Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2013, 14:58   #1
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Liebe Helfer!
Gestern Abend hat sich mein Laptop einen Trojaner eingefangen. Der Computer wurde gesperrt, es kam eine Meldung angeblich vom BSI mit der Aufforderung 100 Euro zu bezahlen. Ich konnte den Rechner zunächst im gesicherten Modus neu starten und hab einen vollständigen Scan mit meinem Sophos-Antivirusprogramm durchgeführt. Zwei Dateien wurden gefunden und in Quarantäne verschoben: Troj/Zbot-EON und Troj/EncProc-M. Das Problem wurde dadurch natürlich nicht gelöst, der Rechner läuft immer noch nur im gesicherten Modus. Da ich null Ahnung von Computern habe und nichts auf eigene Faust unternehmen will, um das ganze nicht noch schlimmer zu machen, möchte ich Sie um Hilfe bitten. Mein System ist Win7 64bit.
Ich habe die Anweisungen im Forum befolgt und defogger, OTL, gmer laufen lassen. Ich weiss nur nicht, wie ich den OTL-Logfile hier poste (Anhang funktioniert nicht, da die Datei größer als erlaubt ist).
Ich wäre echt sehr dankbar, wenn Sie helfen könnten...
Gruss und danke im Voraus!

Alt 30.07.2013, 15:05   #2
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi, wenn du noch so gut wbit, und otl.txt anhängst :-)
__________________

__________________

Alt 30.07.2013, 15:19   #3
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi und danke schonmal für die schnelle Antwort!
Die Datei ist zu groß, ich versuch mal einfach den "Text" hier rein zu kopieren. Sorry, ich bin zum ersten Mal hier und weiß nicht, wie ich es richtig mache OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.07.2013 13:45:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Polly1701\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 78,27% Memory free
7,36 Gb Paging File | 6,58 Gb Available in Paging File | 89,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,09 Gb Total Space | 345,16 Gb Free Space | 75,51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: POLLY | User Name: Polly1701 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.30 13:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Polly1701\Desktop\OTL.exe
PRC - [2012.07.05 16:00:49 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2013.07.04 17:29:08 | 003,022,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Digital Trends Club\HI-epanel-Reporting.exe -- (HI-epanel-Reporting-Service)
SRV - [2013.07.04 17:29:04 | 001,377,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Digital Trends Club\HI-epanel-Updater.exe -- (HI-epanel-Update-Service)
SRV - [2013.04.29 12:46:20 | 004,233,088 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2013.03.26 15:43:42 | 001,359,408 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.04 18:12:26 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.12.04 18:12:20 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.04 18:12:11 | 001,998,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.09.29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 20:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.08 16:23:50 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.05 16:00:49 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.05.09 18:30:02 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2011.05.27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.20 16:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.11.15 20:31:04 | 000,050,688 | ---- | M] () [Auto | Stopped] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.11.15 20:28:44 | 000,948,224 | ---- | M] () [Auto | Stopped] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2009.11.15 20:26:26 | 000,690,688 | ---- | M] () [Auto | Stopped] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 17:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 17:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 17:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 17:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 17:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.09.14 20:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 20:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 19:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.11.26 20:32:50 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.11.26 20:32:40 | 007,841,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.29 20:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 18:29:49 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.06 15:06:31 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.11.15 04:12:10 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.20 16:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.19 02:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009.11.19 02:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009.11.18 22:04:10 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 22:04:09 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 22:04:09 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 22:04:08 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 22:03:38 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.11 04:05:01 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.09 22:05:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.09 22:04:24 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.02 03:47:16 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.29 22:09:32 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.10.29 22:09:23 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 22:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.02.09 11:06:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ???? ? ???????????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ?????????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = QIP: ????? ? ?????????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ?????????
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Polly1701\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {919F170F-C56D-40E5-A6EF-6C1CDE3947DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{06A3D848-9B7E-41E5-8E96-4F16F5A0079A}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4E2D0023140A0581&affID=121563&tt=040713_xmlful&tsp=4935
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{919F170F-C56D-40E5-A6EF-6C1CDE3947DD}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE367
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{E29F7AB2-53BB-41DB-9E04-09D74ED371D6}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\..\SearchScopes\{F0792148-D0C5-4D29-915F-5ACBEF50A9F1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: [INSTALLDIR]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files (x86)\Digital Trends Club\ [2013.07.30 13:28:57 | 000,000,000 | ---D | M]
 
[2013.07.06 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (HI-epanel)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (HI-epanel)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Polly1701\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [cvYTlJojJpL.exe] C:\ProgramData\cvYTlJojJpL.exe File not found
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKCU..\Run: [aSQw8ccL0] C:\Users\Polly1701\AppData\Local\JCmZFOv.exe (NCSOFT Company)
O4 - HKCU..\Run: [Java Auto Update] C:\Users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe File not found
O4 - Startup: C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Polly1701\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (HI-epanel)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (HI-epanel)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4183AE89-854E-467C-9FCC-94DE00E792A2}: NameServer = 134.147.32.40,134.147.222.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C92FD408-5D15-42D8-B3D5-B8DBD2FF43E8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{303421e9-b2d1-11df-a27f-0024be65bd74}\Shell - "" = AutoRun
O33 - MountPoints2\{303421e9-b2d1-11df-a27f-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{30342201-b2d1-11df-a27f-0024be65bd74}\Shell - "" = AutoRun
O33 - MountPoints2\{30342201-b2d1-11df-a27f-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a4b092e7-bc24-11df-8126-0024be65bd74}\Shell - "" = AutoRun
O33 - MountPoints2\{a4b092e7-bc24-11df-8126-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f693946d-b92a-11df-a95e-0024be65bd74}\Shell - "" = AutoRun
O33 - MountPoints2\{f693946d-b92a-11df-a95e-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f6939485-b92a-11df-a95e-0024be65bd74}\Shell - "" = AutoRun
O33 - MountPoints2\{f6939485-b92a-11df-a95e-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.30 13:44:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Polly1701\Desktop\OTL.exe
[2013.07.29 22:22:04 | 000,183,296 | ---- | C] (NCSOFT Company) -- C:\Users\Polly1701\AppData\Local\JCmZFOv.exe
[2013.07.23 20:11:44 | 000,000,000 | R--D | C] -- C:\Users\Polly1701\Dropbox
[2013.07.23 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.07.23 20:08:33 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\Dropbox
[2013.07.06 16:55:47 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\Tracing
[2013.07.06 16:53:48 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013.07.06 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.07.06 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Local\Windows Live
[2013.07.06 16:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.07.06 16:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.07.06 16:37:39 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\NCH Software
[2013.07.06 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\TuneUp Software
[2013.07.06 16:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.07.06 16:27:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.07.06 16:27:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.07.06 16:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.06 16:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.07.06 16:26:35 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\Babylon
[2013.07.06 16:26:26 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\OpenCandy
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.30 13:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Polly1701\Desktop\OTL.exe
[2013.07.30 13:42:45 | 000,000,000 | ---- | M] () -- C:\Users\Polly1701\defogger_reenable
[2013.07.30 13:41:34 | 000,050,477 | ---- | M] () -- C:\Users\Polly1701\Desktop\Defogger.exe
[2013.07.30 13:30:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.30 13:30:06 | 2962,395,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.30 13:27:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.29 22:40:56 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 22:40:56 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 22:22:07 | 000,181,452 | ---- | M] () -- C:\Users\Polly1701\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
[2013.07.29 22:22:01 | 000,183,296 | ---- | M] (NCSOFT Company) -- C:\Users\Polly1701\AppData\Local\JCmZFOv.exe
[2013.07.29 22:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.29 13:46:53 | 000,150,662 | ---- | M] () -- C:\Users\Polly1701\Desktop\Muellmax_2013_20130725_22379.pdf
[2013.07.27 13:13:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.27 13:13:24 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.27 13:13:24 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.27 13:13:24 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.27 13:13:24 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.23 20:11:44 | 000,001,040 | ---- | M] () -- C:\Users\Polly1701\Desktop\Dropbox.lnk
[2013.07.23 20:09:30 | 000,001,050 | ---- | M] () -- C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.07.11 16:58:38 | 000,437,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.08 22:11:14 | 000,111,068 | ---- | M] () -- C:\test.xml
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.30 13:42:45 | 000,000,000 | ---- | C] () -- C:\Users\Polly1701\defogger_reenable
[2013.07.30 13:41:34 | 000,050,477 | ---- | C] () -- C:\Users\Polly1701\Desktop\Defogger.exe
[2013.07.29 22:22:07 | 000,181,452 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
[2013.07.29 13:46:53 | 000,150,662 | ---- | C] () -- C:\Users\Polly1701\Desktop\Muellmax_2013_20130725_22379.pdf
[2013.07.23 20:11:44 | 000,001,040 | ---- | C] () -- C:\Users\Polly1701\Desktop\Dropbox.lnk
[2013.07.23 20:09:30 | 000,001,050 | ---- | C] () -- C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.07.06 16:53:30 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.07.06 16:53:20 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.07.06 16:52:44 | 000,001,418 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.07.06 16:52:18 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.11.26 20:32:41 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.09.29 01:16:48 | 000,002,176 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\recently-used.xbel
[2012.06.23 23:11:44 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.05.25 01:59:10 | 001,523,712 | ---- | C] () -- C:\Windows\SysWow64\falsesetproxy.exe
[2011.12.30 20:59:21 | 000,000,444 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011.12.30 20:57:55 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011.12.13 01:46:54 | 000,000,129 | ---- | C] () -- C:\Windows\winamp.ini
[2011.10.27 00:34:51 | 000,000,000 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\{B6B46446-11CD-4103-9CAF-718DFC697B12}
[2011.07.01 22:05:57 | 000,000,070 | ---- | C] () -- C:\Users\Polly1701\.bouml
[2011.07.01 22:04:53 | 000,000,052 | ---- | C] () -- C:\Users\Polly1701\.boumlrc
[2010.10.27 19:04:53 | 002,000,324 | ---- | C] () -- C:\Program Files (x86)\cdex_151.exe
[2010.05.04 17:20:06 | 000,000,016 | ---- | C] () -- C:\Users\Polly1701\persistent_state
[2010.02.01 21:43:04 | 000,028,672 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 20:48:43 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.02 06:05:31 | 000,000,000 | -HSD | M] -- C:\Users\Polly1701\AppData\Roaming\.#
[2013.03.13 13:58:20 | 000,000,000 | -HSD | M] -- C:\Users\Polly1701\AppData\Roaming\2DF42B
[2010.11.08 00:06:41 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Amazon
[2010.04.02 01:50:42 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Auslogics
[2013.07.06 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Babylon
[2013.07.06 16:35:34 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\DesktopIconForAmazon
[2013.07.30 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Dropbox
[2013.07.06 16:35:19 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\GinyasBrowserCompanion
[2013.03.13 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Java
[2011.12.30 21:11:23 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\MyHeritage
[2013.07.06 16:26:26 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\OpenCandy
[2010.05.07 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Opera
[2012.04.29 16:39:51 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Pixlromatic
[2010.02.01 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Protector Suite
[2011.02.02 17:22:29 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\QIP
[2013.05.24 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\The Bat!
[2011.12.30 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2013.07.06 16:28:05 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\TuneUp Software
[2013.07.29 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.07.30 02:49:34 | 000,016,165 | ---- | M] ()(C:\Users\Polly1701\Documents\????????_2011.docx) -- C:\Users\Polly1701\Documents\Беларусь_2011.docx
[2011.07.30 02:49:33 | 000,016,165 | ---- | C] ()(C:\Users\Polly1701\Documents\????????_2011.docx) -- C:\Users\Polly1701\Documents\Беларусь_2011.docx
[2010.06.18 14:16:53 | 000,026,112 | ---- | M] ()(C:\Users\Polly1701\Documents\? ? ? ? ? ? ? ? ? ? ? ?.doc) -- C:\Users\Polly1701\Documents\Д О В Е Р Е Н Н О С Т Ь.doc
[2010.06.18 14:16:53 | 000,026,112 | ---- | C] ()(C:\Users\Polly1701\Documents\? ? ? ? ? ? ? ? ? ? ? ?.doc) -- C:\Users\Polly1701\Documents\Д О В Е Р Е Н Н О С Т Ь.doc
[2010.04.30 11:29:53 | 000,030,720 | ---- | M] ()(C:\Users\Polly1701\Documents\?? ???????.doc) -- C:\Users\Polly1701\Documents\За туманам.doc
[2010.04.28 03:02:04 | 000,030,720 | ---- | C] ()(C:\Users\Polly1701\Documents\?? ???????.doc) -- C:\Users\Polly1701\Documents\За туманам.doc

