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:25:56.0708 2264 SstpSvc - ok
16:25:56.0770 2264 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:25:56.0786 2264 ssudmdm - ok
16:25:56.0833 2264 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:25:56.0895 2264 stisvc - ok
16:25:56.0942 2264 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:25:56.0942 2264 swenum - ok
16:25:56.0989 2264 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:25:57.0020 2264 swprv - ok
16:25:57.0051 2264 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:25:57.0067 2264 Symc8xx - ok
16:25:57.0113 2264 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:25:57.0129 2264 Sym_hi - ok
16:25:57.0145 2264 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:25:57.0176 2264 Sym_u3 - ok
16:25:57.0207 2264 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:25:57.0254 2264 SysMain - ok
16:25:57.0285 2264 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:57.0301 2264 TabletInputService - ok
16:25:57.0332 2264 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:25:57.0379 2264 TapiSrv - ok
16:25:57.0379 2264 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:25:57.0425 2264 TBS - ok
16:25:57.0472 2264 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:25:57.0628 2264 Tcpip - ok
16:25:57.0675 2264 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:25:57.0769 2264 Tcpip6 - ok
16:25:57.0815 2264 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:25:57.0847 2264 tcpipreg - ok
16:25:57.0878 2264 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:25:57.0940 2264 TDPIPE - ok
16:25:57.0956 2264 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:25:58.0003 2264 TDTCP - ok
16:25:58.0049 2264 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:25:58.0065 2264 tdx - ok
16:25:58.0096 2264 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:25:58.0112 2264 TermDD - ok
16:25:58.0143 2264 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:25:58.0190 2264 TermService - ok
16:25:58.0221 2264 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:25:58.0237 2264 Themes - ok
16:25:58.0268 2264 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:25:58.0299 2264 THREADORDER - ok
16:25:58.0346 2264 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:25:58.0393 2264 TrkWks - ok
16:25:58.0439 2264 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:58.0455 2264 TrustedInstaller - ok
16:25:58.0502 2264 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:58.0533 2264 tssecsrv - ok
16:25:58.0549 2264 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:25:58.0564 2264 tunmp - ok
16:25:58.0595 2264 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:25:58.0627 2264 tunnel - ok
16:25:58.0658 2264 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:25:58.0673 2264 uagp35 - ok
16:25:58.0705 2264 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:25:58.0736 2264 udfs - ok
16:25:58.0783 2264 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:25:58.0814 2264 UI0Detect - ok
16:25:58.0829 2264 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:25:58.0845 2264 uliagpkx - ok
16:25:58.0892 2264 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:25:58.0923 2264 uliahci - ok
16:25:58.0954 2264 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:25:58.0954 2264 UlSata - ok
16:25:58.0985 2264 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:25:59.0001 2264 ulsata2 - ok
16:25:59.0017 2264 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:25:59.0048 2264 umbus - ok
16:25:59.0079 2264 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:25:59.0126 2264 upnphost - ok
16:25:59.0173 2264 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:25:59.0204 2264 usbaudio - ok
16:25:59.0219 2264 usbbus - ok
16:25:59.0266 2264 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:59.0282 2264 usbccgp - ok
16:25:59.0329 2264 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:25:59.0375 2264 usbcir - ok
16:25:59.0391 2264 UsbDiag - ok
16:25:59.0422 2264 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:25:59.0453 2264 usbehci - ok
16:25:59.0485 2264 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:25:59.0516 2264 usbfilter - ok
16:25:59.0531 2264 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:25:59.0563 2264 usbhub - ok
16:25:59.0578 2264 USBModem - ok
16:25:59.0594 2264 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:25:59.0625 2264 usbohci - ok
16:25:59.0656 2264 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:25:59.0687 2264 usbprint - ok
16:25:59.0703 2264 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:25:59.0734 2264 usbscan - ok
16:25:59.0765 2264 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys
16:25:59.0797 2264 usbser - ok
16:25:59.0828 2264 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:59.0843 2264 USBSTOR - ok
