Trojaner-Board - Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... (https://www.trojaner-board.de/127771-polizei-trojaner-osterreich-computer-wurde-gesperrt.html)

Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...

Hallo,

ich bin auch Opfer des Polizei-Trojaners geworden: Ich werde mit einem Logo der österreichischen Polizei aufgefordert, EUR 100 zum entspreren meines Rechners zu zahlen.

Ist das erste Mal unvermittelt aufgetaucht, das zweite Mal beim Starten, war nach Neustart dann aber wieder OK.

Anbei Malwarebytes Anti-Malware Log. Funde habe ich wie gebeten nicht gelöscht (sind die damit automatisch in Quarantäne?). XXX ist meiner Zensur zum Opfer gefallen...:

Code:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.12.03.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

XXX :: XXX [Administrator]
 

03.12.2012 12:23:09

mbam-log-2012-12-03 (14-04-43).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 467899

Laufzeit: 1 Stunde(n), 38 Minute(n), 17 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.

C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
 

(Ende)

Ich habe standardmäßig noch avast! Antivirus laufen, hat aber nicht alarmiert.

Vielen Dank für die Hilfe!
Tom

Hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Windows\system32\*.tsp

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Hallo,

danke für die rasche Antwort!

OLT.txt:

Code:

OTL logfile created on: 03.12.2012 15:59:50 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,63% Memory free

6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,75 Gb Total Space | 249,89 Gb Free Space | 56,06% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 9,56 Gb Free Space | 47,81% Space Free | Partition Type: FAT32

Drive Z: | 1832,31 Gb Total Space | 236,12 Gb Free Space | 12,89% Space Free | Partition Type: NTFS

 

Computer Name: XXX | User Name: XXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.03 15:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe

PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012.10.26 15:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program 
 

Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012.09.18 16:18:16 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

PRC - [2012.09.10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012.08.29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2012.03.23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

PRC - [2011.08.04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2011.03.14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2011.01.15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

PRC - [2010.08.15 20:40:19 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480
 

\Program\LogitechDesktopMessenger.exe

PRC - [2010.08.06 17:52:18 | 000,636,272 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\VideoBrowser\CameraMonitor.exe

PRC - [2010.02.11 09:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

PRC - [2009.11.04 14:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.12.12 07:31:10 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008.09.12 13:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008.09.12 13:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010.08.15 20:40:13 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll

MOD - [2010.07.01 19:27:10 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\VideoBrowser\pxl_m17n_tool.dll

MOD - [2010.02.11 09:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

MOD - [2009.09.03 10:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.11.21 01:38:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance 
 

Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! 
 

Antivirus)

SRV - [2012.10.14 20:34:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32
 

\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE 
 

-- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- 
 

(AllShare)

SRV - [2009.11.04 14:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)

SRV - [2009.09.27 17:55:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision 
 

Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.09.12 13:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 
 

-- (IAANTMON)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\1741.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (atikmdag)

DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- 
 

(aswMonFlt)

DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- 
 

(aswFsBlk)

DRV - [2011.05.17 15:44:44 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32
 

\drivers\libusb0.sys -- (libusb0)

DRV - [2011.03.30 12:54:32 | 001,073,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- 
 

(BCMH43XX)

DRV - [2010.09.07 13:27:22 | 000,028,672 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32
 

\drivers\PcaSp60.sys -- (PcaSp60)

DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- 
 

(nvlddmkm)

DRV - [2009.10.20 09:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- 
 

(NVHDA)

DRV - [2009.06.18 11:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)

DRV - [2009.04.10 21:06:28 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- 
 

(WSDScan)

DRV - [2008.11.21 08:53:44 | 000,220,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- 
 

(e1yexpress)

DRV - [2008.07.28 18:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys 
 

-- (athrusb)

DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- 
 

(WSDPrintDevice)

DRV - [2007.10.11 10:40:00 | 000,022,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MosIrUsb.sys -- (MosIrUsb)

DRV - [2007.01.19 17:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32
 

\drivers\SCMNdisP.sys -- (SCMNdisP)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:
 

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 4D C4 6B 31 D1 CD 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:
 

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_deAT340

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2

FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.4.8.6

FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.3

FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.1.1.5

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 48

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 
 

(Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.13 23:16:10 | 
 

000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:38:52 | 
 

000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 
 

000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 01:38:52 | 
 

000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | 
 

---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 01:38:52 | 
 

000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | 
 

---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:38:52 | 
 

000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 
 

| ---D | M]

 

[2009.08.12 23:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions

[2012.12.03 15:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions

[2012.10.27 07:34:40 | 000,000,000 | ---D | M] (Garmin Communicator) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010.05.16 15:47:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.15 06:03:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009.10.26 14:38:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012.12.03 15:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged

[2011.06.17 19:02:16 | 000,330,316 | ---- | M] () (No name found) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\personas@christopher.beard.xpi

[2012.11.12 13:53:43 | 000,342,379 | ---- | M] () (No name found) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2012.12.03 10:54:05 | 000,035,785 | ---- | M] () (No name found) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012.12.03 15:08:52 | 000,344,610 | ---- | M] () (No name found) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2012.12.03 15:08:51 | 000,035,614 | ---- | M] () (No name found) -- 
 

C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\staged\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012.11.21 01:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.11.21 01:38:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.06.24 16:55:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.24 16:55:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.24 16:55:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.24 16:55:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.24 16:55:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems 
 

Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft 
 

Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll 
 

(Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft 
 

Corporation)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 
 

Incorporated)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe 
 

Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)

O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)

O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKCU..\Run: [Polar Sync]  File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)

O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program 
 

Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 
 

94041)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 
 

Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 
 

Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems 
 

Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File 
 

not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft 
 

Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll 
 

(Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll 
 

(Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14
 

\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program 
 

Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program 
 

Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CCF756F-10CF-4D36-B786-1E3093552477}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FDBF888-4408-4BBC-A906-BB97E26FA47D}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4192B15E-52CF-4ACF-AC53-1BCEE47113EE}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BE7AF8A-FAD4-40FE-85A6-950352AB9CCC}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B7F60EF-5E7F-4675-A364-46B916C30733}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122CC82-279E-4949-AA9C-F6BC3BAE5C13}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-
 

8876480.dll (Logitech Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{3a621dc1-fb43-11e0-9ee1-0026f25911e4}\Shell - "" = AutoRun

O33 - MountPoints2\{3a621dc1-fb43-11e0-9ee1-0026f25911e4}\Shell\AutoRun\command - "" = J:\AutoRun.exe

O33 - MountPoints2\{3a621ddb-fb43-11e0-9ee1-00261865aa1f}\Shell - "" = AutoRun

O33 - MountPoints2\{3a621ddb-fb43-11e0-9ee1-00261865aa1f}\Shell\AutoRun\command - "" = J:\AutoRun.exe

O33 - MountPoints2\{8207a51b-8a4c-11de-a56f-00261865aa1f}\Shell - "" = AutoRun

O33 - MountPoints2\{8207a51b-8a4c-11de-a56f-00261865aa1f}\Shell\AutoRun\command - "" = J:\laucher.exe

O33 - MountPoints2\{e3ca6d05-49f7-11df-bb49-00261865aa1f}\Shell - "" = AutoRun

O33 - MountPoints2\{e3ca6d05-49f7-11df-bb49-00261865aa1f}\Shell\AutoRun\command - "" = J:\laucher.exe

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0D70DB0C-ADFD-B541-A147-04822989C0B9} - 

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {88802E62-4167-E049-E4DA-A422BEA2B05B} - Browser Customizations

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.03 15:57:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe

[2012.11.21 01:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.11.19 22:28:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe

[2012.11.19 21:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

[2012.11.13 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Mail_20121113

[2012.11.08 18:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.11.03 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.03 15:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe

[2012.12.03 15:23:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.03 15:07:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.03 14:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 14:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.03 13:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012.12.03 10:22:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.12.03 10:22:49 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.12.03 10:22:49 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.12.03 10:22:49 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.12.03 10:21:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.03 10:18:53 | 000,035,957 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.12.03 10:18:52 | 000,035,957 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.12.03 10:18:35 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.03 10:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.03 10:18:01 | 3211,972,608 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.03 10:14:58 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.11.21 01:17:36 | 000,205,824 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.11.19 22:28:10 | 000,000,782 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.11.18 18:40:04 | 001,725,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.11.13 23:16:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.11.03 22:56:26 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.19 22:28:10 | 000,000,782 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.11.19 22:28:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.11.03 22:56:26 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.08.25 09:56:03 | 000,002,048 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\cyberlabDESIGNER Prefs

[2012.03.16 21:56:36 | 000,047,104 | ---- | C] () -- C:\Windows\System32\AntUsbCIv2.dll

[2011.11.25 21:35:53 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Local\PUTTY.RND

[2010.12.18 16:27:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010.08.08 18:24:22 | 000,001,356 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat

[2010.06.20 20:22:00 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat

[2010.04.10 18:35:53 | 000,024,206 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\UserTile.png

[2009.10.05 22:25:00 | 000,001,024 | ---- | C] () -- C:\Users\XXX\.rnd

[2009.08.13 00:35:33 | 000,205,824 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.07.13 09:33:43 | 000,035,957 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.07.13 09:33:43 | 000,035,957 | ---- | C] () -- C:\ProgramData\nvModes.001

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2009.10.04 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AccumulatedSummary

[2009.09.02 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Aventail

[2011.12.26 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\becker

[2011.01.16 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CalculatedFieldsPlugin

[2012.10.02 22:20:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon

[2012.08.25 09:55:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\cyberlabDESIGNER

[2010.12.04 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.06.26 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla

[2012.11.21 01:11:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Free Download Manager

[2012.05.24 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GARMIN

[2010.06.28 18:36:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Geogrid

[2010.03.01 23:31:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HighScorePlugin