< End of report >
         
--- --- ---
__________________

Alt 30.07.2013, 15:26   #4
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [aSQw8ccL0] C:\Users\Polly1701\AppData\Local\JCmZFOv.exe (NCSOFT Company)
[2013.07.29 22:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2013, 15:49   #5
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



OTL fix durchgeführt. Die Meldung ist schonmal veschwunden und der Rechner läuft im normalen Modus. Der Upload hat auch geklappt. Hier der Inhalt des Textdokuments:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aSQw8ccL0 deleted successfully.
C:\Users\Polly1701\AppData\Local\JCmZFOv.exe moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Polly1701
->Temp folder emptied: 1260326721 bytes
->Temporary Internet Files folder emptied: 12400058 bytes
->Java cache emptied: 63499290 bytes
->Opera cache emptied: 15524496 bytes
->Flash cache emptied: 59542 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533519 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 734284864 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42979450 bytes
RecycleBin emptied: 828453332 bytes

Total Files Cleaned = 2.822,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07302013_163026

Files\Folders moved on Reboot...
C:\Users\Polly1701\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Polly1701\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 30.07.2013, 15:53   #6
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Sehr gut.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei

Alt 30.07.2013, 16:57   #7
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Erledigt!
Allerdings bin ich mir nicht sicher, ob alles glatt verlaufen ist. Es kam in blauen combofix-fenster oft die Zeile "Zugriff verweigert" - lag vielleicht daran, dass ich Sophos nicht richtig deaktivieren konnte. Combofix ist trotzdem weiter gelaufen, anschließend hat es windows neu gestartet, ein Logfile wurde erstellt, jedoch nach der mehrfachen Meldung "die Datei "NircmdB.exe" konnte nicht gefunden werden". Beim Starten des Browsers kam dann die andere Fehlermeldung, auf die Sie hingewiesen haben. Hab den Rechner neu gestartet - jetzt funktioniert alles wieder. Hier ist die Log-Datei (hoffentlich klappt es jetzt mit den code-tags)
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-30.02 - Polly1701 30.07.2013  17:14:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3767.1894 [GMT 2:00]
ausgeführt von:: c:\users\Polly1701\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\boost_interprocess\20130730163145.125599
c:\programdata\boost_interprocess\20130730163145.125599\Nobu64AgentService2.7.2.25
c:\programdata\boost_interprocess\20130730163145.125599\Nobu64TrayIcon2.7.2.25
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\POLLY1~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Polly1701\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Polly1701\AppData\Roaming\.#
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\check_update.bat
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\csrss.exe
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\diakgcn121016.cl
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\libeay32.dll
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\libidn-11.dll
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\libusb-1.0.dll
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\OpenCL.dll
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\phatk121016.cl
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\ssleay32.dll
c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\zlib1.dll
c:\users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-28 bis 2013-07-30  ))))))))))))))))))))))))))))))
.
.
2013-07-30 14:40 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDBB21A1-93C4-4911-9DAA-0BF040464269}\mpengine.dll
2013-07-30 14:30 . 2013-07-30 14:41	--------	d-----w-	C:\_OTL
2013-07-23 18:11 . 2013-07-30 14:35	--------	d-----r-	c:\users\Polly1701\Dropbox
2013-07-23 18:08 . 2013-07-30 14:35	--------	d-----w-	c:\users\Polly1701\AppData\Roaming\Dropbox
2013-07-10 11:07 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-10 11:07 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-10 11:07 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-10 11:07 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 11:07 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 11:07 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 11:07 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 11:07 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-10 11:07 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-10 11:07 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-10 11:07 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 11:06 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-10 11:06 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 11:06 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 11:06 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 11:06 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:06 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:06 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-10 11:06 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-06 14:55 . 2013-07-06 14:55	--------	d-----w-	c:\users\Polly1701\Tracing
2013-07-06 14:53 . 2013-07-06 14:53	--------	d-----w-	c:\windows\en
2013-07-06 14:53 . 2013-07-06 14:53	--------	d-----w-	c:\windows\de
2013-07-06 14:48 . 2013-02-05 20:06	57840	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2013-07-06 14:46 . 2010-06-02 02:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-07-06 14:46 . 2010-06-02 02:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2013-07-06 14:46 . 2010-06-02 02:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2013-07-06 14:46 . 2010-06-02 02:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-07-06 14:46 . 2010-05-26 09:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-07-06 14:46 . 2010-05-26 09:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-07-06 14:46 . 2010-05-26 09:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2013-07-06 14:46 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2013-07-06 14:45 . 2009-09-04 15:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2013-07-06 14:45 . 2009-09-04 15:29	523088	----a-w-	c:\windows\system32\d3dx10_42.dll
2013-07-06 14:43 . 2013-07-06 14:43	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\3d5ecab21ce7a5707\DSETUP.dll
2013-07-06 14:43 . 2013-07-06 14:43	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\3d5ecab21ce7a5707\DXSETUP.exe
2013-07-06 14:43 . 2013-07-06 14:43	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\3d5ecab21ce7a5707\dsetup32.dll
2013-07-06 14:43 . 2013-07-06 14:43	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\35f50ce51ce7a5704\DSETUP.dll
2013-07-06 14:43 . 2013-07-06 14:43	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\35f50ce51ce7a5704\DXSETUP.exe
2013-07-06 14:43 . 2013-07-06 14:43	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\35f50ce51ce7a5704\dsetup32.dll
2013-07-06 14:43 . 2013-07-06 14:43	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\31e710821ce7a5702\DSETUP.dll
2013-07-06 14:43 . 2013-07-06 14:43	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\31e710821ce7a5702\DXSETUP.exe
2013-07-06 14:43 . 2013-07-06 14:43	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\31e710821ce7a5702\dsetup32.dll
2013-07-06 14:43 . 2013-07-16 22:03	--------	d-----w-	c:\users\Polly1701\AppData\Local\Windows Live
2013-07-06 14:38 . 2013-07-06 14:38	--------	d-----w-	c:\programdata\NCH Software
2013-07-06 14:37 . 2013-07-06 14:40	--------	d-----w-	c:\program files (x86)\NCH Software
2013-07-06 14:37 . 2013-07-06 14:40	--------	d-----w-	c:\users\Polly1701\AppData\Roaming\NCH Software
2013-07-06 14:28 . 2013-07-06 14:28	--------	d-----w-	c:\users\Polly1701\AppData\Roaming\TuneUp Software
2013-07-06 14:27 . 2013-07-06 14:28	--------	d-----w-	c:\programdata\TuneUp Software
2013-07-06 14:27 . 2013-07-06 14:27	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-06 14:27 . 2013-07-06 14:27	--------	d--h--w-	c:\programdata\Common Files
2013-07-06 14:26 . 2013-07-06 14:26	--------	d-----w-	c:\programdata\Babylon
2013-07-06 14:26 . 2013-07-06 14:26	--------	d-----w-	c:\users\Polly1701\AppData\Roaming\Babylon
2013-07-06 14:26 . 2013-07-06 14:26	--------	d-----w-	c:\users\Polly1701\AppData\Roaming\OpenCandy
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 16:57 . 2010-02-09 15:59	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-07-06 14:47 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-06 14:14 . 2010-02-01 20:37	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-07-06 14:14 . 2010-12-10 21:57	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-06 14:13 . 2010-02-19 16:14	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-07 12:19 . 2013-06-07 12:19	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-07 12:19 . 2013-06-07 12:19	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-07 12:19 . 2013-06-07 12:19	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-07 12:19 . 2013-06-07 12:19	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-07 12:19 . 2013-06-07 12:19	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-07 12:19 . 2013-06-07 12:19	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-07 12:19 . 2013-06-07 12:19	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-07 12:19 . 2013-06-07 12:19	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-07 12:19 . 2013-06-07 12:19	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-07 12:19 . 2013-06-07 12:19	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-07 12:19 . 2013-06-07 12:19	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-07 12:19 . 2013-06-07 12:19	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-07 12:19 . 2013-06-07 12:19	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-07 12:19 . 2013-06-07 12:19	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-07 12:19 . 2013-06-07 12:19	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-07 12:19 . 2013-06-07 12:19	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-07 12:19 . 2013-06-07 12:19	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-07 12:19 . 2013-06-07 12:19	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-07 12:19 . 2013-06-07 12:19	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-07 12:19 . 2013-06-07 12:19	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-07 12:19 . 2013-06-07 12:19	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-07 12:19 . 2013-06-07 12:19	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-07 12:19 . 2013-06-07 12:19	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-07 12:19 . 2013-06-07 12:19	441856	----a-w-	c:\windows\system32\html.iec
2013-06-07 12:19 . 2013-06-07 12:19	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-07 12:19 . 2013-06-07 12:19	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-07 12:19 . 2013-06-07 12:19	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-07 12:19 . 2013-06-07 12:19	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-07 12:19 . 2013-06-07 12:19	235008	----a-w-	c:\windows\system32\url.dll
2013-06-07 12:19 . 2013-06-07 12:19	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-07 12:19 . 2013-06-07 12:19	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-07 12:19 . 2013-06-07 12:19	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-06-07 12:19 . 2013-06-07 12:19	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-07 12:19 . 2013-06-07 12:19	144896	----a-w-	c:\windows\system32\wextract.exe
2013-06-07 12:19 . 2013-06-07 12:19	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-06-07 12:19 . 2013-06-07 12:19	102912	----a-w-	c:\windows\system32\inseng.dll
2013-06-07 12:19 . 2013-06-07 12:19	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-07 12:19 . 2013-06-07 12:19	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-07 12:19 . 2013-06-07 12:19	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-07 12:19 . 2013-06-07 12:19	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-07 12:19 . 2013-06-07 12:19	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-07 12:19 . 2013-06-07 12:19	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-07 12:19 . 2013-06-07 12:19	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-07 12:19 . 2013-06-07 12:19	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-07 12:19 . 2013-06-07 12:19	149504	----a-w-	c:\windows\system32\occache.dll
2013-06-07 12:19 . 2013-06-07 12:19	13824	----a-w-	c:\windows\system32\mshta.exe
2013-06-07 12:19 . 2013-06-07 12:19	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-06-07 12:19 . 2013-06-07 12:19	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-07 12:19 . 2013-06-07 12:19	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-13 05:51 . 2013-06-12 10:30	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 10:30	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 10:30	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 10:30	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 10:30	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 10:30	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 10:30	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 10:30	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:30	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:30	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 10:30	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 10:30	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 10:30	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-02-17 00:33	278800	------w-	c:\windows\system32\MpSigStub.exe
2010-10-27 17:04 . 2010-10-27 17:04	2000324	----a-w-	c:\program files (x86)\cdex_151.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-21 26624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-08-08 900160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Polly1701\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 18:20	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 netr7364;RT73-Drahtlostreiber für Vista von Conceptronic;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
S2 HI-epanel-Reporting-Service;HI-epanel-Reporting-Service;c:\program files (x86)\Digital Trends Club\HI-epanel-Reporting.exe;c:\program files (x86)\Digital Trends Club\HI-epanel-Reporting.exe [x]
S2 HI-epanel-Update-Service;HI-epanel-Update-Service;c:\program files (x86)\Digital Trends Club\HI-epanel-Updater.exe;c:\program files (x86)\Digital Trends Club\HI-epanel-Updater.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 12:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 13:18	5943048	----a-w-	c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 13:18	5943048	----a-w-	c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-21 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-26 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-26 410136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.qip.ru
mDefault_Search_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: Interfaces\{4183AE89-854E-467C-9FCC-94DE00E792A2}: NameServer = 134.147.32.40,134.147.222.4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Java Auto Update - c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe
Wow6432Node-HKLM-Run-cvYTlJojJpL.exe - c:\programdata\cvYTlJojJpL.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-30  17:30:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-30 15:30
.
Vor Suchlauf: 19 Verzeichnis(se), 372.890.681.344 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 372.717.383.680 Bytes frei
.
- - End Of File - - C376C5F390F5520ED7ACE97A55F3F0A4
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