16:25:59.0875 2264 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:59.0921 2264 usbuhci - ok
16:25:59.0953 2264 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:25:59.0999 2264 usbvideo - ok
16:26:00.0046 2264 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:26:00.0093 2264 UxSms - ok
16:26:00.0124 2264 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:26:00.0155 2264 vds - ok
16:26:00.0187 2264 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:26:00.0218 2264 vga - ok
16:26:00.0249 2264 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:26:00.0280 2264 VgaSave - ok
16:26:00.0311 2264 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:26:00.0327 2264 viaagp - ok
16:26:00.0358 2264 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:26:00.0374 2264 ViaC7 - ok
16:26:00.0421 2264 [ 14235AB7040218EF4B3CC86A693C0B2E ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:26:00.0467 2264 VIAHdAudAddService - ok
16:26:00.0499 2264 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:26:00.0514 2264 viaide - ok
16:26:00.0530 2264 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:26:00.0545 2264 volmgr - ok
16:26:00.0592 2264 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:26:00.0608 2264 volmgrx - ok
16:26:00.0670 2264 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:26:00.0686 2264 volsnap - ok
16:26:00.0733 2264 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:26:00.0748 2264 vsmraid - ok
16:26:00.0811 2264 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:26:00.0873 2264 VSS - ok
16:26:00.0920 2264 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:26:00.0951 2264 W32Time - ok
16:26:00.0998 2264 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:26:01.0045 2264 WacomPen - ok
16:26:01.0076 2264 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:26:01.0107 2264 Wanarp - ok
16:26:01.0123 2264 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:26:01.0169 2264 Wanarpv6 - ok
16:26:01.0201 2264 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:26:01.0216 2264 wcncsvc - ok
16:26:01.0247 2264 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:26:01.0294 2264 WcsPlugInService - ok
16:26:01.0310 2264 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:26:01.0325 2264 Wd - ok
16:26:01.0388 2264 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:26:01.0450 2264 Wdf01000 - ok
16:26:01.0466 2264 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:26:01.0528 2264 WdiServiceHost - ok
16:26:01.0544 2264 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:26:01.0606 2264 WdiSystemHost - ok
16:26:01.0653 2264 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:26:01.0684 2264 WebClient - ok
16:26:01.0731 2264 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:26:01.0778 2264 Wecsvc - ok
16:26:01.0793 2264 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:26:01.0825 2264 wercplsupport - ok
16:26:01.0856 2264 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:26:01.0903 2264 WerSvc - ok
16:26:01.0949 2264 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:26:01.0996 2264 WinDefend - ok
16:26:02.0012 2264 WinHttpAutoProxySvc - ok
16:26:02.0074 2264 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:26:02.0121 2264 Winmgmt - ok
16:26:02.0199 2264 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:26:02.0339 2264 WinRM - ok
16:26:02.0417 2264 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:26:02.0495 2264 Wlansvc - ok
16:26:02.0620 2264 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:26:02.0932 2264 wlidsvc - ok
16:26:02.0979 2264 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:26:03.0026 2264 WmiAcpi - ok
16:26:03.0088 2264 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:26:03.0135 2264 wmiApSrv - ok
16:26:03.0197 2264 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:26:03.0275 2264 WMPNetworkSvc - ok
16:26:03.0307 2264 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:26:03.0353 2264 WPCSvc - ok
16:26:03.0385 2264 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:26:03.0431 2264 WPDBusEnum - ok
16:26:03.0494 2264 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:26:03.0509 2264 WpdUsb - ok
16:26:03.0619 2264 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:26:03.0681 2264 WPFFontCache_v0400 - ok
16:26:03.0712 2264 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:26:03.0775 2264 ws2ifsl - ok
16:26:03.0806 2264 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:26:03.0837 2264 wscsvc - ok
16:26:03.0853 2264 WSearch - ok
16:26:03.0946 2264 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:26:04.0087 2264 wuauserv - ok
16:26:04.0118 2264 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:26:04.0133 2264 WudfPf - ok
16:26:04.0180 2264 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:26:04.0196 2264 WUDFRd - ok