[2012.11.04 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JOSM

[2010.12.04 09:59:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mp3tag

[2009.12.08 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mquadr.at

[2011.05.12 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Open XML Editor

[2009.09.29 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OverlayPlugin

[2010.04.10 18:35:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PeerNetworking

[2009.09.29 21:18:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PerformancePredictorPlugin

[2012.01.31 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Scan2PDF

[2009.08.16 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2009.08.12 08:32:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2009.06.02 09:58:21 | 000,000,000 | -HSD | M] -- C:\Boot

[2009.08.12 08:28:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.06.02 10:09:15 | 000,000,000 | ---D | M] -- C:\Intel

[2009.07.02 16:26:08 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011.06.26 18:17:14 | 000,000,000 | ---D | M] -- C:\PCShareManagerUpload

[2012.12.03 10:53:52 | 000,000,000 | ---D | M] -- C:\Program Files

[2012.12.03 10:14:59 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.08.12 08:28:24 | 000,000,000 | -HSD | M] -- C:\Programme

[2010.04.07 23:34:46 | 000,000,000 | RHSD | M] -- C:\RECYCLER

[2012.12.03 16:01:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.08.12 08:32:22 | 000,000,000 | R--D | M] -- C:\Users

[2012.11.13 23:16:09 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2009.04.10 22:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.08.13 06:19:07 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2009.08.13 06:19:07 | 000,001,118 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2011.03.28 18:10:08 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job

[2012.10.14 20:34:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32
 

\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32
 

\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 
 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 
 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32
 

\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32
 

\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 
 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32
 

\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 
 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32
 

\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- 
 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32
 

\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- 
 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-
 

cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-
 

explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-
 

explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-
 

explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-
 

explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-
 

explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2008.09.12 12:48:26 | 000,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Program Files\Intel\Intel Matrix Storage 
 

Manager\driver64\IaStor.sys

[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files\Intel\Intel Matrix Storage 
 

Manager\driver\IaStor.sys

[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys

[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32
 

\DriverStore\FileRepository\iaahci.inf_3c4af4a0\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32
 

\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 
 

C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32
 

\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-
 

security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32
 

\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32
 

\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 
 

C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-
 

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-
 

user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-
 

userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-
 

winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-
 

w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2009.10.05 22:25:02 | 000,001,024 | ---- | M] () -- C:\Users\XXX\.rnd

[2012.12.03 15:59:30 | 005,767,168 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT

[2012.12.03 15:59:30 | 000,262,144 | -H-- | M] () -- C:\Users\XXX\ntuser.dat.LOG1

[2009.08.12 08:32:23 | 000,000,000 | -H-- | M] () -- C:\Users\XXX\ntuser.dat.LOG2

[2012.12.03 10:15:12 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2012.12.03 10:15:12 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-
 

ms

[2009.08.12 08:33:09 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-
 

ms

[2009.08.12 08:32:23 | 000,000,020 | -HS- | M] () -- C:\Users\XXX\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
                 USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows 
 

SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 
 

ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 03.12.2012 15:59:50 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,63% Memory free

6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,75 Gb Total Space | 249,89 Gb Free Space | 56,06% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 9,56 Gb Free Space | 47,81% Space Free | Partition Type: FAT32

Drive Z: | 1832,31 Gb Total Space | 236,12 Gb Free Space | 12,89% Space Free | Partition Type: NTFS

 

Computer Name: XXX | User Name: XXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Value error.

https [open] -- Reg Error: Value error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Directory [Saturn Picture Center] -- "C:\Program Files\Saturn\Saturn Picture Center\Saturn Picture Center.exe" "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7
 

\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7
 

\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02216ECA-F0BD-47AE-A7E0-59906D24F4FC}" = rport=139 | protocol=6 | dir=out | app=system | 

"{4DB720EF-2D95-477E-8382-7904BE5489E3}" = rport=445 | protocol=6 | dir=out | app=system | 

"{5467AE89-C88C-4401-AFEE-C6C879C0BE29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{59D0B8FB-9550-4237-A990-35208A68B3CB}" = lport=445 | protocol=6 | dir=in | app=system | 

"{5F748D5F-EB2F-4E4B-A5D8-2D50236F707F}" = lport=137 | protocol=17 | dir=in | app=system | 

"{67C815EE-0548-47DF-B611-8D45E06EEB7D}" = rport=137 | protocol=17 | dir=out | app=system | 

"{6A5AFF9F-3F56-490A-B160-20CD5C532A90}" = rport=138 | protocol=17 | dir=out | app=system | 

"{78B0D2B2-9B77-431F-8EB6-8F0A21BCF4CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{A738D662-A040-4F6B-916A-F957A4980F7F}" = lport=138 | protocol=17 | dir=in | app=system | 

"{C07E89B5-B71A-442F-8FAA-D3485AC0476B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

"{C88796E8-61A9-4588-B87D-4B31B590931A}" = lport=4004 | protocol=6 | dir=in | name=medienmanager tcp port | 

"{C9D585EB-DF2F-4694-A4E6-BEA9B34BC6C9}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D369CB1F-8EB0-4E87-BD41-38849211A8D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{E75CD32D-8863-455F-B0A9-3E9413F66C3C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{EBEC3F50-DC74-4D9C-8C6B-72934460FBF0}" = lport=1900 | protocol=17 | dir=in | name=medienmanager upnp broadcast | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08BA13BA-84FF-414F-9E76-7A895DFB8745}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\rescue.exe | 

"{17686534-6664-4944-9527-44C98E90A5E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{3861E82F-997E-4FA0-B36F-2206F10FFB79}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe 
 

| 

"{536DAFAC-341C-476F-8586-00F12970C713}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{54184224-55EA-406D-84F0-F1D8C79E64F3}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe 
 

| 

"{5B135F37-79F3-4030-82F3-2D237BE42582}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 

"{60ECD0FD-A078-4D36-B751-87A1839DB7C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{6338BDB5-1C23-4539-B897-7F5309827C01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{63DCC56F-2601-4D34-99A3-531B2770C6A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6C7CC989-02E3-47AE-88AB-8CCE7D22161A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6D4FE27D-D3CF-4204-9A4E-95614EAE19CB}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{6DE0AC03-7D54-4C4A-85E0-D7B8562E3BB1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{76F50E97-8B5A-4499-86C3-3A1867314BA4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 

"{80118167-EBA5-4B9F-9E05-01E477988076}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\rescue.exe | 

"{87DB2A85-FE93-426A-AF46-3575C8228655}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{8A43B7B4-AE58-4240-8F2C-B48A0C346B6C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 

"{8CED8582-53A0-4A52-8D81-5073D83FE13E}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\qiswizard.exe | 

"{8CF7402F-27AC-4E0B-ADB8-F00CC1A428B2}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480
 

\program\logitechdesktopmessenger.exe | 

"{8D06FD49-23CB-45DE-B15D-8B3A41A252EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{90398EC4-6B96-4628-BDD7-2905BA8F672E}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\qiswizard.exe | 

"{9A4F847C-E120-4D25-AA07-1C0EC55DB03A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480
 

\program\logitechdesktopmessenger.exe | 

"{9CDD64E5-6578-4570-8860-AD0EED42C5EB}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\discovery.exe | 

"{AC541F4A-B9A3-45C5-AA83-759114556CBF}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\discovery.exe | 

"{ADC49351-0F12-493C-86D4-60B893A2C7EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{B291244A-9340-44E2-B9C0-CF8C99957484}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{BFC87E5E-2FB9-4A66-B573-BF2852CF2EBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{CD3C9DEA-42C5-4CFB-9E32-4904F6A8433D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 

"{F9096CE8-DEC5-4851-A301-AA8FDD82F363}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{FD3F4062-D454-4E84-B49C-5BF6A6615282}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"TCP Query User{021B1ADE-632F-42C8-A270-87D8193F3358}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet 
 

explorer\iexplore.exe | 

"TCP Query User{0BC970A0-E7D1-4A87-B314-555E8A346200}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6
 

\bin\javaw.exe | 

"TCP Query User{2FF3D845-FD9A-407D-B76E-DEF2F3EB4B21}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe 
 

| 

"TCP Query User{595AB770-E329-47E9-85A1-B30FF2C5E8BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6
 

\bin\javaw.exe | 

"TCP Query User{8170F382-BADA-4C2C-AB04-E914D8516511}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free 
 

download manager\fdm.exe | 

"TCP Query User{92B83349-FE36-4EC0-B1FB-984581D895A4}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free 
 

download manager\fdm.exe | 

"TCP Query User{C2FF3E64-3ECB-4961-BB38-41A3B45B2227}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6
 

\bin\java.exe | 

"TCP Query User{CC48E522-83BD-4704-ABB0-F1D3F3256C64}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program 
 

files\qnap\finder\finder.exe | 

"TCP Query User{F2C01355-2752-416C-ABC6-220FF2283874}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7
 

\bin\javaw.exe | 

"TCP Query User{F5D3E301-B51C-4ECD-8318-7F0E78005AD4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program 
 

files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{FD0AC802-5C1E-48B6-B4A4-D0154D7522A5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | 
 

dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 

"UDP Query User{0820A41C-CD78-46BE-90FA-63A3B8446F53}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6
 

\bin\javaw.exe | 

"UDP Query User{1F962526-C1E5-4D07-995D-6364DBE5625B}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program 
 

files\qnap\finder\finder.exe | 

"UDP Query User{218C8C0A-84F6-4306-A355-DB00A5C2F2B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6
 

\bin\javaw.exe | 

"UDP Query User{281B65D9-8879-45F1-B93C-F88416E30C42}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program 
 

files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{2CE647DF-6669-47C5-B1CC-9DBC3125E8F5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program 
 

files\videolan\vlc\vlc.exe | 

"UDP Query User{34C4ED0B-DBB3-4EC4-A66F-CFB0DF92079A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6
 