[/CODE]

Alt 30.07.2013, 17:08   #8
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



passt.
bist du mal so gut und öffnest Computer, c: qoobox.
packe den ordner Quarantain und lade ihn im Uploadchannel hoch, bescheid geben, wenn fertig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2013, 17:16   #9
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Erledigt, aber beim Packen kam die Meldung, dass die Datei nicht geöffnet (oder gefunden?) werden konnte und "zugriff verweigert".
zip-Datei wurde trotzdem erstellt und der Upload hat geklappt.

Alt 30.07.2013, 17:20   #10
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi, passt.
1.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

2.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2013, 19:43   #11
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi,
beide Schritte geschafft!

1. Logfile TDSSKiller
Code:
ATTFilter
18:32:43.0594 6536  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:32:43.0610 6536  ============================================================
18:32:43.0610 6536  Current date / time: 2013/07/30 18:32:43.0610
18:32:43.0610 6536  SystemInfo:
18:32:43.0610 6536  
18:32:43.0610 6536  OS Version: 6.1.7601 ServicePack: 1.0
18:32:43.0610 6536  Product type: Workstation
18:32:43.0610 6536  ComputerName: POLLY
18:32:43.0610 6536  UserName: Polly1701
18:32:43.0610 6536  Windows directory: C:\Windows
18:32:43.0610 6536  System windows directory: C:\Windows
18:32:43.0610 6536  Running under WOW64
18:32:43.0610 6536  Processor architecture: Intel x64
18:32:43.0610 6536  Number of processors: 4
18:32:43.0610 6536  Page size: 0x1000
18:32:43.0610 6536  Boot type: Normal boot
18:32:43.0610 6536  ============================================================
18:32:44.0280 6536  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:44.0296 6536  ============================================================
18:32:44.0296 6536  \Device\Harddisk0\DR0:
18:32:44.0296 6536  MBR partitions:
18:32:44.0296 6536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1127800, BlocksNum 0x32000
18:32:44.0296 6536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1159800, BlocksNum 0x3922C030
18:32:44.0296 6536  ============================================================
18:32:44.0327 6536  C: <-> \Device\Harddisk0\DR0\Partition2
18:32:44.0327 6536  ============================================================
18:32:44.0327 6536  Initialize success
18:32:44.0327 6536  ============================================================
18:33:15.0481 4912  ============================================================
18:33:15.0481 4912  Scan started
18:33:15.0481 4912  Mode: Manual; SigCheck; TDLFS; 
18:33:15.0481 4912  ============================================================
18:33:15.0652 4912  ================ Scan system memory ========================
18:33:15.0652 4912  System memory - ok
18:33:15.0652 4912  ================ Scan services =============================
18:33:15.0839 4912  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:33:15.0949 4912  1394ohci - ok
18:33:16.0073 4912  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:33:16.0120 4912  ACDaemon - ok
18:33:16.0183 4912  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:33:16.0198 4912  ACPI - ok
18:33:16.0261 4912  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:33:16.0339 4912  AcpiPmi - ok
18:33:16.0401 4912  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:33:16.0448 4912  adp94xx - ok
18:33:16.0463 4912  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:33:16.0495 4912  adpahci - ok
18:33:16.0495 4912  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:33:16.0510 4912  adpu320 - ok
18:33:16.0557 4912  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:33:16.0713 4912  AeLookupSvc - ok
18:33:16.0775 4912  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:33:16.0853 4912  AFD - ok
18:33:16.0947 4912  [ B29BC445561F1AC7B1DAF67AF954C36B ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
18:33:16.0978 4912  AffinegyService - ok
18:33:17.0025 4912  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:33:17.0056 4912  agp440 - ok
18:33:17.0103 4912  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:33:17.0181 4912  ALG - ok
18:33:17.0243 4912  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:33:17.0275 4912  aliide - ok
18:33:17.0290 4912  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:33:17.0306 4912  amdide - ok
18:33:17.0353 4912  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:33:17.0415 4912  AmdK8 - ok
18:33:17.0415 4912  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:33:17.0477 4912  AmdPPM - ok
18:33:17.0509 4912  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:33:17.0540 4912  amdsata - ok
18:33:17.0571 4912  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:33:17.0602 4912  amdsbs - ok
18:33:17.0618 4912  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:33:17.0633 4912  amdxata - ok
18:33:17.0665 4912  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:33:17.0852 4912  AppID - ok
18:33:17.0883 4912  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:33:17.0961 4912  AppIDSvc - ok
18:33:18.0023 4912  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:33:18.0086 4912  Appinfo - ok
18:33:18.0164 4912  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:33:18.0195 4912  arc - ok
18:33:18.0211 4912  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:33:18.0226 4912  arcsas - ok
18:33:18.0273 4912  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:33:18.0304 4912  ArcSoftKsUFilter - ok
18:33:18.0335 4912  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:18.0413 4912  AsyncMac - ok
18:33:18.0476 4912  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:33:18.0491 4912  atapi - ok
18:33:18.0569 4912  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:33:18.0694 4912  athr - ok
18:33:18.0741 4912  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:33:18.0819 4912  AudioEndpointBuilder - ok
18:33:18.0835 4912  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:33:18.0866 4912  AudioSrv - ok
18:33:18.0913 4912  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:33:19.0006 4912  AxInstSV - ok
18:33:19.0069 4912  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:33:19.0131 4912  b06bdrv - ok
18:33:19.0178 4912  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:19.0225 4912  b57nd60a - ok
18:33:19.0287 4912  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:33:19.0334 4912  BDESVC - ok
18:33:19.0381 4912  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:33:19.0474 4912  Beep - ok
18:33:19.0552 4912  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:33:19.0599 4912  BFE - ok
18:33:19.0646 4912  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:33:19.0708 4912  BITS - ok
18:33:19.0755 4912  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:33:19.0786 4912  blbdrive - ok
18:33:19.0833 4912  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:33:19.0880 4912  bowser - ok
18:33:19.0927 4912  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:33:20.0020 4912  BrFiltLo - ok
18:33:20.0051 4912  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:33:20.0083 4912  BrFiltUp - ok
18:33:20.0145 4912  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:33:20.0207 4912  BridgeMP - ok
18:33:20.0254 4912  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:33:20.0317 4912  Browser - ok
18:33:20.0348 4912  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:33:20.0441 4912  Brserid - ok
18:33:20.0473 4912  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:20.0504 4912  BrSerWdm - ok
18:33:20.0535 4912  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:20.0566 4912  BrUsbMdm - ok
18:33:20.0597 4912  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:20.0629 4912  BrUsbSer - ok
18:33:20.0675 4912  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:33:20.0738 4912  BthEnum - ok
18:33:20.0785 4912  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:20.0831 4912  BTHMODEM - ok
18:33:20.0878 4912  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:33:20.0909 4912  BthPan - ok
18:33:20.0972 4912  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
18:33:21.0019 4912  BTHPORT - ok
18:33:21.0050 4912  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:33:21.0128 4912  bthserv - ok
18:33:21.0159 4912  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
18:33:21.0221 4912  BTHUSB - ok
18:33:21.0284 4912  [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
18:33:21.0315 4912  btusbflt - ok
18:33:21.0362 4912  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:33:21.0393 4912  btwaudio - ok
18:33:21.0455 4912  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
18:33:21.0502 4912  btwavdt - ok
18:33:21.0611 4912  [ 31DA517946FFE416442E864592548F8A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:33:21.0643 4912  btwdins - ok
18:33:21.0674 4912  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:33:21.0689 4912  btwl2cap - ok
18:33:21.0736 4912  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:33:21.0752 4912  btwrchid - ok
18:33:21.0908 4912  catchme - ok
18:33:21.0955 4912  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:33:22.0017 4912  cdfs - ok
18:33:22.0079 4912  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:33:22.0126 4912  cdrom - ok
18:33:22.0173 4912  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:33:22.0251 4912  CertPropSvc - ok
18:33:22.0313 4912  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:33:22.0360 4912  circlass - ok
18:33:22.0407 4912  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:33:22.0438 4912  CLFS - ok
18:33:22.0516 4912  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:22.0594 4912  clr_optimization_v2.0.50727_32 - ok
18:33:22.0641 4912  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:22.0672 4912  clr_optimization_v2.0.50727_64 - ok
18:33:22.0766 4912  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:22.0781 4912  clr_optimization_v4.0.30319_32 - ok
18:33:22.0844 4912  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:33:22.0859 4912  clr_optimization_v4.0.30319_64 - ok
18:33:22.0906 4912  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:33:22.0922 4912  CmBatt - ok
18:33:22.0953 4912  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:33:22.0969 4912  cmdide - ok
18:33:23.0015 4912  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:33:23.0031 4912  CNG - ok
18:33:23.0093 4912  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:33:23.0109 4912  Compbatt - ok
18:33:23.0156 4912  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:33:23.0203 4912  CompositeBus - ok
18:33:23.0218 4912  COMSysApp - ok
18:33:23.0265 4912  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:33:23.0281 4912  crcdisk - ok
18:33:23.0327 4912  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:33:23.0390 4912  CryptSvc - ok
18:33:23.0437 4912  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:33:23.0483 4912  DcomLaunch - ok
18:33:23.0530 4912  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:33:23.0577 4912  defragsvc - ok
18:33:23.0624 4912  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:33:23.0717 4912  DfsC - ok
18:33:23.0733 4912  DFUBTUSB - ok
18:33:23.0764 4912  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:33:23.0811 4912  Dhcp - ok
18:33:23.0842 4912  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:33:23.0905 4912  discache - ok
18:33:23.0936 4912  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:33:23.0951 4912  Disk - ok
18:33:23.0983 4912  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:33:24.0014 4912  Dnscache - ok
18:33:24.0045 4912  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:33:24.0139 4912  dot3svc - ok
18:33:24.0170 4912  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:33:24.0232 4912  DPS - ok
18:33:24.0279 4912  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:33:24.0310 4912  drmkaud - ok
18:33:24.0341 4912  dtpd - ok
18:33:24.0404 4912  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:33:24.0466 4912  DXGKrnl - ok
18:33:24.0497 4912  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:33:24.0560 4912  EapHost - ok
18:33:24.0669 4912  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:33:24.0794 4912  ebdrv - ok
18:33:24.0825 4912  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:33:24.0887 4912  EFS - ok
18:33:24.0965 4912  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:33:25.0059 4912  ehRecvr - ok
18:33:25.0090 4912  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:33:25.0137 4912  ehSched - ok
18:33:25.0199 4912  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:33:25.0246 4912  elxstor - ok
18:33:25.0262 4912  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:33:25.0293 4912  ErrDev - ok
18:33:25.0340 4912  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:33:25.0418 4912  EventSystem - ok
18:33:25.0496 4912  [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:33:25.0543 4912  EvtEng - ok
18:33:25.0558 4912  ewusbnet - ok
18:33:25.0574 4912  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:33:25.0621 4912  exfat - ok
18:33:25.0636 4912  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:33:25.0699 4912  fastfat - ok
18:33:25.0745 4912  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:33:25.0808 4912  Fax - ok
18:33:25.0823 4912  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:33:25.0839 4912  fdc - ok
18:33:25.0855 4912  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:33:25.0917 4912  fdPHost - ok