16:26:04.0243 2264 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:26:04.0258 2264 wudfsvc - ok
16:26:04.0305 2264 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:26:04.0367 2264 yukonwlh - ok
16:26:04.0414 2264 ================ Scan global ===============================
16:26:04.0445 2264 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:26:04.0492 2264 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:26:04.0523 2264 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:26:04.0555 2264 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:26:04.0555 2264 [Global] - ok
16:26:04.0555 2264 ================ Scan MBR ==================================
16:26:04.0586 2264 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
16:26:05.0225 2264 \Device\Harddisk0\DR0 - ok
16:26:05.0241 2264 ================ Scan VBR ==================================
16:26:05.0241 2264 [ BFDC2A122FE27B2DE795B509A3EF4AE9 ] \Device\Harddisk0\DR0\Partition1
16:26:05.0241 2264 \Device\Harddisk0\DR0\Partition1 - ok
16:26:05.0257 2264 [ 8538654545E9DFB3A7E218D35C5B24B0 ] \Device\Harddisk0\DR0\Partition2
16:26:05.0257 2264 \Device\Harddisk0\DR0\Partition2 - ok
16:26:05.0257 2264 ============================================================
16:26:05.0257 2264 Scan finished
16:26:05.0257 2264 ============================================================
16:26:05.0288 3548 Detected object count: 6
16:26:05.0288 3548 Actual detected object count: 6
16:26:35.0365 3548 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:35.0365 3548 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:26:35.0365 3548 AFS ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:35.0365 3548 AFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:26:35.0380 3548 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:35.0380 3548 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:26:35.0380 3548 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:35.0380 3548 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:26:35.0380 3548 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:35.0380 3548 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:26:35.0396 3548 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:35.0396 3548 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 11.01.2013, 16:11   #8
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 17:18   #9
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Done:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-11.01 - Bernd 11.01.2013  17:20:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.1982 [GMT 1:00]
ausgeführt von:: c:\users\Bernd\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\programdata\00830c80.tmp
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 17:06 . 2013-01-11 17:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 12:25 . 2013-01-11 13:01	--------	d-----w-	C:\_OTL
2012-12-25 00:30 . 2012-12-25 00:30	--------	d-----w-	C:\Temp
2012-12-25 00:26 . 2012-12-25 00:26	--------	d-----w-	c:\users\Bernd\AppData\Local\Samsung
2012-12-25 00:26 . 2012-12-25 00:26	--------	d-----w-	c:\users\Bernd\AppData\Roaming\Samsung
2012-12-25 00:21 . 2012-09-20 04:35	83168	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-12-25 00:21 . 2012-09-20 04:35	181344	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-12-25 00:18 . 2012-11-28 13:18	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-12-25 00:18 . 2012-11-28 13:17	821824	----a-w-	c:\windows\system32\dgderapi.dll
2012-12-25 00:18 . 2012-11-28 13:17	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2012-12-25 00:16 . 2012-12-25 00:19	--------	d-----w-	c:\program files\Samsung
2012-12-25 00:16 . 2012-12-25 00:18	--------	d-----w-	c:\programdata\Samsung
2012-12-22 21:56 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 21:56 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-17 15:38 . 2012-12-17 15:38	--------	d-----w-	c:\program files\honestech
2012-12-17 15:38 . 2012-12-17 15:38	--------	d-----w-	c:\program files\honestech Audio Recorder 2.0 Deluxe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 12:50 . 2009-07-28 23:56	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-01-09 15:02 . 2012-03-29 13:24	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-09 15:02 . 2011-05-18 14:34	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 13:06 . 2012-11-03 13:52	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 13:06 . 2012-11-03 13:52	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-28 13:17 . 2012-11-28 13:17	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-11-28 13:17 . 2012-11-28 13:17	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-11-28 13:17 . 2012-11-28 13:17	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-11-28 13:17 . 2012-11-28 13:17	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-11-28 13:17 . 