\bin\java.exe | 

"UDP Query User{5C52D926-3385-4AD0-930E-BF376D928ED0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet 
 

explorer\iexplore.exe | 

"UDP Query User{61A6C1B7-4312-4570-A8E7-DC8F6C990005}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free 
 

download manager\fdm.exe | 

"UDP Query User{7F95743E-958C-49DA-BDD0-EC22E13013E5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 
 

| dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 

"UDP Query User{9279885D-4AE5-4ADA-8C90-2B8EF676C7B9}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free 
 

download manager\fdm.exe | 

"UDP Query User{A20271DA-771F-4AB7-A030-FF3AE590A9FE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7
 

\bin\javaw.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers

"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3

"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager

"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)

"{38365E47-3DD2-41F4-827B-F4CF7C8EF8B3}" = Garmin BaseCamp

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}" = Garmin MapInstall

"{617FB820-123E-4A9C-A97F-9238B5878487}" = AMap Fly 5.0

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer

"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6

"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call

"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7

"{88CA8932-7987-4D7A-BEE3-227BDB3CA888}" = ASUS RT-N66U Wireless Router Utilities

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync

"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010

"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010

"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 
 

(SP1)

"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010

"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 
 

(SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource

"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B6D17D97-44CE-402E-BBF2-B38492CBFED7}" = Garmin ANT Agent

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{C7ECF049-5398-4D99-A733-6D67052308CC}" = Geogrid®-Viewer

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D79DC615-EC9F-4EFA-9482-5911168D8F32}" = VideoBrowser

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials

"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10

"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F57DADA5-BF42-4AA8-9992-2F6B63F4F3AB}" = Garmin Training Center

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)

"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)

"AC3ACM" = AC-3 ACM Codec

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"avast" = avast! Free Antivirus

"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data

"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data

"Canon MG6200 series Benutzerregistrierung" = Canon MG6200 series Benutzerregistrierung

"Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CCleaner" = CCleaner

"CobBackup10" = Cobian Backup 10

"Content Manager 2" = Content Manager 2

"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]

"FileZilla Client" = FileZilla Client 3.2.7.1

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free Download Manager_is1" = Free Download Manager 3.0

"Google Updater" = Google Updater

"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager

"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility

"JDownloader" = JDownloader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"Mp3tag" = Mp3tag v2.47b

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Open XML Editor" = Open XML Editor

"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2

"Picasa 3" = Picasa 3

"PROSetDX" = Intel(R) Network Connections 13.5.32.0

"QNAP_FINDER" = QNAP Finder

"QNAP_NASNetBak" = QNAP NetBak Replicator

"Saturn Picture Center" = Saturn Picture Center

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 2.0.4

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"cyberlabDESIGNER" = cyberlabDESIGNER

"JOSM" = JOSM

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:13 | Computer Name = XXX| Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013

Description = 

 

[ Cobian Backup Boletus VSC Service Events ]

Error - 17.11.2010 20:24:43 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0

Description = Timeout für den Vorgang wurde überschritten.

 

Error - 17.12.2010 20:03:54 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0

Description = The creation of a shadow copy is already in progress.

 

Error - 10.01.2011 20:23:51 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0

Description = Timeout für den Vorgang wurde überschritten.

 

[ System Events ]

Error - 16.11.2012 10:35:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 16.11.2012 10:35:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 16.11.2012 10:41:23 | Computer Name = XXX | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 16.11.2012 10:41:23 | Computer Name = XXX | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 18.11.2012 13:39:32 | Computer Name = XXX | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00261865AA1F zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%258. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 18.11.2012 13:40:44 | Computer Name = XXX | Source = DCOM | ID = 10016

Description = 

 

Error - 03.12.2012 04:36:43 | Computer Name = XXX | Source = DCOM | ID = 10016

Description = 

 

Error - 03.12.2012 04:36:44 | Computer Name = XXX | Source = DCOM | ID = 10016

Description = 

 

Error - 03.12.2012 05:19:30 | Computer Name = XXX | Source = DCOM | ID = 10016

Description = 

 

Error - 03.12.2012 05:19:40 | Computer Name = XXX | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

Vielen Dank Tom

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

:OTL

O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)

 :Files

:Commands

[EMPTYFLASH] 

[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

Vielen Dank, hier ist der Log:

Code:

All processes killed

========== OTL ==========

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.

C:\ProgramData\lsass.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 56516 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: ***

->Flash cache emptied: 58694 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: ***

->Temp folder emptied: 199002653 bytes

->Temporary Internet Files folder emptied: 236191057 bytes

->Java cache emptied: 16550337 bytes

->FireFox cache emptied: 69706060 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 12288 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 27183370 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 523,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12042012_230929
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Ich habe mir jetzt auch noch die letzten Logs angesehen und frage mich was mit

Code:

[2012.11.19 22:28:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

ist? Gehört die evtl. auch entfernt? Sorry für die viell. unqualifizierte Frage.

Danke Tom

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Vielen Dank.

Hier der Log:

Code:

ComboFix 12-12-04.01 - *** 06.12.2012  20:02:15.1.8 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3062.1508 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\dsgsdgdsgdsgw.pad

c:\users\***\AppData\Local\assembly\tmp

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-06 bis 2012-12-06  ))))))))))))))))))))))))))))))

.

.

2012-12-06 19:11 . 2012-12-06 19:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-05 01:19 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{590802BB-B754-4EE6-9FF5-07F87AB11D6E}\mpengine.dll

2012-12-04 22:09 . 2012-12-04 22:09        --------        d-----w-        C:\_OTL

2012-11-16 05:14 . 2012-09-25 16:19        75776        ----a-w-        c:\windows\system32\synceng.dll

2012-11-16 05:13 . 2012-10-12 14:29        2047488        ----a-w-        c:\windows\system32\win32k.sys

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-08 17:04 . 2012-11-08 17:04        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-03-30 05:17        738504        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-01-23 18:21        361032        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-01-23 18:21        35928        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2011-01-23 18:21        54232        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-01-23 18:21        58680        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2011-01-23 18:21        21256        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-01-23 18:20        41224        ----a-w-        c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-01-23 18:20        227648        ----a-w-        c:\windows\system32\aswBoot.exe

2012-10-25 02:12 . 2012-10-25 02:12        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2012-10-14 19:58 . 2012-10-14 19:58        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2012-10-14 19:57 . 2012-10-14 19:59        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-10-14 19:57 . 2011-09-18 17:22        746984        ----a-w-        c:\windows\system32\deployJava1.dll

2012-10-14 19:34 . 2012-04-16 18:41        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-10-14 19:34 . 2011-06-17 18:10        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 18:54 . 2009-08-16 21:19        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-13 13:28 . 2012-10-10 10:43        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-11-21 00:38 . 2012-11-21 00:38        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50        121528        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]

"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]

"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-29 981656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]

"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-2-4 25214]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-8-15 66864]

NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-10-9 3280896]

VideoBrowser Camera Monitor.lnk - c:\program files\PIXELA\VideoBrowser\CameraMonitor.exe [2012-6-17 636272]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:34]

.

2012-12-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-12 19:19]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 05:15]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 05:15]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm

IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4

TCP: DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\

FF - ExtSQL: !HIDDEN! 2009-07-02 17:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-Polar Sync - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-12-06 20:14

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

  Polar Sync = ?:\program files\polar\polar sync\????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\1741.tmp"

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-12-06  20:20:43 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-12-06 19:20

.

Vor Suchlauf: 7 Verzeichnis(se), 268.525.289.472 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 268.424.744.960 Bytes frei

.

- - End Of File - - DD136DA883D5FCEDA6D949DAACE293A7

Hi,
Anmerkung, bin von Morgen, bis Mittwoch im Urlaub.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Danke danke danke.

TDSS killer Log

Code:

21:20:26.0164 0536  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

21:20:26.0336 0536  ============================================================

21:20:26.0336 0536  Current date / time: 2012/12/06 21:20:26.0336

21:20:26.0336 0536  SystemInfo:

21:20:26.0336 0536  

21:20:26.0336 0536  OS Version: 6.0.6002 ServicePack: 2.0

21:20:26.0336 0536  Product type: Workstation

21:20:26.0336 0536  ComputerName: ***

21:20:26.0336 0536  UserName: ***

21:20:26.0336 0536  Windows directory: C:\Windows

21:20:26.0336 0536  System windows directory: C:\Windows

21:20:26.0336 0536  Processor architecture: Intel x86

21:20:26.0336 0536  Number of processors: 8

21:20:26.0336 0536  Page size: 0x1000

21:20:26.0336 0536  Boot type: Normal boot

21:20:26.0336 0536  ============================================================

21:20:26.0726 0536  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:20:26.0741 0536  Drive \Device\Harddisk1\DR1 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:20:26.0741 0536  ============================================================

21:20:26.0741 0536  \Device\Harddisk0\DR0:

21:20:26.0741 0536  MBR partitions:

21:20:26.0741 0536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B7F800

21:20:26.0772 0536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8030D, BlocksNum 0x2804934

21:20:26.0772 0536  \Device\Harddisk1\DR1:

21:20:26.0772 0536  MBR partitions:

21:20:26.0772 0536  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A0FC1

21:20:26.0772 0536  ============================================================

21:20:26.0835 0536  C: <-> \Device\Harddisk0\DR0\Partition1

21:20:26.0835 0536  D: <-> \Device\Harddisk0\DR0\Partition2

21:20:26.0835 0536  ============================================================

21:20:26.0835 0536  Initialize success

21:20:26.0835 0536  ============================================================

21:20:47.0380 4144  ============================================================

21:20:47.0380 4144  Scan started

21:20:47.0380 4144  Mode: Manual; SigCheck; TDLFS; 

21:20:47.0380 4144  ============================================================

21:20:47.0692 4144  ================ Scan system memory ========================

21:20:47.0692 4144  System memory - ok

21:20:47.0692 4144  ================ Scan services =============================

21:20:48.0378 4144  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

21:20:48.0488 4144  ACPI - ok

21:20:48.0644 4144  [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

21:20:48.0675 4144  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

21:20:48.0675 4144  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

21:20:48.0753 4144  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:20:48.0768 4144  AdobeFlashPlayerUpdateSvc - ok