18:33:25.0933 4912  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:33:25.0979 4912  FDResPub - ok
18:33:26.0011 4912  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:33:26.0026 4912  FileInfo - ok
18:33:26.0042 4912  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:33:26.0089 4912  Filetrace - ok
18:33:26.0104 4912  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:33:26.0135 4912  flpydisk - ok
18:33:26.0167 4912  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:33:26.0182 4912  FltMgr - ok
18:33:26.0260 4912  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:33:26.0323 4912  FontCache - ok
18:33:26.0369 4912  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:33:26.0385 4912  FontCache3.0.0.0 - ok
18:33:26.0401 4912  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:33:26.0432 4912  FsDepends - ok
18:33:26.0479 4912  [ B3EB502D2C3F47C47415F85387DFAEF1 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
18:33:26.0510 4912  fssfltr - ok
18:33:26.0635 4912  [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:33:26.0728 4912  fsssvc - ok
18:33:26.0775 4912  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:33:26.0775 4912  Fs_Rec - ok
18:33:26.0822 4912  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:33:26.0853 4912  fvevol - ok
18:33:26.0900 4912  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:33:26.0931 4912  gagp30kx - ok
18:33:26.0993 4912  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:33:27.0056 4912  gpsvc - ok
18:33:27.0149 4912  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:27.0165 4912  gupdate - ok
18:33:27.0181 4912  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:27.0196 4912  gupdatem - ok
18:33:27.0259 4912  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:27.0321 4912  gusvc - ok
18:33:27.0337 4912  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:33:27.0399 4912  hcw85cir - ok
18:33:27.0446 4912  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:33:27.0508 4912  HdAudAddService - ok
18:33:27.0555 4912  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:33:27.0602 4912  HDAudBus - ok
18:33:27.0649 4912  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
18:33:27.0680 4912  HECIx64 - ok
18:33:27.0867 4912  [ AF53DDCC45B762176B6AC7FB2A9A4B6B ] HI-epanel-Reporting-Service C:\Program Files (x86)\Digital Trends Club\HI-epanel-Reporting.exe
18:33:27.0929 4912  HI-epanel-Reporting-Service - ok
18:33:27.0992 4912  [ 5AE7BBA88C1F0F5FDC719205B9006D85 ] HI-epanel-Update-Service C:\Program Files (x86)\Digital Trends Club\HI-epanel-Updater.exe
18:33:28.0023 4912  HI-epanel-Update-Service - ok
18:33:28.0054 4912  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:33:28.0085 4912  HidBatt - ok
18:33:28.0085 4912  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:33:28.0117 4912  HidBth - ok
18:33:28.0148 4912  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:33:28.0179 4912  HidIr - ok
18:33:28.0210 4912  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:33:28.0257 4912  hidserv - ok
18:33:28.0288 4912  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:33:28.0319 4912  HidUsb - ok
18:33:28.0351 4912  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:33:28.0397 4912  hkmsvc - ok
18:33:28.0429 4912  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:33:28.0491 4912  HomeGroupListener - ok
18:33:28.0522 4912  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:33:28.0553 4912  HomeGroupProvider - ok
18:33:28.0600 4912  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:33:28.0631 4912  HpSAMD - ok
18:33:28.0694 4912  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:33:28.0772 4912  HTTP - ok
18:33:28.0834 4912  hwdatacard - ok
18:33:28.0850 4912  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:33:28.0881 4912  hwpolicy - ok
18:33:28.0975 4912  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:33:28.0990 4912  i8042prt - ok
18:33:29.0084 4912  [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
18:33:29.0115 4912  iaStor - ok
18:33:29.0193 4912  [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:33:29.0224 4912  IAStorDataMgrSvc - ok
18:33:29.0287 4912  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:33:29.0333 4912  iaStorV - ok
18:33:29.0396 4912  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:33:29.0474 4912  idsvc - ok
18:33:29.0723 4912  [ 2835C0808BA40FA8BC141E6015EB2414 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:30.0020 4912  igfx - ok
18:33:30.0051 4912  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:33:30.0067 4912  iirsp - ok
18:33:30.0082 4912  iked - ok
18:33:30.0129 4912  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:33:30.0207 4912  IKEEXT - ok
18:33:30.0254 4912  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
18:33:30.0301 4912  Impcd - ok
18:33:30.0394 4912  [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:33:30.0457 4912  IntcAzAudAddService - ok
18:33:30.0503 4912  [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:33:30.0566 4912  IntcDAud - ok
18:33:30.0613 4912  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:33:30.0628 4912  intelide - ok
18:33:30.0675 4912  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
18:33:30.0706 4912  intelppm - ok
18:33:30.0722 4912  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:33:30.0784 4912  IPBusEnum - ok
18:33:30.0800 4912  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:30.0862 4912  IpFilterDriver - ok
18:33:30.0909 4912  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:33:30.0971 4912  iphlpsvc - ok
18:33:31.0003 4912  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:33:31.0034 4912  IPMIDRV - ok
18:33:31.0049 4912  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:33:31.0112 4912  IPNAT - ok
18:33:31.0127 4912  ipsecd - ok
18:33:31.0159 4912  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:33:31.0237 4912  IRENUM - ok
18:33:31.0283 4912  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:33:31.0315 4912  isapnp - ok
18:33:31.0346 4912  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:33:31.0393 4912  iScsiPrt - ok
18:33:31.0424 4912  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:33:31.0455 4912  kbdclass - ok
18:33:31.0502 4912  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:33:31.0533 4912  kbdhid - ok
18:33:31.0564 4912  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:33:31.0580 4912  KeyIso - ok
18:33:31.0611 4912  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:33:31.0627 4912  KSecDD - ok
18:33:31.0658 4912  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:33:31.0673 4912  KSecPkg - ok
18:33:31.0705 4912  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:33:31.0751 4912  ksthunk - ok
18:33:31.0783 4912  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:33:31.0892 4912  KtmRm - ok
18:33:31.0923 4912  [ E84DA1A93978B3700EA63414357B9BA3 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:33:31.0954 4912  L1C - ok
18:33:32.0017 4912  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:33:32.0095 4912  LanmanServer - ok
18:33:32.0141 4912  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:33:32.0219 4912  LanmanWorkstation - ok
18:33:32.0266 4912  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:33:32.0344 4912  lltdio - ok
18:33:32.0375 4912  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:33:32.0485 4912  lltdsvc - ok
18:33:32.0500 4912  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:33:32.0547 4912  lmhosts - ok
18:33:32.0594 4912  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:33:32.0594 4912  LMS ( UnsignedFile.Multi.Generic ) - warning
18:33:32.0594 4912  LMS - detected UnsignedFile.Multi.Generic (1)
18:33:32.0641 4912  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:33:32.0672 4912  LSI_FC - ok
18:33:32.0672 4912  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:33:32.0703 4912  LSI_SAS - ok
18:33:32.0703 4912  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:33:32.0719 4912  LSI_SAS2 - ok
18:33:32.0734 4912  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:33:32.0750 4912  LSI_SCSI - ok
18:33:32.0765 4912  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:33:32.0828 4912  luafv - ok
18:33:32.0875 4912  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:33:32.0906 4912  MBAMProtector - ok
18:33:32.0984 4912  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:33:33.0015 4912  MBAMScheduler - ok
18:33:33.0062 4912  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:33:33.0093 4912  MBAMService - ok
18:33:33.0124 4912  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:33:33.0155 4912  Mcx2Svc - ok
18:33:33.0187 4912  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:33:33.0218 4912  megasas - ok
18:33:33.0233 4912  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:33:33.0249 4912  MegaSR - ok
18:33:33.0327 4912  Microsoft SharePoint Workspace Audit Service - ok
18:33:33.0358 4912  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:33:33.0436 4912  MMCSS - ok
18:33:33.0452 4912  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:33:33.0483 4912  Modem - ok
18:33:33.0514 4912  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:33:33.0545 4912  monitor - ok
18:33:33.0577 4912  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:33:33.0592 4912  mouclass - ok
18:33:33.0639 4912  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:33:33.0686 4912  mouhid - ok
18:33:33.0733 4912  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:33:33.0748 4912  mountmgr - ok
18:33:33.0764 4912  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:33:33.0795 4912  mpio - ok
18:33:33.0826 4912  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:33:33.0857 4912  mpsdrv - ok
18:33:33.0904 4912  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:33:33.0967 4912  MpsSvc - ok
18:33:33.0998 4912  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:33:34.0045 4912  MRxDAV - ok
18:33:34.0076 4912  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:34.0123 4912  mrxsmb - ok
18:33:34.0154 4912  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:34.0185 4912  mrxsmb10 - ok
18:33:34.0216 4912  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:34.0263 4912  mrxsmb20 - ok
18:33:34.0294 4912  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:33:34.0325 4912  msahci - ok
18:33:34.0357 4912  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:33:34.0388 4912  msdsm - ok
18:33:34.0403 4912  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:33:34.0435 4912  MSDTC - ok
18:33:34.0481 4912  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:33:34.0528 4912  Msfs - ok
18:33:34.0559 4912  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:33:34.0622 4912  mshidkmdf - ok
18:33:34.0653 4912  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:33:34.0669 4912  msisadrv - ok
18:33:34.0700 4912  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:33:34.0762 4912  MSiSCSI - ok
18:33:34.0778 4912  msiserver - ok
18:33:34.0809 4912  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:33:34.0887 4912  MSKSSRV - ok
18:33:34.0903 4912  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:34.0965 4912  MSPCLOCK - ok
18:33:34.0981 4912  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:33:35.0027 4912  MSPQM - ok
18:33:35.0059 4912  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:33:35.0090 4912  MsRPC - ok
18:33:35.0121 4912  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:33:35.0121 4912  mssmbios - ok
18:33:35.0168 4912  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:33:35.0215 4912  MSTEE - ok
18:33:35.0246 4912  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:33:35.0261 4912  MTConfig - ok
18:33:35.0277 4912  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:33:35.0277 4912  Mup - ok
18:33:35.0308 4912  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:33:35.0371 4912  napagent - ok
18:33:35.0402 4912  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:33:35.0449 4912  NativeWifiP - ok
18:33:35.0511 4912  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:33:35.0542 4912  NDIS - ok
18:33:35.0589 4912  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:35.0636 4912  NdisCap - ok
18:33:35.0667 4912  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:35.0729 4912  NdisTapi - ok
18:33:35.0761 4912  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:35.0807 4912  Ndisuio - ok
18:33:35.0839 4912  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:35.0917 4912  NdisWan - ok
18:33:35.0948 4912  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:33:35.0995 4912  NDProxy - ok
18:33:36.0057 4912  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:33:36.0119 4912  NetBIOS - ok
18:33:36.0166 4912  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:33:36.0229 4912  NetBT - ok
18:33:36.0260 4912  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:33:36.0275 4912  Netlogon - ok
18:33:36.0322 4912  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:33:36.0385 4912  Netman - ok
18:33:36.0416 4912  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:33:36.0463 4912  netprofm - ok
18:33:36.0541 4912  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
18:33:36.0587 4912  netr7364 - ok
18:33:36.0619 4912  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:36.0728 4912  NetTcpPortSharing - ok
18:33:36.0899 4912  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
18:33:37.0133 4912  NETw5s64 - ok