2012-11-28 13:17	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-11-28 13:17 . 2012-11-28 13:17	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-11-28 13:17 . 2012-11-28 13:17	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-11-28 13:17 . 2012-11-28 13:17	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-11-28 13:17 . 2012-11-28 13:17	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-11-28 13:17 . 2012-11-28 13:17	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-11-28 13:17 . 2012-11-28 13:17	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-11-28 13:17 . 2012-11-28 13:17	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-11-28 13:17 . 2012-11-28 13:17	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-11-28 13:17 . 2012-11-28 13:17	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-11-28 13:17 . 2012-11-28 13:17	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-11-28 13:17 . 2012-11-28 13:17	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-11-28 13:17 . 2012-11-28 13:17	172032	----a-w-	c:\windows\system32\muzapp.exe
2012-11-28 13:17 . 2012-11-28 13:17	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-11-28 13:17 . 2012-11-28 13:17	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-11-28 13:17 . 2012-11-28 13:17	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-11-28 13:17 . 2012-11-28 13:17	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-11-28 13:17 . 2012-11-28 13:17	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-11-28 13:17 . 2012-11-28 13:17	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-11-28 13:17 . 2012-11-28 13:17	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2012-11-28 13:17 . 2006-11-02 12:21	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2012-11-15 08:56 . 2012-11-03 13:52	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 01:36 . 2012-12-12 11:17	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-11-13 01:29 . 2012-12-12 11:14	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-12 11:16	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-12 11:16	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-12 11:16	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-12 11:16	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-12 11:16	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-12 11:16	385024	----a-w-	c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-12 11:16	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-09 07:11 . 2012-12-12 11:16	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-02 10:18 . 2012-12-12 11:17	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 11:17	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2012-10-17 00:32 . 2012-11-02 07:30	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D87E929-0FB6-46E2-89AE-E8A9F9847B18}\mpengine.dll
2008-10-14 21:57 . 2008-10-14 21:57	106496	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2012-12-11 08:13 . 2012-12-11 08:13	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-03 967608]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-11-28 577536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-30 1392640]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-28 47672]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-28 3054136]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-03 309688]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
c:\users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2009-7-29 12862]
honestech Audio Recorder 2.0 Deluxe Launcher.lnk - c:\program files\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe [2012-12-17 387584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-1-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 39814918
*NewlyCreated* - 45422105
*Deregistered* - 39814918
*Deregistered* - 45422105
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02]
.
2013-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 18:05]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 17:10]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 17:10]
.
2013-01-11 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-05-25 12:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://crewportal.fra.dlh.de/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\51w5fv28.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-DisableS3S4 - c:\DisableS3S4.cmd
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Update Service - c:\users\Bernd\Desktop\Update Service\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-11 18:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Zeit der Fertigstellung: 2013-01-11  18:09:57
ComboFix-quarantined-files.txt  2013-01-11 17:09
.
Vor Suchlauf: 9 Verzeichnis(se), 52.332.601.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 52.262.801.408 Bytes frei
.
- - End Of File - - E05B953F347D9DEBDC7A0583B16650F4
         