21:20:48.0831 4144  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

21:20:48.0846 4144  adp94xx - ok

21:20:48.0893 4144  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

21:20:48.0909 4144  adpahci - ok

21:20:48.0924 4144  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

21:20:48.0940 4144  adpu160m - ok

21:20:48.0956 4144  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

21:20:48.0971 4144  adpu320 - ok

21:20:49.0002 4144  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

21:20:49.0034 4144  AeLookupSvc - ok

21:20:49.0080 4144  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

21:20:49.0096 4144  AFD - ok

21:20:49.0158 4144  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

21:20:49.0174 4144  agp440 - ok

21:20:49.0190 4144  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

21:20:49.0205 4144  aic78xx - ok

21:20:49.0205 4144  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

21:20:49.0252 4144  ALG - ok

21:20:49.0268 4144  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

21:20:49.0283 4144  aliide - ok

21:20:50.0438 4144  [ AAA1F9D4CF4C976C21BCA8AFA2BAE6A4 ] AllShare        C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

21:20:50.0656 4144  AllShare ( UnsignedFile.Multi.Generic ) - warning

21:20:50.0656 4144  AllShare - detected UnsignedFile.Multi.Generic (1)

21:20:50.0703 4144  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

21:20:50.0703 4144  amdagp - ok

21:20:50.0718 4144  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

21:20:50.0734 4144  amdide - ok

21:20:50.0781 4144  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

21:20:50.0812 4144  AmdK7 - ok

21:20:50.0828 4144  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

21:20:50.0843 4144  AmdK8 - ok

21:20:50.0890 4144  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

21:20:50.0921 4144  Appinfo - ok

21:20:50.0984 4144  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:20:50.0984 4144  Apple Mobile Device - ok

21:20:51.0015 4144  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

21:20:51.0030 4144  arc - ok

21:20:51.0046 4144  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

21:20:51.0062 4144  arcsas - ok

21:20:51.0093 4144  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys

21:20:51.0108 4144  aswFsBlk - ok

21:20:51.0155 4144  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys

21:20:51.0155 4144  aswMonFlt - ok

21:20:51.0186 4144  [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys

21:20:51.0202 4144  aswRdr - ok

21:20:51.0249 4144  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys

21:20:51.0280 4144  aswSnx - ok

21:20:51.0296 4144  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys

21:20:51.0311 4144  aswSP - ok

21:20:51.0374 4144  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys

21:20:51.0389 4144  aswTdi - ok

21:20:51.0420 4144  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

21:20:51.0452 4144  AsyncMac - ok

21:20:51.0498 4144  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

21:20:51.0498 4144  atapi - ok

21:20:51.0561 4144  [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb         C:\Windows\system32\DRIVERS\athrusb.sys

21:20:51.0608 4144  athrusb - ok

21:20:51.0639 4144  atikmdag - ok

21:20:51.0686 4144  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:20:51.0701 4144  AudioEndpointBuilder - ok

21:20:51.0701 4144  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

21:20:51.0717 4144  Audiosrv - ok

21:20:51.0779 4144  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

21:20:51.0779 4144  avast! Antivirus - ok

21:20:51.0857 4144  [ BA8494FE6EE119AAD2505A57058B282E ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh6.sys

21:20:51.0904 4144  BCMH43XX - ok

21:20:51.0966 4144  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

21:20:52.0044 4144  Beep - ok

21:20:52.0060 4144  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

21:20:52.0107 4144  BFE - ok

21:20:52.0263 4144  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll

21:20:52.0310 4144  BITS - ok

21:20:52.0356 4144  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

21:20:52.0372 4144  blbdrive - ok

21:20:52.0466 4144  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:20:52.0481 4144  Bonjour Service - ok

21:20:52.0528 4144  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

21:20:52.0544 4144  bowser - ok

21:20:52.0575 4144  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

21:20:52.0606 4144  BrFiltLo - ok

21:20:52.0606 4144  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

21:20:52.0668 4144  BrFiltUp - ok

21:20:52.0684 4144  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

21:20:52.0731 4144  Browser - ok

21:20:52.0731 4144  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

21:20:52.0824 4144  Brserid - ok

21:20:52.0840 4144  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

21:20:52.0887 4144  BrSerWdm - ok

21:20:52.0887 4144  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

21:20:52.0949 4144  BrUsbMdm - ok

21:20:52.0965 4144  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

21:20:53.0012 4144  BrUsbSer - ok

21:20:53.0027 4144  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

21:20:53.0058 4144  BTHMODEM - ok

21:20:53.0074 4144  catchme - ok

21:20:53.0105 4144  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

21:20:53.0136 4144  cdfs - ok

21:20:53.0152 4144  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

21:20:53.0183 4144  cdrom - ok

21:20:53.0230 4144  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

21:20:53.0246 4144  CertPropSvc - ok

21:20:53.0261 4144  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys

21:20:53.0292 4144  circlass - ok

21:20:53.0308 4144  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

21:20:53.0324 4144  CLFS - ok

21:20:53.0386 4144  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:20:53.0386 4144  clr_optimization_v2.0.50727_32 - ok

21:20:53.0464 4144  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:20:53.0464 4144  clr_optimization_v4.0.30319_32 - ok

21:20:53.0495 4144  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

21:20:53.0495 4144  cmdide - ok

21:20:53.0511 4144  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

21:20:53.0526 4144  Compbatt - ok

21:20:53.0526 4144  COMSysApp - ok

21:20:53.0526 4144  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

21:20:53.0542 4144  crcdisk - ok

21:20:53.0542 4144  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

21:20:53.0573 4144  Crusoe - ok

21:20:53.0620 4144  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

21:20:53.0651 4144  CryptSvc - ok

21:20:53.0698 4144  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

21:20:53.0729 4144  DcomLaunch - ok

21:20:53.0760 4144  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

21:20:53.0807 4144  DfsC - ok

21:20:53.0885 4144  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

21:20:54.0057 4144  DFSR - ok

21:20:54.0166 4144  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

21:20:54.0182 4144  Dhcp - ok

21:20:54.0228 4144  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

21:20:54.0228 4144  disk - ok

21:20:54.0275 4144  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

21:20:54.0306 4144  Dnscache - ok

21:20:54.0338 4144  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

21:20:54.0353 4144  dot3svc - ok

21:20:54.0384 4144  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

21:20:54.0400 4144  DPS - ok

21:20:54.0447 4144  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

21:20:54.0478 4144  drmkaud - ok

21:20:54.0525 4144  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

21:20:54.0540 4144  DXGKrnl - ok

21:20:54.0618 4144  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

21:20:54.0650 4144  E1G60 - ok

21:20:54.0696 4144  [ 64A6CF14DE229B0EDCD21FDB923E0B03 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys

21:20:54.0712 4144  e1yexpress - ok

21:20:54.0759 4144  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

21:20:54.0790 4144  EapHost - ok

21:20:54.0852 4144  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

21:20:54.0868 4144  Ecache - ok

21:20:54.0899 4144  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

21:20:54.0915 4144  ehRecvr - ok

21:20:54.0930 4144  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

21:20:54.0946 4144  ehSched - ok

21:20:54.0962 4144  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

21:20:54.0977 4144  ehstart - ok

21:20:55.0024 4144  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

21:20:55.0055 4144  elxstor - ok

21:20:55.0118 4144  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

21:20:55.0164 4144  EMDMgmt - ok

21:20:55.0180 4144  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

21:20:55.0211 4144  ErrDev - ok

21:20:55.0258 4144  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

21:20:55.0289 4144  EventSystem - ok

21:20:55.0336 4144  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

21:20:55.0352 4144  exfat - ok

21:20:55.0383 4144  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

21:20:55.0398 4144  fastfat - ok

21:20:55.0445 4144  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

21:20:55.0461 4144  fdc - ok

21:20:55.0492 4144  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

21:20:55.0508 4144  fdPHost - ok

21:20:55.0523 4144  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

21:20:55.0554 4144  FDResPub - ok

21:20:55.0586 4144  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

21:20:55.0601 4144  FileInfo - ok

21:20:55.0617 4144  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

21:20:55.0648 4144  Filetrace - ok

21:20:55.0726 4144  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:20:55.0757 4144  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

21:20:55.0757 4144  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

21:20:55.0788 4144  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

21:20:55.0820 4144  flpydisk - ok

21:20:55.0835 4144  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

21:20:55.0851 4144  FltMgr - ok

21:20:55.0929 4144  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

21:20:55.0960 4144  FontCache - ok

21:20:56.0022 4144  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:20:56.0038 4144  FontCache3.0.0.0 - ok

21:20:56.0085 4144  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

21:20:56.0132 4144  Fs_Rec - ok

21:20:56.0147 4144  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

21:20:56.0163 4144  gagp30kx - ok

21:20:56.0178 4144  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:20:56.0194 4144  GEARAspiWDM - ok

21:20:56.0210 4144  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

21:20:56.0241 4144  gpsvc - ok

21:20:56.0303 4144  [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys

21:20:56.0303 4144  grmnusb - ok

21:20:56.0428 4144  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca1bd5bdf912d C:\Program Files\Google\Update\GoogleUpdate.exe

21:20:56.0444 4144  gupdate1ca1bd5bdf912d - ok

21:20:56.0459 4144  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

21:20:56.0475 4144  gupdatem - ok

21:20:56.0506 4144  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

21:20:56.0522 4144  gusvc - ok

21:20:56.0568 4144  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:20:56.0600 4144  HdAudAddService - ok