18:33:37.0196 4912  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:33:37.0227 4912  nfrd960 - ok
18:33:37.0258 4912  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:33:37.0289 4912  NlaSvc - ok
18:33:37.0492 4912  [ D884316E70D9BD296EDA37890DAC7BAA ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:33:37.0555 4912  NOBU - ok
18:33:37.0570 4912  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:33:37.0617 4912  Npfs - ok
18:33:37.0648 4912  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:33:37.0679 4912  nsi - ok
18:33:37.0711 4912  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:33:37.0773 4912  nsiproxy - ok
18:33:37.0835 4912  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:33:37.0882 4912  Ntfs - ok
18:33:37.0913 4912  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:33:37.0945 4912  Null - ok
18:33:37.0991 4912  [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:33:38.0007 4912  NVHDA - ok
18:33:38.0288 4912  [ 9D1B69708732B57D1DBC0F648692A04B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:33:38.0631 4912  nvlddmkm - ok
18:33:38.0662 4912  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:33:38.0678 4912  nvraid - ok
18:33:38.0709 4912  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:33:38.0756 4912  nvstor - ok
18:33:38.0803 4912  [ 95D57F391BF4E81A5A9348B57A509E31 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:33:38.0818 4912  nvsvc - ok
18:33:38.0865 4912  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:33:38.0881 4912  nv_agp - ok
18:33:38.0912 4912  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:33:38.0927 4912  ohci1394 - ok
18:33:38.0990 4912  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:39.0052 4912  ose - ok
18:33:39.0255 4912  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:33:39.0583 4912  osppsvc - ok
18:33:39.0614 4912  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:33:39.0661 4912  p2pimsvc - ok
18:33:39.0692 4912  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:33:39.0723 4912  p2psvc - ok
18:33:39.0754 4912  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:33:39.0770 4912  Parport - ok
18:33:39.0801 4912  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:33:39.0817 4912  partmgr - ok
18:33:39.0848 4912  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:33:39.0879 4912  PcaSvc - ok
18:33:39.0910 4912  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:33:39.0926 4912  pci - ok
18:33:39.0957 4912  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:33:39.0973 4912  pciide - ok
18:33:40.0004 4912  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:33:40.0051 4912  pcmcia - ok
18:33:40.0051 4912  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:33:40.0066 4912  pcw - ok
18:33:40.0097 4912  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:33:40.0144 4912  PEAUTH - ok
18:33:40.0222 4912  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:33:40.0269 4912  PerfHost - ok
18:33:40.0331 4912  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:33:40.0425 4912  pla - ok
18:33:40.0456 4912  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:33:40.0519 4912  PlugPlay - ok
18:33:40.0597 4912  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
18:33:40.0612 4912  PMBDeviceInfoProvider - ok
18:33:40.0643 4912  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:33:40.0690 4912  PNRPAutoReg - ok
18:33:40.0721 4912  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:33:40.0737 4912  PNRPsvc - ok
18:33:40.0784 4912  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:33:40.0862 4912  PolicyAgent - ok
18:33:40.0909 4912  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:33:40.0971 4912  Power - ok
18:33:41.0018 4912  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:33:41.0080 4912  PptpMiniport - ok
18:33:41.0111 4912  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:33:41.0127 4912  Processor - ok
18:33:41.0158 4912  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:33:41.0221 4912  ProfSvc - ok
18:33:41.0236 4912  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:33:41.0236 4912  ProtectedStorage - ok
18:33:41.0283 4912  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:33:41.0361 4912  Psched - ok
18:33:41.0408 4912  [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:33:41.0408 4912  PxHlpa64 - ok
18:33:41.0470 4912  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:33:41.0533 4912  ql2300 - ok
18:33:41.0564 4912  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:33:41.0579 4912  ql40xx - ok
18:33:41.0611 4912  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:33:41.0626 4912  QWAVE - ok
18:33:41.0642 4912  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:33:41.0673 4912  QWAVEdrv - ok
18:33:41.0689 4912  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:33:41.0751 4912  RasAcd - ok
18:33:41.0782 4912  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:41.0829 4912  RasAgileVpn - ok
18:33:41.0845 4912  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:33:41.0907 4912  RasAuto - ok
18:33:41.0954 4912  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:42.0032 4912  Rasl2tp - ok
18:33:42.0094 4912  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:33:42.0125 4912  RasMan - ok
18:33:42.0172 4912  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:42.0250 4912  RasPppoe - ok
18:33:42.0266 4912  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:33:42.0328 4912  RasSstp - ok
18:33:42.0359 4912  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:33:42.0422 4912  rdbss - ok
18:33:42.0453 4912  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:33:42.0500 4912  rdpbus - ok
18:33:42.0515 4912  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:42.0578 4912  RDPCDD - ok
18:33:42.0609 4912  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:33:43.0280 4912  RDPENCDD - ok
18:33:43.0327 4912  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:33:43.0358 4912  RDPREFMP - ok
18:33:43.0389 4912  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:33:43.0436 4912  RDPWD - ok
18:33:43.0483 4912  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:33:43.0514 4912  rdyboost - ok
18:33:43.0592 4912  [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:33:43.0623 4912  RegSrvc - ok
18:33:43.0654 4912  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:33:43.0701 4912  RemoteAccess - ok
18:33:43.0732 4912  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:33:43.0795 4912  RemoteRegistry - ok
18:33:43.0841 4912  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:33:43.0873 4912  RFCOMM - ok
18:33:43.0904 4912  [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci         C:\Windows\system32\drivers\rimssne64.sys
18:33:43.0951 4912  rimspci - ok
18:33:44.0013 4912  [ AA7B4AC7CB1281349CD61DE067F00D5D ] risdsnpe        C:\Windows\system32\drivers\risdsne64.sys
18:33:44.0060 4912  risdsnpe - ok
18:33:44.0138 4912  [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
18:33:44.0216 4912  Roxio UPnP Renderer 10 - ok
18:33:44.0247 4912  [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
18:33:44.0263 4912  Roxio Upnp Server 10 - ok
18:33:44.0278 4912  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:33:44.0325 4912  RpcEptMapper - ok
18:33:44.0356 4912  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:33:44.0372 4912  RpcLocator - ok
18:33:44.0403 4912  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:33:44.0450 4912  RpcSs - ok
18:33:44.0497 4912  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:33:44.0528 4912  rspndr - ok
18:33:44.0575 4912  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:33:44.0590 4912  SamSs - ok
18:33:44.0731 4912  [ 26A05F8833938BD989199E8681B53B86 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:33:44.0746 4912  SAVAdminService - ok
18:33:44.0809 4912  [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
18:33:44.0840 4912  SAVOnAccess - ok
18:33:44.0918 4912  [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
18:33:44.0933 4912  SAVService - ok
18:33:44.0965 4912  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:33:44.0996 4912  sbp2port - ok
18:33:45.0027 4912  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:33:45.0089 4912  SCardSvr - ok
18:33:45.0105 4912  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:33:45.0152 4912  scfilter - ok
18:33:45.0199 4912  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:33:45.0261 4912  Schedule - ok
18:33:45.0292 4912  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:33:45.0323 4912  SCPolicySvc - ok
18:33:45.0370 4912  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:33:45.0401 4912  sdbus - ok
18:33:45.0448 4912  [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
18:33:45.0464 4912  sdcfilter - ok
18:33:45.0495 4912  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:33:45.0557 4912  SDRSVC - ok
18:33:45.0604 4912  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:33:45.0667 4912  secdrv - ok
18:33:45.0698 4912  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:33:45.0729 4912  seclogon - ok
18:33:45.0760 4912  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:33:45.0838 4912  SENS - ok
18:33:45.0869 4912  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:33:45.0901 4912  SensrSvc - ok
18:33:45.0916 4912  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:33:45.0932 4912  Serenum - ok
18:33:45.0932 4912  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:33:45.0963 4912  Serial - ok
18:33:45.0994 4912  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:33:46.0025 4912  sermouse - ok
18:33:46.0057 4912  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:33:46.0135 4912  SessionEnv - ok
18:33:46.0166 4912  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
18:33:46.0213 4912  SFEP - ok
18:33:46.0244 4912  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:33:46.0275 4912  sffdisk - ok
18:33:46.0275 4912  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:33:46.0306 4912  sffp_mmc - ok
18:33:46.0322 4912  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:33:46.0369 4912  sffp_sd - ok
18:33:46.0400 4912  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:33:46.0447 4912  sfloppy - ok
18:33:46.0493 4912  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:33:46.0571 4912  SharedAccess - ok
18:33:46.0603 4912  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:33:46.0649 4912  ShellHWDetection - ok
18:33:46.0681 4912  [ C06CCD29F5C15B610237E86F82085E77 ] shpf            C:\Windows\system32\DRIVERS\shpf.sys
18:33:46.0696 4912  shpf - ok
18:33:46.0727 4912  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:33:46.0743 4912  SiSRaid2 - ok
18:33:46.0759 4912  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:33:46.0774 4912  SiSRaid4 - ok
18:33:46.0852 4912  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:33:46.0868 4912  SkypeUpdate - ok
18:33:46.0899 4912  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:33:46.0961 4912  Smb - ok
18:33:47.0024 4912  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:33:47.0055 4912  SNMPTRAP - ok
18:33:47.0133 4912  [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
18:33:47.0164 4912  SOHCImp - ok
18:33:47.0180 4912  [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
18:33:47.0211 4912  SOHDBSvr - ok
18:33:47.0227 4912  [ 556681BE668D71DC162391A45422B52C ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
18:33:47.0258 4912  SOHDms - ok
18:33:47.0289 4912  [ 72B46103E4111439109ACF5882627C24 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
18:33:47.0305 4912  SOHDs - ok
18:33:47.0320 4912  [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
18:33:47.0351 4912  SOHPlMgr - ok
18:33:47.0414 4912  [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
18:33:47.0429 4912  Sophos AutoUpdate Service - ok
18:33:47.0507 4912  [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
18:33:47.0539 4912  Sophos Web Control Service - ok
18:33:47.0617 4912  [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
18:33:47.0648 4912  SophosBootDriver - ok
18:33:47.0663 4912  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:33:47.0679 4912  spldr - ok
18:33:47.0726 4912  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:33:47.0773 4912  Spooler - ok
18:33:47.0882 4912  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:33:47.0991 4912  sppsvc - ok
18:33:48.0022 4912  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:33:48.0085 4912  sppuinotify - ok
18:33:48.0116 4912  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:33:48.0163 4912  srv - ok
18:33:48.0194 4912  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:33:48.0225 4912  srv2 - ok
18:33:48.0256 4912  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:33:48.0303 4912  srvnet - ok
18:33:48.0350 4912  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:33:48.0443 4912  SSDPSRV - ok
18:33:48.0459 4912  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:33:48.0490 4912  SstpSvc - ok
18:33:48.0521 4912  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:33:48.0537 4912  stexstor - ok
18:33:48.0584 4912  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:33:48.0599 4912  stisvc - ok
18:33:48.0631 4912  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:33:48.0646 4912  swenum - ok
18:33:48.0771 4912  [ B3379659D773BFDD3B631F5FEE2FF2B3 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:33:48.0833 4912  swi_service - ok
18:33:48.0989 4912  [ F6A5E474ED27BA7938A1D0CA19F7008B ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
18:33:49.0083 4912  swi_update_64 - ok