--- --- ---

Alt 11.01.2013, 18:34   #10
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 22:08   #11
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Hier ist das Ergebnis:

Zitat:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Bernd :: MYASUS [Administrator]

11.01.2013 19:40:15
mbam-log-2013-01-11 (19-40-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387183
Laufzeit: 3 Stunde(n), 13 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\_OTL\MovedFiles\01112013_132545\C_Users\Bernd\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\download\GESCHENK.EXE (PUP.Joke.Geschenk) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\download\spicegirls.exe (PUP.Joke.Jepruss) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 13.01.2013, 17:31   #12
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 09:19   #13
jbdk
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



Hier die Liste:

Zitat:
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 28.07.2009 13,5MB (unnötig)
Adobe Digital Editions 19.11.2011 13,4MB (nötig)
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 08.02.2010 10.0.32.18 (nötig?)
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 11.5.502.146 (nötig)
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 12.01.2013 120MB 10.1.5 (nötig)
Apple Application Support Apple Inc. 09.02.2012 61,2MB 2.1.5 (unbekannt)
Apple Software Update Apple Inc. 09.02.2012 2,38MB 2.1.3.127 (unbekannt)
ASUS CopyProtect ASUS 28.07.2009 3,22MB 1.0.0009 (nötig)
ASUS Data Security Manager ASUS 28.07.2009 14,9MB 1.00.0011 (nötig)
ASUS FancyStart ASUSTeK Computer Inc. 28.07.2009 10,5MB 1.0.2 (nötig)
ASUS LifeFrame3 ASUS 28.07.2009 27,7MB 3.0.20 (nötig)
ASUS Live Update ASUS 29.07.2009 472KB 2.5.6 (nötig)
ASUS MultiFrame 29.07.2009 1,17MB 1.0.0018 (nötig)
ASUS Power4Gear Hybrid ASUS 28.07.2009 8,10MB 1.1.10 (nötig)
ASUS SmartLogon ASUS 28.07.2009 10,7MB 1.0.0006 (nötig)
ASUS Splendid Video Enhancement Technology ASUS 28.07.2009 25,0MB 1.02.0023 (nötig)
Asus_Camera_ScreenSaver ASUS 29.07.2009 2.0.0008 (unnötig?)
Atheros Client Installation Program Atheros 28.07.2009 408KB 7.0 (unbekannt)
ATI Catalyst Install Manager ATI Technologies, Inc. 28.07.2009 13,7MB 3.0.715.0 (nötig)
ATK Generic Function Service ATK 28.07.2009 460KB 1.00.0008 (nötig)
ATK Hotkey ASUS 28.07.2009 5,78MB 1.0.0049 (nötig)
ATK Media ASUS 28.07.2009 185KB 2.0.0001 (nötig)
ATKOSD2 ASUS 28.07.2009 7,71MB 7.0.0002 (nötig)
Avanquest update Avanquest Software 08.04.2011 2,78MB 1.28 (unbekannt)
Avira Free Antivirus Avira 11.12.2012 74,5MB 13.0.0.2890 (nötig)
CCleaner Piriform 19.12.2012 5,08MB 3.26 (nötig?)
Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 06.01.2011 11,5MB 5.0.6 (nötig)
CyberLink LabelPrint CyberLink Corp. 28.07.2009 86,3MB 2.0.2908 (nötig)
CyberLink Power2Go CyberLink Corp. 28.07.2009 122MB 6.0.1924 (nötig)
DivX Converter DivX, Inc. 04.12.2010 45,3MB 7.1.0 (nötig)
DivX Plus DirectShow Filters DivX, Inc. 04.12.2010 1,58MB (nötig?)
DivX-Setup DivX, LLC 29.12.2012 3,39MB 2.6.1.22 (nötig?)
ETDWare PS/2-x86 7.0.5.3 WHQL 29.07.2009 5,35MB (unbekannt)
Google Earth Google 17.11.2011 92,7MB 6.1.0.5001 (nötig)
Google SketchUp 7 Google, Inc. 10.01.2010 55,7MB 2.0.11067 (nötig)
Google Updater Google Inc. 15.09.2011 3,90MB 2.4.2432.1652 (nötig)
honestech Audio Recorder 2.0 Deluxe honestech 17.12.2012 39,5MB 2.0 (nötig)
HP FWUpdateEDO2 Hewlett-Packard 17.08.2012 1,53MB 1.2.0.0 (nötig)
HP Photo Creations HP Photo Creations 25.05.2012 84,3MB 1.0.0.7702 (nötig)
HP Photosmart 5510 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 24.05.2012 118MB 25.0.621.0 (nötig)
HP Photosmart 5510 series Hilfe Hewlett Packard 24.05.2012 9,84MB 140.0.2.2 (nötig)
HP Speicher-Disc Hewlett-Packard Company 12.11.2009 22,7MB 1.0.4.805 (nötig)
HP Update Hewlett-Packard 17.08.2012 3,98MB 5.003.001.001 (nötig)
Java 7 Update 11 Oracle 08.09.2012 128MB 7.0.110 (nötig)
JavaFX 2.1.1 Oracle Corporation 19.06.2012 20,8MB 2.1.1 (nötig)