21:20:56.0631 4144  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

21:20:56.0693 4144  HDAudBus - ok

21:20:56.0724 4144  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

21:20:56.0756 4144  HidBth - ok

21:20:56.0802 4144  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

21:20:56.0880 4144  HidIr - ok

21:20:56.0943 4144  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll

21:20:57.0005 4144  hidserv - ok

21:20:57.0021 4144  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

21:20:57.0052 4144  HidUsb - ok

21:20:57.0083 4144  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

21:20:57.0114 4144  hkmsvc - ok

21:20:57.0146 4144  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

21:20:57.0161 4144  HpCISSs - ok

21:20:57.0192 4144  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

21:20:57.0224 4144  HTTP - ok

21:20:57.0317 4144  hwdatacard - ok

21:20:57.0348 4144  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

21:20:57.0364 4144  i2omp - ok

21:20:57.0411 4144  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

21:20:57.0426 4144  i8042prt - ok

21:20:57.0598 4144  [ 0D16E362B66A0C1D01B015F517129D13 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

21:20:57.0707 4144  IAANTMON - ok

21:20:57.0879 4144  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

21:20:57.0894 4144  iaStor - ok

21:20:58.0082 4144  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

21:20:58.0160 4144  iaStorV - ok

21:20:58.0394 4144  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:20:58.0472 4144  idsvc - ok

21:20:58.0503 4144  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

21:20:58.0518 4144  iirsp - ok

21:20:58.0534 4144  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

21:20:58.0581 4144  IKEEXT - ok

21:20:58.0674 4144  [ 8832E6BE80EDFD3AFCF9241AA982AD3C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

21:20:58.0877 4144  IntcAzAudAddService - ok

21:20:58.0940 4144  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

21:20:58.0955 4144  intelide - ok

21:20:59.0018 4144  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

21:20:59.0080 4144  intelppm - ok

21:20:59.0142 4144  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

21:20:59.0205 4144  IPBusEnum - ok

21:20:59.0220 4144  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:20:59.0252 4144  IpFilterDriver - ok

21:20:59.0283 4144  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

21:20:59.0314 4144  iphlpsvc - ok

21:20:59.0314 4144  IpInIp - ok

21:20:59.0345 4144  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

21:20:59.0376 4144  IPMIDRV - ok

21:20:59.0376 4144  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

21:20:59.0423 4144  IPNAT - ok

21:20:59.0439 4144  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

21:20:59.0470 4144  iPod Service - ok

21:20:59.0486 4144  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys

21:20:59.0501 4144  irda - ok

21:20:59.0517 4144  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

21:20:59.0548 4144  IRENUM - ok

21:20:59.0564 4144  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll

21:20:59.0626 4144  Irmon - ok

21:20:59.0657 4144  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

21:20:59.0673 4144  isapnp - ok

21:20:59.0704 4144  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

21:20:59.0720 4144  iScsiPrt - ok

21:20:59.0735 4144  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

21:20:59.0735 4144  iteatapi - ok

21:20:59.0751 4144  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

21:20:59.0766 4144  iteraid - ok

21:20:59.0782 4144  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

21:20:59.0782 4144  kbdclass - ok

21:20:59.0813 4144  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

21:20:59.0844 4144  kbdhid - ok

21:20:59.0876 4144  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

21:20:59.0922 4144  KeyIso - ok

21:20:59.0954 4144  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

21:20:59.0969 4144  KSecDD - ok

21:21:00.0032 4144  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

21:21:00.0094 4144  KtmRm - ok

21:21:00.0125 4144  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll

21:21:00.0172 4144  LanmanServer - ok

21:21:00.0234 4144  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:21:00.0266 4144  LanmanWorkstation - ok

21:21:00.0312 4144  [ CB5D13966F74D7F000724A907F614193 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys

21:21:00.0328 4144  libusb0 - ok

21:21:00.0344 4144  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

21:21:00.0390 4144  lltdio - ok

21:21:00.0437 4144  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

21:21:00.0484 4144  lltdsvc - ok

21:21:00.0500 4144  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

21:21:00.0531 4144  lmhosts - ok

21:21:00.0546 4144  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

21:21:00.0562 4144  LSI_FC - ok

21:21:00.0578 4144  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

21:21:00.0578 4144  LSI_SAS - ok

21:21:00.0609 4144  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

21:21:00.0624 4144  LSI_SCSI - ok

21:21:00.0640 4144  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

21:21:00.0671 4144  luafv - ok

21:21:00.0687 4144  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

21:21:00.0718 4144  Mcx2Svc - ok

21:21:00.0734 4144  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

21:21:00.0749 4144  megasas - ok

21:21:00.0812 4144  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

21:21:00.0827 4144  MegaSR - ok

21:21:00.0827 4144  MEMSWEEP2 - ok

21:21:01.0217 4144  Microsoft SharePoint Workspace Audit Service - ok

21:21:01.0233 4144  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

21:21:01.0248 4144  MMCSS - ok

21:21:01.0264 4144  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

21:21:01.0295 4144  Modem - ok

21:21:01.0342 4144  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

21:21:01.0373 4144  monitor - ok

21:21:01.0420 4144  [ 9DA04F53C26E75190E394D7C3B4A7456 ] MosIrUsb        C:\Windows\system32\DRIVERS\MosIrUsb.sys

21:21:01.0436 4144  MosIrUsb - ok

21:21:01.0451 4144  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

21:21:01.0467 4144  mouclass - ok

21:21:01.0482 4144  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

21:21:01.0498 4144  mouhid - ok

21:21:01.0514 4144  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

21:21:01.0514 4144  MountMgr - ok

21:21:01.0545 4144  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:21:01.0560 4144  MozillaMaintenance - ok

21:21:01.0592 4144  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

21:21:01.0607 4144  mpio - ok

21:21:01.0623 4144  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

21:21:01.0654 4144  mpsdrv - ok

21:21:01.0685 4144  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll

21:21:01.0779 4144  MpsSvc - ok

21:21:01.0841 4144  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

21:21:01.0857 4144  Mraid35x - ok

21:21:01.0888 4144  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

21:21:01.0935 4144  MRxDAV - ok

21:21:01.0966 4144  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

21:21:01.0997 4144  mrxsmb - ok

21:21:02.0013 4144  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:21:02.0044 4144  mrxsmb10 - ok

21:21:02.0044 4144  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:21:02.0075 4144  mrxsmb20 - ok

21:21:02.0122 4144  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys

21:21:02.0138 4144  msahci - ok

21:21:02.0153 4144  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

21:21:02.0169 4144  msdsm - ok

21:21:02.0184 4144  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

21:21:02.0216 4144  MSDTC - ok

21:21:02.0231 4144  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

21:21:02.0262 4144  Msfs - ok

21:21:02.0278 4144  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

21:21:02.0294 4144  msisadrv - ok

21:21:02.0325 4144  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

21:21:02.0340 4144  MSiSCSI - ok

21:21:02.0356 4144  msiserver - ok

21:21:02.0372 4144  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

21:21:02.0403 4144  MSKSSRV - ok

21:21:02.0434 4144  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

21:21:02.0481 4144  MSPCLOCK - ok

21:21:02.0496 4144  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

21:21:02.0512 4144  MSPQM - ok

21:21:02.0528 4144  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

21:21:02.0543 4144  MsRPC - ok

21:21:02.0559 4144  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

21:21:02.0559 4144  mssmbios - ok

21:21:02.0574 4144  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

21:21:02.0590 4144  MSTEE - ok

21:21:02.0606 4144  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

21:21:02.0652 4144  Mup - ok

21:21:02.0668 4144  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

21:21:02.0715 4144  napagent - ok

21:21:02.0777 4144  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

21:21:02.0808 4144  NativeWifiP - ok

21:21:02.0855 4144  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

21:21:02.0902 4144  NDIS - ok

21:21:02.0933 4144  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

21:21:02.0980 4144  NdisTapi - ok

21:21:03.0027 4144  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

21:21:03.0042 4144  Ndisuio - ok

21:21:03.0058 4144  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

21:21:03.0089 4144  NdisWan - ok

21:21:03.0105 4144  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

21:21:03.0120 4144  NDProxy - ok

21:21:03.0214 4144  [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

21:21:03.0245 4144  Nero BackItUp Scheduler 3 - ok

21:21:03.0245 4144  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

21:21:03.0308 4144  NetBIOS - ok

21:21:03.0323 4144  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

21:21:03.0354 4144  netbt - ok

21:21:03.0370 4144  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

21:21:03.0386 4144  Netlogon - ok

21:21:03.0401 4144  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

21:21:03.0432 4144  Netman - ok

21:21:03.0448 4144  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

21:21:03.0495 4144  netprofm - ok

21:21:03.0510 4144  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:21:03.0526 4144  NetTcpPortSharing - ok

21:21:03.0542 4144  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

21:21:03.0557 4144  nfrd960 - ok

21:21:03.0573 4144  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

21:21:03.0588 4144  NlaSvc - ok

21:21:03.0651 4144  [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

21:21:03.0713 4144  NMIndexingService - ok

21:21:03.0744 4144  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

21:21:03.0822 4144  Npfs - ok

21:21:03.0838 4144  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

21:21:03.0885 4144  nsi - ok

21:21:03.0900 4144  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

21:21:03.0932 4144  nsiproxy - ok

21:21:03.0963 4144  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

21:21:03.0994 4144  Ntfs - ok

21:21:04.0041 4144  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

21:21:04.0088 4144  ntrigdigi - ok

21:21:04.0088 4144  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

21:21:04.0119 4144  Null - ok

21:21:04.0181 4144  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

21:21:04.0197 4144  NVHDA - ok

21:21:04.0368 4144  [ C8CB6135884CBC2A10225C4C3CEF0F95 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:21:04.0727 4144  nvlddmkm - ok

21:21:04.0743 4144  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

21:21:04.0774 4144  nvraid - ok

21:21:04.0805 4144  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

21:21:04.0821 4144  nvstor - ok

21:21:04.0836 4144  [ C1303870D5F9EAD4BEB68559AAB7A87B ] nvsvc           C:\Windows\system32\nvvsvc.exe