18:33:49.0114 4912  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:33:49.0177 4912  swprv - ok
18:33:49.0223 4912  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:33:49.0255 4912  SynTP - ok
18:33:49.0333 4912  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:33:49.0395 4912  SysMain - ok
18:33:49.0426 4912  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:33:49.0442 4912  TabletInputService - ok
18:33:49.0457 4912  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:33:49.0520 4912  TapiSrv - ok
18:33:49.0551 4912  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:33:49.0629 4912  TBS - ok
18:33:49.0723 4912  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:33:49.0754 4912  Tcpip - ok
18:33:49.0832 4912  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:33:49.0879 4912  TCPIP6 - ok
18:33:49.0910 4912  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:33:49.0941 4912  tcpipreg - ok
18:33:49.0972 4912  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:33:50.0019 4912  TDPIPE - ok
18:33:50.0035 4912  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:33:50.0081 4912  TDTCP - ok
18:33:50.0128 4912  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:33:50.0191 4912  tdx - ok
18:33:50.0222 4912  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:33:50.0253 4912  TermDD - ok
18:33:50.0284 4912  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:33:50.0331 4912  TermService - ok
18:33:50.0362 4912  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:33:50.0409 4912  Themes - ok
18:33:50.0456 4912  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:33:50.0503 4912  THREADORDER - ok
18:33:50.0534 4912  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:33:50.0581 4912  TrkWks - ok
18:33:50.0643 4912  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:33:50.0705 4912  TrustedInstaller - ok
18:33:50.0721 4912  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:50.0768 4912  tssecsrv - ok
18:33:50.0846 4912  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:33:50.0893 4912  TsUsbFlt - ok
18:33:50.0939 4912  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:33:51.0002 4912  tunnel - ok
18:33:51.0033 4912  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:33:51.0049 4912  uagp35 - ok
18:33:51.0111 4912  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:33:51.0142 4912  uCamMonitor - ok
18:33:51.0173 4912  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:33:51.0267 4912  udfs - ok
18:33:51.0298 4912  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:33:51.0314 4912  UI0Detect - ok
18:33:51.0345 4912  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:33:51.0392 4912  uliagpkx - ok
18:33:51.0439 4912  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:33:51.0485 4912  umbus - ok
18:33:51.0532 4912  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:33:51.0563 4912  UmPass - ok
18:33:51.0673 4912  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:33:51.0735 4912  UNS ( UnsignedFile.Multi.Generic ) - warning
18:33:51.0735 4912  UNS - detected UnsignedFile.Multi.Generic (1)
18:33:51.0766 4912  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:33:51.0813 4912  upnphost - ok
18:33:51.0844 4912  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:33:51.0891 4912  usbccgp - ok
18:33:51.0907 4912  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:33:51.0922 4912  usbcir - ok
18:33:51.0953 4912  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:33:51.0985 4912  usbehci - ok
18:33:52.0031 4912  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:33:52.0094 4912  usbhub - ok
18:33:52.0125 4912  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:33:52.0156 4912  usbohci - ok
18:33:52.0187 4912  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:33:52.0234 4912  usbprint - ok
18:33:52.0265 4912  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:52.0328 4912  USBSTOR - ok
18:33:52.0328 4912  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:33:52.0375 4912  usbuhci - ok
18:33:52.0421 4912  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:33:52.0453 4912  usbvideo - ok
18:33:52.0484 4912  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:33:52.0546 4912  UxSms - ok
18:33:52.0593 4912  [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:33:52.0640 4912  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:33:52.0640 4912  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:33:52.0718 4912  [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
18:33:52.0733 4912  VAIO Event Service - ok
18:33:52.0780 4912  [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:33:52.0811 4912  VAIO Power Management - ok
18:33:52.0827 4912  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:33:52.0827 4912  VaultSvc - ok
18:33:52.0889 4912  [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:33:52.0921 4912  VCFw - ok
18:33:53.0030 4912  [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:33:53.0045 4912  VcmIAlzMgr - ok
18:33:53.0092 4912  [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
18:33:53.0155 4912  VcmINSMgr - ok
18:33:53.0248 4912  [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
18:33:53.0279 4912  VcmXmlIfHelper - ok
18:33:53.0342 4912  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
18:33:53.0357 4912  VCService - ok
18:33:53.0404 4912  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:33:53.0420 4912  vdrvroot - ok
18:33:53.0467 4912  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:33:53.0545 4912  vds - ok
18:33:53.0560 4912  [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt            C:\Windows\system32\DRIVERS\vfilter.sys
18:33:53.0623 4912  vflt - ok
18:33:53.0654 4912  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:53.0669 4912  vga - ok
18:33:53.0685 4912  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:33:53.0732 4912  VgaSave - ok
18:33:53.0763 4912  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:33:53.0794 4912  vhdmp - ok
18:33:53.0825 4912  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:33:53.0841 4912  viaide - ok
18:33:53.0872 4912  [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
18:33:53.0919 4912  vnet - ok
18:33:53.0966 4912  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:33:53.0981 4912  volmgr - ok
18:33:54.0013 4912  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:33:54.0044 4912  volmgrx - ok
18:33:54.0059 4912  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:33:54.0075 4912  volsnap - ok
18:33:54.0122 4912  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:33:54.0169 4912  vsmraid - ok
18:33:54.0247 4912  [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
18:33:54.0278 4912  VSNService ( UnsignedFile.Multi.Generic ) - warning
18:33:54.0278 4912  VSNService - detected UnsignedFile.Multi.Generic (1)
18:33:54.0340 4912  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:33:54.0449 4912  VSS - ok
18:33:54.0715 4912  [ 630BC8454C8F1398CE4FAEA1FBF62789 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
18:33:54.0746 4912  VUAgent - ok
18:33:54.0777 4912  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:33:54.0808 4912  vwifibus - ok
18:33:54.0824 4912  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:33:54.0855 4912  vwififlt - ok
18:33:54.0902 4912  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:33:54.0933 4912  vwifimp - ok
18:33:54.0980 4912  [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc        C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:33:54.0995 4912  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
18:33:54.0995 4912  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
18:33:55.0042 4912  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:33:55.0120 4912  W32Time - ok
18:33:55.0136 4912  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:33:55.0167 4912  WacomPen - ok
18:33:55.0214 4912  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:33:55.0276 4912  WANARP - ok
18:33:55.0307 4912  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:33:55.0339 4912  Wanarpv6 - ok
18:33:55.0432 4912  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:33:55.0495 4912  WatAdminSvc - ok
18:33:55.0573 4912  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:33:55.0666 4912  wbengine - ok
18:33:55.0713 4912  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:33:55.0760 4912  WbioSrvc - ok
18:33:55.0791 4912  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:33:55.0838 4912  wcncsvc - ok
18:33:55.0869 4912  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:33:55.0900 4912  WcsPlugInService - ok
18:33:55.0931 4912  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:33:55.0947 4912  Wd - ok
18:33:55.0994 4912  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:33:56.0009 4912  Wdf01000 - ok
18:33:56.0041 4912  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:33:56.0119 4912  WdiServiceHost - ok
18:33:56.0150 4912  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:33:56.0165 4912  WdiSystemHost - ok
18:33:56.0197 4912  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:33:56.0243 4912  WebClient - ok
18:33:56.0259 4912  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:33:56.0337 4912  Wecsvc - ok
18:33:56.0353 4912  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:33:56.0399 4912  wercplsupport - ok
18:33:56.0446 4912  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:33:56.0477 4912  WerSvc - ok
18:33:56.0524 4912  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:56.0587 4912  WfpLwf - ok
18:33:56.0602 4912  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:33:56.0618 4912  WIMMount - ok
18:33:56.0633 4912  WinDefend - ok
18:33:56.0633 4912  WinHttpAutoProxySvc - ok
18:33:56.0711 4912  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:33:56.0758 4912  Winmgmt - ok
18:33:56.0836 4912  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:33:56.0945 4912  WinRM - ok
18:33:56.0992 4912  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
18:33:57.0039 4912  WinUsb - ok
18:33:57.0086 4912  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:33:57.0133 4912  Wlansvc - ok
18:33:57.0273 4912  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:33:57.0320 4912  wlidsvc - ok
18:33:57.0351 4912  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:33:57.0382 4912  WmiAcpi - ok
18:33:57.0413 4912  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:33:57.0460 4912  wmiApSrv - ok
18:33:57.0491 4912  WMPNetworkSvc - ok
18:33:57.0491 4912  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:33:57.0538 4912  WPCSvc - ok
18:33:57.0585 4912  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:33:57.0601 4912  WPDBusEnum - ok
18:33:57.0632 4912  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:33:57.0710 4912  ws2ifsl - ok
18:33:57.0741 4912  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:33:57.0788 4912  wscsvc - ok
18:33:57.0788 4912  WSearch - ok
18:33:57.0881 4912  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:33:57.0928 4912  wuauserv - ok
18:33:57.0944 4912  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:33:57.0991 4912  WudfPf - ok
18:33:58.0022 4912  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:33:58.0053 4912  WUDFRd - ok
18:33:58.0100 4912  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:33:58.0131 4912  wudfsvc - ok
18:33:58.0162 4912  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:33:58.0209 4912  WwanSvc - ok
18:33:58.0256 4912  ================ Scan global ===============================
18:33:58.0287 4912  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:33:58.0318 4912  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:33:58.0334 4912  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:33:58.0365 4912  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:33:58.0381 4912  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:33:58.0381 4912  [Global] - ok
18:33:58.0396 4912  ================ Scan MBR ==================================
18:33:58.0396 4912  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:33:59.0457 4912  \Device\Harddisk0\DR0 - ok
18:33:59.0457 4912  ================ Scan VBR ==================================
18:33:59.0488 4912  [ 908042BAFC5F5B88552BFFA9ADA6EC0C ] \Device\Harddisk0\DR0\Partition1
18:33:59.0488 4912  \Device\Harddisk0\DR0\Partition1 - ok
18:33:59.0504 4912  [ E7F60DEC86C4EE3CD610F96DEF960160 ] \Device\Harddisk0\DR0\Partition2
18:33:59.0504 4912  \Device\Harddisk0\DR0\Partition2 - ok
18:33:59.0519 4912  ============================================================
18:33:59.0519 4912  Scan finished
18:33:59.0519 4912  ============================================================
18:33:59.0519 4380  Detected object count: 5
18:33:59.0519 4380  Actual detected object count: 5
18:34:50.0001 4380  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:50.0001 4380  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:34:50.0001 4380  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:50.0001 4380  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:34:50.0001 4380  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:50.0001 4380  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:34:50.0017 4380  VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:50.0017 4380  VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:34:50.0017 4380  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:50.0017 4380  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:35:31.0484 2664  Deinitialize success
         