LightScribe System Software 1.14.17.1 LightScribe 28.07.2009 21,0MB 1.14.17.1 (nötig)
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 11.01.2013 12,3MB 1.70.0.1100 (nötig)
McAfee Security Scan Plus McAfee, Inc. 29.11.2012 11,2MB 3.0.285.6 (unnötig)
Media Go Sony 08.02.2010 93,7MB 1.3.227 (nötig)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 04.09.2009 36,9MB (nötig)
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 02.09.2009 27,8MB (nötig)
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.12.2012 120MB 4.0.30320 (nötig)
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.12.2012 24,5MB 4.0.30320 (nötig)
Microsoft Office Live Add-in 1.3 Microsoft Corporation 02.09.2009 493KB 2.0.2313.0 (nötig)
Microsoft Office Outlook Connector Microsoft Corporation 02.09.2009 6,13MB 12.0.6414.1000 (nötig)
Microsoft Silverlight Microsoft Corporation 10.05.2012 11,7MB 5.1.10411.0 (nötig)
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 02.09.2009 1,74MB 3.1.0000 (nötig)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 02.09.2009 251KB 8.0.50727.4053 (nötig?)
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 294KB 8.0.56336 (nötig?)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 04.09.2009 199KB 9.0.30729.4148 (nötig?)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 592KB 9.0.30729.5570 (nötig?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 01.02.2011 226KB 9.0.21022.218 (nötig?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.09.2009 590KB 9.0.30729 (nötig?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08.02.2010 589KB 9.0.30729.4148 (nötig?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 594KB 9.0.30729.6161 (nötig?)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.10.2011 16,5MB 10.0.40219 (nötig?)
Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 46,2MB 18.0.1 (nötig)
Mozilla Maintenance Service Mozilla 19.01.2013 316KB 18.0.1 (nötig)
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 09.11.2011 35,0KB 4.20.9841.0 (nötig?)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 09.11.2011 34,0KB 4.20.9870.0 (nötig?)
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 09.11.2011 1,33MB 4.20.9876.0 (nötig?)
Multimedia Card Reader 28.07.2009 172KB 1.01.0000.00 nötig)
Network Addon Mod Version June 2009 The NAM Team 13.04.2010 35,6MB Version June 2009 (nötig)
OpenOffice.org 3.4 OpenOffice.org 29.07.2012 346MB 3.4.9590 (nötig)
PhotoScape 20.01.2012 27,7MB (nötig)
PRS-500 USB driver Sony 28.03.2011 16,0KB 1.0.00.08110 (nötig)
QuickTime Apple Inc. 09.02.2012 73,2MB 7.71.80.42 (nötig)
Reader Library by Sony Sony 28.03.2011 48,5MB 3.3.00.07130 (nötig)
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 28.07.2009 1,77MB 1.00.0000 (nötig)
Samsung Kies Samsung Electronics Co., Ltd. 25.12.2012 223MB 2.5.0.12114_1 (nötig)
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 11.01.2013 33,5MB 1.5.16.0 (nötig)
Seagate Manager Installer Seagate 08.11.2011 554MB 2.01.0600
SimCity 4 Deluxe 04.09.2009 1,16GB (nötig)
Skype Toolbars Skype Technologies S.A. 24.02.2011 5,77MB 5.0.4137 (unnötig)
Skype™ 5.10 Skype Technologies S.A. 27.08.2012 19,4MB 5.10.116 (nötig)
Sony PC Companion 2.10.115 Sony 21.01.2013 5,70MB 2.10.115 (nötig)
SRS Premium Sound SRS Labs, Inc. 28.07.2009 4,85MB 1.09.0300 (nötig)
Studie zur Verbesserung von HP Photosmart 5510 series Produkten Hewlett-Packard Co. 24.05.2012 5,97MB 25.0.621.0 (unnötig?)
USB 2.0 1.3M UVC WebCam 29.07.2009 (nötig)
VIA Platform Device Manager VIA Technologies, Inc. 28.07.2009 1,61MB 1.34 (nötig)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) Sony Corporation 28.03.2011 08/08/2006 1.0.03.08080 (nötig)
Windows Live Essentials Microsoft Corporation 28.07.2012 15.4.3555.0308 (nötig)
Windows Live Sync Microsoft Corporation 30.01.2011 2,79MB 14.0.8117.416 (nötig)
Windows Media Player Firefox Plugin Microsoft Corp 25.09.2009 296KB 1.0.0.8 (nötig)
WinFlash 02.10.2009 (nötig)
WinFlash ASUS 02.10.2009 1,28MB 2.29.0 (nötig)
Wireless Console 3 ASUS 28.07.2009 2,26MB 3.0.6 (nötig)