21:21:04.0852 4144  nvsvc - ok

21:21:04.0868 4144  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

21:21:04.0883 4144  nv_agp - ok

21:21:04.0883 4144  NwlnkFlt - ok

21:21:04.0883 4144  NwlnkFwd - ok

21:21:04.0930 4144  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

21:21:04.0961 4144  ohci1394 - ok

21:21:05.0055 4144  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:21:05.0070 4144  ose - ok

21:21:05.0492 4144  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:21:05.0648 4144  osppsvc - ok

21:21:05.0726 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

21:21:05.0804 4144  p2pimsvc - ok

21:21:05.0819 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

21:21:05.0866 4144  p2psvc - ok

21:21:05.0944 4144  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

21:21:05.0975 4144  Parport - ok

21:21:06.0006 4144  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

21:21:06.0022 4144  partmgr - ok

21:21:06.0038 4144  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

21:21:06.0084 4144  Parvdm - ok

21:21:06.0100 4144  [ DD74552152055A8493872930A64E70DC ] PcaSp60         C:\Windows\system32\DRIVERS\PcaSp60.sys

21:21:06.0116 4144  PcaSp60 - ok

21:21:06.0131 4144  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

21:21:06.0162 4144  PcaSvc - ok

21:21:06.0194 4144  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

21:21:06.0194 4144  pci - ok

21:21:06.0225 4144  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys

21:21:06.0225 4144  pciide - ok

21:21:06.0240 4144  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

21:21:06.0256 4144  pcmcia - ok

21:21:06.0303 4144  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

21:21:06.0350 4144  PEAUTH - ok

21:21:06.0662 4144  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

21:21:06.0802 4144  pla - ok

21:21:06.0849 4144  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe

21:21:06.0864 4144  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

21:21:06.0864 4144  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

21:21:06.0911 4144  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

21:21:06.0974 4144  PlugPlay - ok

21:21:06.0989 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

21:21:07.0052 4144  PNRPAutoReg - ok

21:21:07.0067 4144  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

21:21:07.0083 4144  PNRPsvc - ok

21:21:07.0161 4144  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

21:21:07.0254 4144  PolicyAgent - ok

21:21:07.0286 4144  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

21:21:07.0317 4144  PptpMiniport - ok

21:21:07.0332 4144  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

21:21:07.0364 4144  Processor - ok

21:21:07.0395 4144  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

21:21:07.0410 4144  ProfSvc - ok

21:21:07.0457 4144  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

21:21:07.0457 4144  ProtectedStorage - ok

21:21:07.0598 4144  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

21:21:07.0707 4144  PSched - ok

21:21:07.0738 4144  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

21:21:07.0738 4144  PxHelp20 - ok

21:21:07.0956 4144  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

21:21:08.0003 4144  ql2300 - ok

21:21:08.0034 4144  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

21:21:08.0050 4144  ql40xx - ok

21:21:08.0081 4144  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

21:21:08.0097 4144  QWAVE - ok

21:21:08.0097 4144  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

21:21:08.0112 4144  QWAVEdrv - ok

21:21:08.0128 4144  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

21:21:08.0159 4144  RasAcd - ok

21:21:08.0175 4144  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

21:21:08.0206 4144  RasAuto - ok

21:21:08.0222 4144  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

21:21:08.0253 4144  Rasl2tp - ok

21:21:08.0300 4144  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

21:21:08.0346 4144  RasMan - ok

21:21:08.0362 4144  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

21:21:08.0378 4144  RasPppoe - ok

21:21:08.0393 4144  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

21:21:08.0409 4144  RasSstp - ok

21:21:08.0440 4144  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

21:21:08.0456 4144  rdbss - ok

21:21:08.0471 4144  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

21:21:08.0518 4144  RDPCDD - ok

21:21:08.0534 4144  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

21:21:08.0549 4144  rdpdr - ok

21:21:08.0565 4144  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

21:21:08.0580 4144  RDPENCDD - ok

21:21:08.0612 4144  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

21:21:08.0643 4144  RDPWD - ok

21:21:08.0690 4144  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

21:21:08.0705 4144  RemoteAccess - ok

21:21:08.0736 4144  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

21:21:08.0768 4144  RemoteRegistry - ok

21:21:08.0846 4144  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys

21:21:08.0877 4144  RimUsb - ok

21:21:08.0908 4144  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

21:21:08.0924 4144  RpcLocator - ok

21:21:08.0939 4144  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

21:21:08.0955 4144  RpcSs - ok

21:21:09.0002 4144  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

21:21:09.0033 4144  rspndr - ok

21:21:09.0064 4144  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

21:21:09.0080 4144  SamSs - ok

21:21:09.0095 4144  [ 68DE5B1E82D3DD10F5F6169522C7C88A ] SAVRKBootTasks  C:\Windows\system32\SAVRKBootTasks.sys

21:21:09.0095 4144  SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - warning

21:21:09.0095 4144  SAVRKBootTasks - detected UnsignedFile.Multi.Generic (1)

21:21:09.0126 4144  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

21:21:09.0142 4144  sbp2port - ok

21:21:09.0189 4144  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

21:21:09.0204 4144  SCardSvr - ok

21:21:09.0236 4144  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

21:21:09.0282 4144  Schedule - ok

21:21:09.0329 4144  [ 3B68015683C27CB00C7A6B60A37CBCFD ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys

21:21:09.0329 4144  SCMNdisP - ok

21:21:09.0376 4144  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

21:21:09.0392 4144  SCPolicySvc - ok

21:21:09.0407 4144  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

21:21:09.0423 4144  SDRSVC - ok

21:21:09.0438 4144  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

21:21:09.0485 4144  secdrv - ok

21:21:09.0501 4144  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

21:21:09.0532 4144  seclogon - ok

21:21:09.0532 4144  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll

21:21:09.0563 4144  SENS - ok

21:21:09.0579 4144  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys

21:21:09.0626 4144  Serenum - ok

21:21:09.0641 4144  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys

21:21:09.0688 4144  Serial - ok

21:21:09.0688 4144  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

21:21:09.0719 4144  sermouse - ok

21:21:09.0735 4144  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

21:21:09.0750 4144  SessionEnv - ok

21:21:09.0766 4144  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

21:21:09.0782 4144  sffdisk - ok

21:21:09.0797 4144  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

21:21:09.0860 4144  sffp_mmc - ok

21:21:09.0875 4144  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

21:21:09.0922 4144  sffp_sd - ok

21:21:09.0953 4144  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

21:21:09.0984 4144  sfloppy - ok

21:21:10.0000 4144  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

21:21:10.0047 4144  SharedAccess - ok

21:21:10.0062 4144  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:21:10.0078 4144  ShellHWDetection - ok

21:21:10.0094 4144  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

21:21:10.0109 4144  sisagp - ok

21:21:10.0125 4144  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

21:21:10.0140 4144  SiSRaid2 - ok

21:21:10.0156 4144  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

21:21:10.0172 4144  SiSRaid4 - ok

21:21:10.0234 4144  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

21:21:10.0343 4144  slsvc - ok

21:21:10.0406 4144  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

21:21:10.0421 4144  SLUINotify - ok

21:21:10.0437 4144  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

21:21:10.0452 4144  Smb - ok

21:21:10.0484 4144  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

21:21:10.0499 4144  SNMPTRAP - ok

21:21:10.0515 4144  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

21:21:10.0530 4144  spldr - ok

21:21:10.0562 4144  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

21:21:10.0593 4144  Spooler - ok

21:21:10.0624 4144  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

21:21:10.0640 4144  srv - ok

21:21:10.0655 4144  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

21:21:10.0671 4144  srv2 - ok

21:21:10.0686 4144  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

21:21:10.0702 4144  srvnet - ok

21:21:10.0733 4144  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

21:21:10.0749 4144  SSDPSRV - ok

21:21:10.0796 4144  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

21:21:10.0811 4144  SstpSvc - ok

21:21:10.0889 4144  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

21:21:10.0920 4144  stisvc - ok

21:21:10.0936 4144  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

21:21:10.0936 4144  swenum - ok

21:21:10.0998 4144  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

21:21:11.0061 4144  swprv - ok

21:21:11.0076 4144  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

21:21:11.0076 4144  Symc8xx - ok

21:21:11.0092 4144  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

21:21:11.0108 4144  Sym_hi - ok

21:21:11.0123 4144  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

21:21:11.0123 4144  Sym_u3 - ok

21:21:11.0154 4144  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

21:21:11.0201 4144  SysMain - ok

21:21:11.0264 4144  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:21:11.0295 4144  TabletInputService - ok

21:21:11.0326 4144  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

21:21:11.0342 4144  TapiSrv - ok

21:21:11.0388 4144  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

21:21:11.0451 4144  TBS - ok

21:21:11.0498 4144  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

21:21:11.0513 4144  Tcpip - ok

21:21:11.0529 4144  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

21:21:11.0591 4144  Tcpip6 - ok

21:21:11.0638 4144  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

21:21:11.0716 4144  tcpipreg - ok

21:21:11.0794 4144  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

21:21:11.0841 4144  TDPIPE - ok

21:21:11.0888 4144  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

21:21:11.0903 4144  TDTCP - ok

21:21:11.0934 4144  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

21:21:11.0966 4144  tdx - ok

21:21:11.0997 4144  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

21:21:11.0997 4144  TermDD - ok

21:21:12.0028 4144  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

21:21:12.0075 4144  TermService - ok

21:21:12.0122 4144  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

21:21:12.0137 4144  Themes - ok

21:21:12.0153 4144  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

21:21:12.0168 4144  THREADORDER - ok

21:21:12.0278 4144  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

21:21:12.0356 4144  TrkWks - ok

21:21:12.0449 4144  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:21:12.0512 4144  TrustedInstaller - ok