2. Logfile Malwarebytes (alles entfernt, Neustart durchgeführt)

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Polly1701 :: POLLY [Administrator]

30.07.2013 18:49:43
mbam-log-2013-07-30 (18-49-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423163
Laufzeit: 1 Stunde(n), 36 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Polly1701\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\Polly1701\AppData\Roaming\OpenCandy\4E9A37112048444581B2FB36B389EA58\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles.zip (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07302013_163026\C_Users\Polly1701\AppData\Local\JCmZFOv.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Polly1701\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 30.07.2013, 19:52   #12
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi,

lade den CCleaner standard:
http://filepony.de/download-ccleaner/
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2013, 20:50   #13
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi,
hier ist die Liste. Bei manchen Programmen hab ich "unbekannt" dahinter geschrieben, wobei ich nicht weiß, ob die Programme nicht für irgendwelche Hintergrundprozesse oder ähnliches benötigt werden (z.B. Programme von Microsoft, Sony/Vaio, Skype). Ich kann aber auch die Liste gern überarbeiten!

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	17.06.2013		3.7.0.2090			notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.06.2012	6,00 MB	11.3.300.257	notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	19.12.2012	6,00 MB	11.5.502.135	notwendig	
Adobe Reader 9.5.2 - Deutsch	Adobe Systems Incorporated	06.11.2012	119 MB	9.5.2		notwendig
Amazon MP3-Downloader 1.0.17	Amazon Services LLC	21.12.2012		1.0.17			notwendig
Apple Application Support	Apple Inc.	17.04.2011	52,8 MB	1.4.1				unbekannt
Apple Software Update	Apple Inc.	07.08.2011	2,38 MB	2.1.3.127				unbekannt
ArcSoft Magic-i Visual Effects 2	ArcSoft	21.01.2010		2.0.1.85			notwendig
ArcSoft PhotoBase 3		17.02.2010		unnötig
ArcSoft PhotoStudio 5		17.02.2010		notwendig
ArcSoft WebCam Companion 3	ArcSoft	06.08.2011		3.0.21.390				notwendig
ArgoUML Latest Stable Release 0.32.2	Tigris.org (Open Source)	29.06.2011			unbekannt
Belkin Installationsprogramm und Router Monitor		03.11.2011	47,5 MB				notwendig
CCleaner	Piriform	22.07.2013		4.04		notwendig
CDex extraction audio		27.10.2010			notwendig
Digital Trends Club	HI-epanel	23.08.2011	8,92 MB	11.1.3067				notwendig
Dropbox	Dropbox, Inc.	23.07.2013		2.0.26		notwendig
Einstellungen für VAIO-Inhaltsüberwachung	Sony Corporation	21.01.2010		2.4.1.09180	unbekannt
Evernote	Evernote Corp.	03.02.2010	88,2 MB	3.5.0.1258	unnötig
Google Chrome	Google Inc.	21.01.2010		3.0.195.21	unnötig
Google Earth Plug-in	Google	23.03.2013	80,7 MB	7.0.3.8542	notwendig
Google Toolbar for Internet Explorer	Google Inc.	25.06.2013		7.5.4209.2358 unnötig
Intel(R) Control Center	Intel Corporation	26.11.2012		1.2.1.1007				notwendig
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	26.11.2012		8.15.10.2040	notwendig
Intel(R) Management Engine Components	Intel Corporation	08.11.2012		6.0.0.1179		notwendig
Intel(R) PROSet/Wireless WiFi-Software	Intel Corporation	21.01.2010	109 MB	13.00.0000		notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	26.11.2012		9.5.4.1001		notwendig
Java(TM) 6 Update 16 (64-bit)	Sun Microsystems, Inc.	21.01.2010	90,8 MB	6.0.160				notwendig
Java(TM) 6 Update 20	Sun Microsystems, Inc.	21.01.2010	97,6 MB	6.0.200					notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	30.07.2013	19,2 MB	1.75.0.1300		notwendig
Media Gallery	Sony Corporation	21.01.2010		1.1.0.10210 unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	22.09.2010	38,8 MB	4.0.30319			unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	22.09.2010	2,93 MB	4.0.30319	unbekannt
Microsoft Office Professional Plus 2010	Microsoft Corporation	30.11.2011		14.0.6029.1000				notwendig
Microsoft Silverlight	Microsoft Corporation	10.07.2013	100 MB	5.1.20513.0						notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	21.01.2010	1,72 MB	3.1.0000			unbekannt
Microsoft SQL Server Compact 3.5 SP1 English	Microsoft Corporation	21.01.2010	2,59 MB	3.5.5692.0			unbekannt
Microsoft SQL Server Compact 3.5 SP1 x64 English	Microsoft Corporation	21.01.2010	3,69 MB	3.5.5692.0			unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	03.02.2010	250 KB	8.0.50727.4053	unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	20.06.2011	300 KB	8.0.61001				unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	30.12.2011	2,06 MB	9.0.21022		unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	16.02.2012	234 KB	9.0.30729		unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	01.01.2012	600 KB	9.0.30729.6161		unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	03.02.2010	1,27 MB	4.20.9870.0		unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	03.02.2010	1,33 MB	4.20.9876.0		unbekannt
MusicStation	Omnifone	21.01.2010	21,4 MB	2.0.0.1067			unbekannt
MyHeritage Family Tree Builder	MyHeritage.com	30.12.2011		6.0.0.5634			notwendig
Norton Online Backup	Symantec Corporation	26.05.2013	9,01 MB	2.7.2.25			unnötig
NVIDIA Drivers	NVIDIA Corporation	26.11.2009		1.9	notwendig
Opera 11.50	Opera Software ASA	30.06.2011		11.50.1074				unnötig
Opera 12.16	Opera Software ASA	06.07.2013		12.16.1860				notwendig
PDFCreator	Frank Heindörfer, Philip Chinery	29.03.2010		0.9.9			notwendig
Pixlr-o-matic	UNKNOWN	09.10.2012		2.1	notwendig
PMB	Sony Corporation	21.01.2010	257 MB	5.0.00.10260					notwendig
PMB VAIO Edition Guide	Sony Corporation	21.01.2010	197 MB	1.0.00.09250			unbekannt	
PMB VAIO Edition plug-in (Click to Disc)	Sony Corporation	08.05.2010	188 MB	3.2.00.16060	unbekannt
PMB VAIO Edition plug-in (VAIO Image Optimizer)	Sony Corporation	26.11.2012	54,8 MB	1.2.00.15250	unbekannt
PMB VAIO Edition plug-in (VAIO Movie Story)	Sony Corporation	08.05.2010	69,4 MB	2.2.00.15250	unbekannt
PMB-Aktualisierungsprogramm	Sony Corporation	09.02.2011	63,5 MB	5.2.00.03250			unbekannt
Protector Suite 2009	UPEK Inc.	21.01.2010	120 MB	5.9.2.5746					unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	21.01.2010		6.0.1.5992	notwendig
Roxio Easy Media Creator 10 LJ	Roxio	21.01.2010	125 MB	10.3	unbekannt
SecureW2 EAP Suite 2.0.4 for Windows		19.05.2011		unbekannt
Setting Utility Series	Sony Corporation	21.01.2010		5.1.0.11200 unbekannt
Shrew Soft VPN Client		09.02.2010								notwendig
SimAquarium	grafio	07.05.2010									notwendig
Skype Click to Call	Skype Technologies S.A.	17.04.2012	10,0 MB	5.9.9216			unbekannt
Skype™ 6.3	Skype Technologies S.A.	22.07.2013	21,1 MB	6.3.107					notwendig
Sony Home Network Library	Sony Corporation	21.01.2010		2.0.2.12150		unbekannt
Sophos Anti-Virus	Sophos Limited	10.07.2013	70,8 MB	10.0.10					notwendig
Sophos AutoUpdate	Sophos Limited	08.08.2012	15,1 MB	2.7.4.317				notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	21.01.2010		14.0.10.0	notwendig
The Bat! International Pack v4.2.23	Ritlabs	18.03.2010	20,6 MB	4.2.23				notwendig
TheBat! Home v5.0.8	Ritlabs	11.04.2011	38,0 MB	5.0.8						notwendig
VAIO Care	Sony Corporation	06.12.2011		6.4.2.11150				notwendig
VAIO Content Metadata Intelligent Analyzing Manager	Sony Corporation	21.01.2010		3.6.0.09250		unbekannt
VAIO Content Metadata Intelligent Network Service Manager	Sony Corporation	21.01.2010		3.6.0.09080	unbekannt
VAIO Content Metadata Manager Settings	Sony Corporation	21.01.2010		3.6.0.09240				unbekannt
VAIO Content Metadata XML Interface Library	Sony Corporation	21.01.2010		3.6.0.09080			unbekannt
VAIO Control Center	Sony Corporation	26.11.2012		4.1.1.07160						unbekannt
VAIO Data Restore Tool	Sony Corporation	21.01.2010		1.2.0.09150						unbekannt
VAIO DVD Menu Data	Sony Corporation	21.01.2010		2.1.00.15050						unbekannt
VAIO Energie Verwaltung	Sony Corporation	21.01.2010		5.0.0.11300						notwendig
VAIO Entertainment Platform	Sony Corporation	21.01.2010		3.6.0.09150					unbekannt
VAIO Event Service	Sony Corporation	21.01.2010		5.1.0.11300						unbekannt
VAIO Gate	Sony Corporation	21.01.2010		1.2.0.09240	notwendig
VAIO Gate Default	Sony Corporation	21.01.2010		1.0.0.10290	notwendig
VAIO Marketing Tools	Sony Corporation	21.01.2010									unbekannt
VAIO Media plus	Sony Corporation	21.01.2010		2.0.1.10160							unbekannt
VAIO Media plus Opening Movie	Sony Corporation	21.01.2010		1.2.0.09100					unbekannt
VAIO Movie Story Template Data	Sony Corporation	21.01.2010	438 MB	2.2.00.15250					unbekannt
VAIO Original Funktion Einstellungen	Sony Corporation	21.01.2010		2.0.0.07010				unbekannt
VAIO Personalization Manager	Sony Corporation	21.01.2010		2.0.0.06220					unbekannt
VAIO Premium Partners	Sony Europe	21.01.2010		1.0								unbekannt
VAIO screensaver	Sony Europe	21.01.2010		1.0.0.0								notwendig
VAIO Smart Network	Sony Corporation	26.11.2012		3.3.1.08110						notwendig
VAIO Update	Sony Corporation	12.06.2013		6.2.1.03260							notwendig
VAIO Wallpaper Contents	Sony Corporation	21.01.2010		2.0.0.06010						notwendig
VAIO-Support für Übertragungen	Sony Corporation	30.06.2010		1.1.2.06030					unbekannt
VideoPad Videobearbeitungs-Software	NCH Software	06.07.2013								unbekannt
VLC media player 1.0.5	VideoLAN Team	03.04.2010		1.0.5								notwendig
WIDCOMM Bluetooth Software	Broadcom Corporation	25.11.2009	144 MB	6.2.1.500					notwendig
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)	Broadcom	21.01.2010		09/09/2009 6.2.0.9405	notwendig
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	21.01.2010		07/28/2009 6.2.0.9800	notwendig
Windows Live Essentials	Microsoft Corporation	06.07.2013		16.4.3508.0205			unnötig
Windows Live Sync	Microsoft Corporation	21.01.2010	2,79 MB	14.0.8089.726			unbekannt
WinRAR 4.01 (32-Bit)	win.rar GmbH	04.07.2011		4.01.0	notwendig
XnView 1.97.8	Gougelet Pierre-e	10.12.2010	8,17 MB	1.97.8	notwendig
         