Alt 22.01.2013, 11:29   #14
markusg
/// Malware-holic
 
100 Euro Paysafe Virus / Computer gesperrt - Standard

100 Euro Paysafe Virus / Computer gesperrt



deinstaliere:
Activation
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
McAfee
Skype Toolbars
Studie

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu 100 Euro Paysafe Virus / Computer gesperrt
aktiv, benutzerkonto, computer, desktop, euro, files, gesperrt, gesucht, google, infiziert, install.exe, internetverbindung, laptop, netzwerk, neustart, nichts, problem, ratlos, required, seite, sketchup, vdeck.exe, verbindung, virus, vista, webcam, windows, windows vista



Ähnliche Themen: 100 Euro Paysafe Virus / Computer gesperrt


  1. BKA - Paysafe Virus, Windows 7 gesperrt
    Log-Analyse und Auswertung - 21.05.2013 (23)
  2. BKA - Paysafe Virus, Windows 7 gesperrt
    Log-Analyse und Auswertung - 03.04.2013 (9)
  3. Computer gesperrt und 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  4. Computer gesperrt - Paysafe-Card Virus - keine Aktion möglich
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (29)
  5. Virus: Rechner gesperrt 100 Euro via paysafe zahlen ...
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (9)
  6. Virus/Trojaner, GVU, 100 Euro, Paysafe Card, Strafe, Kinox To
    Log-Analyse und Auswertung - 23.02.2013 (12)
  7. GVU Trojaner - Computer gesperrt - 100 Euro Paysafe
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (11)
  8. Computer gesperrt bei Netzverbindung 100EUR Paysafe
    Log-Analyse und Auswertung - 13.01.2013 (15)
  9. GVU Virus Soll 100 Euro bezahlen oder COmputer wird in 48h gesperrt (10 stelliger Code)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (2)
  10. Computer gesperrt gewesen von französischer Polizei (100€ ucash/paysafe)
    Log-Analyse und Auswertung - 14.08.2012 (14)
  11. Computer gesperrt - 100 Euro überweisen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (4)
  12. Virus Computer blockiert BKA 100€ Paysafe
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. Windows/Verschluesselungstrojaner WinXP *100 Euro Paysafe / 50 Euro Ucash
    Log-Analyse und Auswertung - 03.05.2012 (11)
  14. Computer gesperrt 50 euro strafe
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (18)
  15. Security Center 100 Euro, Computer gesperrt
    Log-Analyse und Auswertung - 03.02.2012 (17)
  16. Windows Security Center Virus, mit Zahlungsaufforderung von 100 Euro via U-Cash/Paysafe
    Log-Analyse und Auswertung - 02.02.2012 (5)
  17. Computer wurde aus Sicherheitsgründen Gesperrt - 50 Euro Virus. OTL Files wurden erstellt.
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (3)

Zum Thema 100 Euro Paysafe Virus / Computer gesperrt - Hallo an Alle, auch mein Computer wurde von einem dieser 100 Euro Paysafe Viren/Trojaner infiziert, was mich als absoluten Computerleien ziemlich ratlos macht . Ich habe meinen Laptop (Windows Vista) - 100 Euro Paysafe Virus / Computer gesperrt...
Archiv
Du betrachtest: 100 Euro Paysafe Virus / Computer gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.