21:21:12.0543 4144  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

21:21:12.0558 4144  tssecsrv - ok

21:21:12.0574 4144  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

21:21:12.0605 4144  tunmp - ok

21:21:12.0621 4144  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

21:21:12.0636 4144  tunnel - ok

21:21:12.0652 4144  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

21:21:12.0668 4144  uagp35 - ok

21:21:12.0683 4144  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

21:21:12.0699 4144  udfs - ok

21:21:12.0730 4144  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

21:21:12.0761 4144  UI0Detect - ok

21:21:12.0777 4144  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

21:21:12.0792 4144  uliagpkx - ok

21:21:12.0808 4144  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

21:21:12.0824 4144  uliahci - ok

21:21:12.0839 4144  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

21:21:12.0855 4144  UlSata - ok

21:21:12.0886 4144  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

21:21:12.0902 4144  ulsata2 - ok

21:21:12.0933 4144  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

21:21:12.0948 4144  umbus - ok

21:21:12.0964 4144  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

21:21:12.0980 4144  upnphost - ok

21:21:13.0026 4144  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys

21:21:13.0058 4144  USBAAPL - ok

21:21:13.0073 4144  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

21:21:13.0104 4144  usbccgp - ok

21:21:13.0136 4144  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

21:21:13.0182 4144  usbcir - ok

21:21:13.0229 4144  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

21:21:13.0245 4144  usbehci - ok

21:21:13.0260 4144  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

21:21:13.0292 4144  usbhub - ok

21:21:13.0307 4144  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys

21:21:13.0338 4144  usbohci - ok

21:21:13.0370 4144  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

21:21:13.0401 4144  usbprint - ok

21:21:13.0432 4144  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

21:21:13.0448 4144  usbscan - ok

21:21:13.0448 4144  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:21:13.0463 4144  USBSTOR - ok

21:21:13.0479 4144  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

21:21:13.0526 4144  usbuhci - ok

21:21:13.0557 4144  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

21:21:13.0588 4144  UxSms - ok

21:21:13.0604 4144  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

21:21:13.0635 4144  vds - ok

21:21:13.0713 4144  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

21:21:13.0744 4144  vga - ok

21:21:13.0775 4144  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

21:21:13.0791 4144  VgaSave - ok

21:21:13.0806 4144  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

21:21:13.0822 4144  viaagp - ok

21:21:13.0838 4144  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

21:21:13.0853 4144  ViaC7 - ok

21:21:13.0900 4144  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

21:21:13.0916 4144  viaide - ok

21:21:13.0931 4144  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

21:21:13.0947 4144  volmgr - ok

21:21:13.0962 4144  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

21:21:13.0978 4144  volmgrx - ok

21:21:13.0978 4144  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

21:21:13.0994 4144  volsnap - ok

21:21:14.0040 4144  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

21:21:14.0056 4144  vsmraid - ok

21:21:14.0072 4144  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

21:21:14.0118 4144  VSS - ok

21:21:14.0165 4144  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

21:21:14.0181 4144  W32Time - ok

21:21:14.0196 4144  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

21:21:14.0228 4144  WacomPen - ok

21:21:14.0243 4144  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

21:21:14.0274 4144  Wanarp - ok

21:21:14.0274 4144  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

21:21:14.0290 4144  Wanarpv6 - ok

21:21:14.0306 4144  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

21:21:14.0352 4144  wcncsvc - ok

21:21:14.0384 4144  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:21:14.0446 4144  WcsPlugInService - ok

21:21:14.0493 4144  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

21:21:14.0524 4144  Wd - ok

21:21:14.0555 4144  [ 6D77FF2224D2D3984760ACBDF4024A7B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

21:21:14.0586 4144  Wdf01000 - ok

21:21:14.0618 4144  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

21:21:14.0649 4144  WdiServiceHost - ok

21:21:14.0649 4144  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

21:21:14.0664 4144  WdiSystemHost - ok

21:21:14.0711 4144  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

21:21:14.0742 4144  WebClient - ok

21:21:14.0758 4144  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

21:21:14.0774 4144  Wecsvc - ok

21:21:14.0789 4144  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

21:21:14.0820 4144  wercplsupport - ok

21:21:14.0852 4144  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

21:21:14.0883 4144  WerSvc - ok

21:21:14.0945 4144  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

21:21:14.0961 4144  WinDefend - ok

21:21:14.0961 4144  WinHttpAutoProxySvc - ok

21:21:14.0992 4144  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

21:21:15.0023 4144  Winmgmt - ok

21:21:15.0054 4144  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

21:21:15.0086 4144  WinRM - ok

21:21:15.0148 4144  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

21:21:15.0195 4144  Wlansvc - ok

21:21:15.0335 4144  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:21:15.0382 4144  wlidsvc - ok

21:21:15.0429 4144  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

21:21:15.0444 4144  WmiAcpi - ok

21:21:15.0476 4144  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

21:21:15.0491 4144  wmiApSrv - ok

21:21:15.0538 4144  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

21:21:15.0616 4144  WMPNetworkSvc - ok

21:21:15.0632 4144  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

21:21:15.0647 4144  WPCSvc - ok

21:21:15.0694 4144  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

21:21:15.0725 4144  WPDBusEnum - ok

21:21:15.0803 4144  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys

21:21:15.0819 4144  WpdUsb - ok

21:21:15.0944 4144  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

21:21:15.0975 4144  WPFFontCache_v0400 - ok

21:21:15.0990 4144  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

21:21:16.0037 4144  ws2ifsl - ok

21:21:16.0053 4144  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll

21:21:16.0084 4144  wscsvc - ok

21:21:16.0115 4144  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys

21:21:16.0131 4144  WSDPrintDevice - ok

21:21:16.0162 4144  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys

21:21:16.0193 4144  WSDScan - ok

21:21:16.0193 4144  WSearch - ok

21:21:16.0240 4144  [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100      C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

21:21:16.0256 4144  WSWNDA3100 ( UnsignedFile.Multi.Generic ) - warning

21:21:16.0256 4144  WSWNDA3100 - detected UnsignedFile.Multi.Generic (1)

21:21:16.0318 4144  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

21:21:16.0380 4144  wuauserv - ok

21:21:16.0443 4144  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

21:21:16.0474 4144  WUDFRd - ok

21:21:16.0505 4144  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

21:21:16.0536 4144  wudfsvc - ok

21:21:16.0568 4144  ================ Scan global ===============================

21:21:16.0599 4144  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

21:21:16.0630 4144  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

21:21:16.0646 4144  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

21:21:16.0677 4144  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

21:21:16.0677 4144  [Global] - ok

21:21:16.0677 4144  ================ Scan MBR ==================================

21:21:16.0677 4144  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0

21:21:20.0982 4144  \Device\Harddisk0\DR0 - ok

21:21:20.0982 4144  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

21:21:21.0092 4144  \Device\Harddisk1\DR1 - ok

21:21:21.0092 4144  ================ Scan VBR ==================================

21:21:21.0138 4144  [ 0B695A41D49D8B5A30171D2D7FCEB72B ] \Device\Harddisk0\DR0\Partition1

21:21:21.0138 4144  \Device\Harddisk0\DR0\Partition1 - ok

21:21:21.0185 4144  [ 0554D65EA8284662E168D145B98BC792 ] \Device\Harddisk0\DR0\Partition2

21:21:21.0185 4144  \Device\Harddisk0\DR0\Partition2 - ok

21:21:21.0185 4144  [ 1BE18EAB5FDED4D70D79692FEE8D05E9 ] \Device\Harddisk1\DR1\Partition1

21:21:21.0201 4144  \Device\Harddisk1\DR1\Partition1 - ok

21:21:21.0201 4144  ============================================================

21:21:21.0201 4144  Scan finished

21:21:21.0201 4144  ============================================================

21:21:21.0201 4496  Detected object count: 6

21:21:21.0201 4496  Actual detected object count: 6

21:24:33.0408 4496  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:24:33.0408 4496  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:24:33.0408 4496  AllShare ( UnsignedFile.Multi.Generic ) - skipped by user

21:24:33.0408 4496  AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:24:33.0408 4496  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:24:33.0408 4496  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:24:33.0408 4496  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:24:33.0408 4496  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:24:33.0424 4496  SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - skipped by user

21:24:33.0424 4496  SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:24:33.0424 4496  WSWNDA3100 ( UnsignedFile.Multi.Generic ) - skipped by user

21:24:33.0424 4496  WSWNDA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Sehr schön.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Here we go:

Code:

AC-3 ACM Codec                18.12.2010                unbekannt

Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        12.08.2009        14,0MB        unbekannt

Adobe Acrobat 7.1.0 Professional        Adobe Systems        04.02.2010        632MB        7.1.0        notwendig

Adobe AIR        Adobe Systems Incorporated        05.12.2011        37,5MB        3.1.0.4880        unnötig

Adobe Color Common Settings        Adobe Systems Incorporated        16.08.2009                1.0.1        unnötig

Adobe ExtendScript Toolkit 2        Adobe Systems Incorporated        16.08.2009                2.0.2        unnötig

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        14.10.2012                11.4.402.287        notwendig

Adobe InDesign CS3        Adobe Systems Incorporated        28.09.2009                5.0        unnötig

Adobe Photoshop CS3        Adobe Systems Incorporated        16.08.2009                10.0        notwendig

Adobe Photoshop Lightroom 2.6        Adobe        08.01.2010        101MB        2.6.1        notwendig

Adobe Reader 9.4.7 - Deutsch        Adobe Systems Incorporated        10.01.2012        167MB        9.4.7        notwendig

AMap Fly 5.0        EADS Deutschland GmbH        28.06.2010        41,4MB        6.6.0.0000        notwendig

Apple Application Support        Apple Inc.        08.11.2012        65,0MB        2.3        unbekannt

Apple Mobile Device Support        Apple Inc.        13.09.2012        23,1MB        6.0.0.59        notwendig

Apple Software Update        Apple Inc.        21.10.2011        2,38MB        2.1.3.127        notwendig

ASUS RT-N66U Wireless Router Utilities        ASUS        15.09.2012        12,2MB        4.2.3.9        notwendig

avast! Free Antivirus        AVAST Software        13.11.2012        162MB        7.0.1474.0        notwendig ???