Alt 31.07.2013, 12:27   #14
markusg
/// Malware-holic
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi,
es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig.

1.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Evernote
Google : beide unnötigen
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Media Gallery
Norton
VideoPad

Öffne bitte CCleaner, analysieren, starten, PC neustarten.

2.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

neustarten.

3.
Lade Hitmanpro:
HitmanPro - Download - Filepony

Doppelklicken, Scan klicken.
Nichts löschen, weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.b
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 14:49   #15
nubyk
 
Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Standard

Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei



Hi,

Schritt 1: durchgeführt
Schritt 2: durchgeführt, hier die Logdatei
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 31/07/2013 um 15:17:23 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Polly1701 - POLLY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Polly1701\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Polly1701\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll 
Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Polly1701\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Polly1701\AppData\Roaming\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Polly1701\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Opera v12.16.1860.0

Datei : C:\Users\Polly1701\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4177 octets] - [31/07/2013 15:17:23]

########## EOF - C:\AdwCleaner[S1].txt - [4237 octets] ##########
         
--- --- ---


Schritt 3: gescannt, angezeigt wurden die Scanergebnisse und die Meldung "Klicken Sie auf Weiter um die Schadsoftware zu entfernen" - ich hab erstmal nicht auf "weiter" geklickt (falls ich die Anweisung "nichts löschen" richtig verstanden habe?) und nur die Logdatei gespeichert

Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : POLLY
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Polly\Polly1701
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-31 15:27:51
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 346
   Traces  . . . . . . . : 346

   Objects scanned . . . : 1.762.761
   Files scanned . . . . : 47.239
   Remnants scanned  . . : 490.576 files / 1.224.946 keys

Malware _____________________________________________________________________

   C:\Users\Public\Documents\Install\ACD Systems\ACD Systems Canvas X KeyGenerator\Keygen.exe
      Size . . . . . . . : 50.176 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:53:59)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C19E0C6E617E12BD05BAC8E70B9D6916B7E768DAD827EFD5943F3716CBD74561
    > G Data . . . . . . : Gen:Variant.Kazy.6996
      Fuzzy  . . . . . . : 118.0

   C:\Users\Public\Documents\Install\Adobe Photoshop CS 8.0\crack\CRACK.EXE
      Size . . . . . . . : 36.312 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:53:57)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 0E1AF3B829DF94F4ECBA07A0B339103778FA031A100A873FDEF34BA41EDBC5E2
    > Ikarus . . . . . . : Virus.Win32.Virut!IK
      Fuzzy  . . . . . . : 110.0

   C:\Users\Public\Documents\Install\Media Player Classic 6.4.8.4 For Windows 2000, XP.exe
      Size . . . . . . . : 53.760 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:52:55)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7869525CA294882CA9330370F6891FA7EA8A7062E5CE20DC856767028F0E498D
    > G Data . . . . . . : Gen:Trojan.Heur.dmGfrbHHe2hcu
      Fuzzy  . . . . . . : 114.0

   C:\Users\Public\Documents\Install\Symantec AntiVirus Corporate Edition 10.0 [EN]\Rollout\AVServer\AMS2\WINNT\amsremote.exe
      Size . . . . . . . : 70.632 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:53:13)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : EF88D4511006E61DB5411FC8628C4F9C7113595FBF43D45EC7FE0FB85FC94596
    > G Data . . . . . . : Gen:Variant.Symmi.25404
      Fuzzy  . . . . . . : 106.0

   C:\Users\Public\Documents\Install\Symantec AntiVirus Corporate Edition 10.0 [EN]\Rollout\AVServer\CopySrv.exe
      Size . . . . . . . : 134.576 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:53:09)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 9CC3013FA879E0E4253B7DBEC2C95FD537105C40531BD9161F1F4BD436D555E2
    > G Data . . . . . . : Gen:Variant.Symmi.25404
      Fuzzy  . . . . . . : 106.0

   C:\Users\Public\Documents\Install\Symantec AntiVirus Corporate Edition 10.0 [EN]\Tools\Nosuprt\QuarDel\QuarDel.exe
      Size . . . . . . . : 58.376 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:53:02)
      Entropy  . . . . . : 5.0
      SHA-256  . . . . . : 85BE7BF1CBBAF21D381609A1C3C0B664D277F0E2DFDD5D38D6D6547966D7FA59
    > Ikarus . . . . . . : Rootkit.Win32.Agent!IK
      Fuzzy  . . . . . . : 106.0

   C:\Users\Public\Documents\Install\WinAmp\Plugins\SHOUTcast DSP 1.8.2.exe
      Size . . . . . . . : 36.312 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:52:59)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 3077DC4B329B5362380DDFF5E5F771DD01F9A3F16B335CF6AADF8775A9716C57
    > Ikarus . . . . . . : Virus.Win32.Virut!IK
      Fuzzy  . . . . . . : 110.0

   C:\Users\Public\Documents\Install\WinAmp\Plugins\Vorbis Decoder 1.17c.exe
      Size . . . . . . . : 35.800 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:53:00)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : B0C27597D63FF3A0B5E1E2CAF76210452DE386770E2D07A03D6317E3EB15E22A
    > Ikarus . . . . . . : Virus.Win32.Virut!IK
      Fuzzy  . . . . . . : 110.0

   C:\Users\Public\Documents\Install\WinAmp\WinAmp 3.0 Full.exe
      Size . . . . . . . : 36.992 bytes
      Age  . . . . . . . : 1234.6 days (2010-03-15 00:52:57)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 058F8454FE3B29448CF0C1C51FCD39B0BC3E3F5F5C07777AEE6195A4096F1B54
    > G Data . . . . . . : Gen:Trojan.Heur.GM.0020818020 (Engine-A)
    > Ikarus . . . . . . : Gen.Trojan!IK
      Fuzzy  . . . . . . : 110.0
         

Antwort

Themen zu Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei
100 euro, ahnung, anhang, bundespolizei, computer, dateien, euro, forum, funktioniert, funktioniert nicht, gelöst, gesperrt, laptop, meldung, neu, nichts, pup.optional.babylon.a, quarantäne, rechner, spyware.password, starten, system, win, win7



Ähnliche Themen: Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei


  1. GVU-Meldung: Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (15)
  2. GVU-Meldung: Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (24)
  3. Ihr Computer wurde gesperrt Meldung
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (8)
  4. Computer ist angeblich gesperrt und wird erst wieder entsperrt, wenn man Geld bezahlt.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  5. Bundespolizei Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (30)
  6. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Log-Analyse und Auswertung - 03.11.2012 (16)
  7. Computer gesperrt durch Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (19)
  8. PC angeblich gesperrt durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (6)
  9. Trojaner: Ihr Computer wurde gesperrt Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  10. (XPOST) Virus (angeblich GEMA) Computer wurde gesperrt. Was nun?
    Mülltonne - 12.09.2012 (1)
  11. Meldung: Computer gesperrt...Bundespolizei...OTL schon installiert
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (3)
  12. Bundespolizei Trojaner - Ihr Computer wurde gesperrt! + OTL Fehler (The event log file is corrupted.)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  13. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  14. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (14)
  15. http://www.trojaner-board.de/116052-bundespolizei-computer-wurde-gesperrt.html
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  16. Computer wurde gesperrt, Meldung der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  17. Trojaner der Bundespolizei, 100 Euro, Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)

Zum Thema Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei - Liebe Helfer! Gestern Abend hat sich mein Laptop einen Trojaner eingefangen. Der Computer wurde gesperrt, es kam eine Meldung angeblich vom BSI mit der Aufforderung 100 Euro zu bezahlen. Ich - Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei...
Archiv
Du betrachtest: Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.