Belkin Wireless USB Utility        Belkin        08.10.2010        1,19MB        6.3.2.16        unnötig

Bonjour        Apple Inc.        21.10.2011        1,02MB        3.0.0.10        notwendig

Canon Easy-PhotoPrint EX                22.05.2012        265MB        notwendig 

Canon Easy-PhotoPrint Pro                22.05.2012        37,0MB        notwendig 

Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data                22.05.2012        37,0MB        notwendig 

Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data                22.05.2012        11,7MB        notwendig 

Canon Easy-WebPrint EX                22.05.2012        6,81MB        notwendig 

Canon IJ Network Scanner Selector EX                22.05.2012        8,20MB        notwendig 

Canon IJ Network Tool                22.05.2012        2,07MB        notwendig 

CANON IMAGE GATEWAY Registrierungsanleitung        Canon Inc.        17.06.2012        1,50MB        1.0.0.2        notwendig 

Canon MG6200 series Benutzerregistrierung                22.05.2012        2,30MB        notwendig 

Canon MG6200 series MP Drivers                22.05.2012        452MB        notwendig 

Canon MG6200 series On-screen Manual                22.05.2012        26,3MB        notwendig 

Canon MP Navigator EX 5.0                22.05.2012        76,0MB        notwendig 

Canon My Printer                22.05.2012        5,60MB        notwendig 

Canon Solution Menu EX                22.05.2012        16,5MB        notwendig 

CCleaner        Piriform        24.09.2012        2,71MB        3.23        notwendig 

Cobian Backup 10                21.10.2010        28,4MB        unnötig

Compatibility Pack für 2007 Office System        Microsoft Corporation        16.11.2012        70,5MB        12.0.6612.1000        notwendig 

Content Manager 2        NNG Llc.        26.12.2011        32,8MB        3.2.0.15965        unbekannt

cyberlabDESIGNER        Transeo Media Ltd        25.08.2012        44,9MB        cyberlabDESIGNER 2.5.8        unnötig

Debugging Tools for Windows (x86)        Microsoft Corporation        20.08.2009        38,5MB        6.11.1.404        unnötig

Evernote v. 4.5.10        Evernote Corp.        19.11.2012        131MB        4.5.10.7472        notwendig 

ffdshow v1.1.3562 [2010-09-07]                18.12.2010        17,0MB        1.1.3562.0         unnötig

FileZilla Client 3.2.7.1                25.09.2009        15,7MB        3.2.7.1        notwendig 

Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        04.12.2010        3,03MB        

Free Download Manager 3.0        FreeDownloadManager.ORG        13.08.2009        18,5MB                notwendig 

Garmin ANT Agent        Garmin Ltd or its subsidiaries        26.10.2012        16,9MB        2.3.3        notwendig 

Garmin BaseCamp        Garmin Ltd or its subsidiaries        11.11.2012        100MB        4.0.4        notwendig 

Garmin Communicator Plugin        Garmin Ltd or its subsidiaries        16.01.2011        11,6MB        2.9.3        notwendig 

Garmin MapInstall        Garmin Ltd or its subsidiaries        04.11.2012        29,4MB        4.0.3        notwendig 

Garmin MapSource        Garmin Ltd or its subsidiaries        09.01.2012        58,0MB        6.16.3        notwendig 

Garmin Training Center        Garmin Ltd or its subsidiaries        26.10.2012        86,8MB        3.6.5        notwendig 

Garmin USB Drivers        Garmin Ltd or its subsidiaries        26.10.2012        580KB        2.3.1.0        notwendig 

Garmin WebUpdater        Garmin Ltd or its subsidiaries        16.06.2012        15,6MB        2.5.6        notwendig 

Google Earth        Google        20.11.2011        92,7MB        6.1.0.5001        unbekannt

Google Toolbar for Internet Explorer        Google Inc.        19.09.2012        24,3MB        7.4.3230.2052        unnötig

Google Updater        Google Inc.        28.09.2011        4,56MB        2.4.2432.1652        unbekannt

iCloud        Apple Inc.        20.09.2012        47,5MB        2.0.2.187        notwendig 

Intel(R) Network Connections 13.5.32.0        Intel        02.06.2009        53,3MB        13.5.32.0        unbekannt

Intel® Matrix Storage Manager        Intel Corporation        12.08.2009        46,8MB        unbekannt

iTunes        Apple Inc.        13.09.2012        180MB        10.7.0.21        notwendig 

Japanese Fonts Support For Adobe Reader 9        Adobe Systems Incorporated        06.12.2010        16,4MB        9.0.0        unnötig

Java 7 Update 7        Oracle        14.10.2012        128MB        7.0.70        notwendig 

Java(TM) 6 Update 31        Oracle        15.04.2012        95,1MB        6.0.310        unnötig

JOSM        OpenStreetMap        18.06.2012                        notwendig 

Logitech Desktop Messenger        Logitech, Inc.        15.08.2010        9,75MB        2.54.11        notwendig 

Logitech Harmony Remote Software 7        Logitech        15.08.2010        88,2MB        7.7.0.0        notwendig 

Malwarebytes Anti-Malware Version 1.65.1.1000        Malwarebytes Corporation        03.12.2012        4,00MB        1.65.1.1000 notwendig ???

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        02.06.2009        37,3MB        unbekannt

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        02.06.2009        37,3MB                unbekannt        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        27.06.2010        120MB        4.0.30319        unbekannt

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        27.06.2010        24,5MB        4.0.30319        unbekannt

Microsoft Office File Validation Add-In        Microsoft Corporation        19.09.2011        7,95MB        14.0.5130.5003        unbekannt

Microsoft Office Language Pack 2010 - German/Deutsch        Microsoft Corporation        28.06.2012        0,97GB        14.0.6029.1000        notwendig

Microsoft Office Live Add-in 1.5        Microsoft Corporation        26.05.2010        506KB        2.0.4024.1        notwendig

Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        16.11.2012        100MB        12.0.6612.1000        notwendig

Microsoft Office Professional Plus 2010        Microsoft Corporation        27.06.2012        0,97GB        14.0.6029.1000        unbekannt

Microsoft Silverlight        Microsoft Corporation        16.05.2012        25,9MB        5.1.10411.0        unbekannt

Microsoft SQL Server 2005 Compact Edition [DEU]        Microsoft Corporation        02.06.2009        332KB        3.1.0000        unbekannt

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        02.06.2009        1,74MB        3.1.0000        unbekannt

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        13.10.2009        251KB        8.0.50727.4053        unbekannt

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        18.06.2011        294KB        8.0.61001        unbekannt

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        13.10.2009        199KB        9.0.30729.4148        unbekannt

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        21.04.2011        592KB        9.0.30729.5570        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        13.08.2009        590KB        9.0.30729        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        23.01.2011        589KB        9.0.30729.4148        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        18.06.2011        594KB        9.0.30729.6161        unbekannt

Mozilla Firefox 17.0.1 (x86 de)        Mozilla        06.12.2012        42,7MB        17.0.1        notwendig        

Mozilla Firefox 4.0.1 (x86 de)        Mozilla        16.06.2011        40,6MB        4.0.1        unnötig

Mozilla Maintenance Service        Mozilla        06.12.2012        216KB        17.0.1        unbekannt

Mp3tag v2.47b        Florian Heidenreich        04.12.2010        6,91MB        v2.47b        notwendig

MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        02.06.2009        1,27MB        4.20.9848.0        unbekannt

MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        02.06.2009        1,27MB        4.20.9849.0        unbekannt

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        02.06.2009        1,29MB        4.20.9870.0        unbekannt

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        1,34MB        4.20.9876.0        unbekannt

Naviextras Toolbox Prerequesities        NNG Llc.        26.12.2011        4,05MB        1.0.0        unbekannt

Nero 8 Essentials        Nero AG        05.10.2009        1,91GB        8.3.465        notwendig

NETGEAR WNDA3100v2 wireless USB 2.0 adapter        NETGEAR        09.10.2010        23,1MB        1.0.0.133        unnötig

NVIDIA Display Control Panel        NVIDIA Corporation        19.04.2010        19,7MB        6.14.11.9745        notwendig

NVIDIA Drivers        NVIDIA Corporation        19.04.2010        2,88GB        1.10.59.37        notwendig

NVIDIA PhysX        NVIDIA Corporation        13.07.2009        119MB        9.09.0428        notwendig        

Open XML Editor        Dieter Köhler        12.05.2011        3,47MB        unbekannt

OpenStreetMap Plugin V2        Old Man Biking        24.05.2010        2,18MB        1.0.3788.41447 as of 2010-05-16        notwendig

Picasa 3        Google, Inc.        02.01.2011        74,3MB        3.8        notwendig

Polar ProTrainer                29.09.2009        27,5MB        5.10.120        notwendig

QNAP Finder        QNAP Systems, Inc.        23.11.2011        43,0MB        3.4.2.0303        notwendig

QNAP NetBak Replicator                24.11.2011                notwendig

QuickTime        Apple Inc.        08.11.2012        73,1MB        7.73.80.64        notwendig

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        02.06.2009        10,0MB        6.0.1.5804        unbekannt

Remote Control USB Driver                15.08.2010        3,61MB        2.3.2.317        notwendig

SAMSUNG PC Share Manager        SAMSUNG        24.06.2011        24,4MB        4.0        unnötig

Saturn Picture Center                26.09.2009        128MB        unnötig

Sophos Anti-Rootkit 1.5.0        Sophos Plc        27.09.2009        2,66MB        1.5.0        unnötig

SportTracks 2.1        Zone Five Software        21.08.2009        6,32MB        2.1.3478 unnötig

SportTracks 3.1        Zone Five Software        09.06.2012        8,46MB        3.1.4518        notwendig

Uninstall 1.0.0.1                04.12.2010        31,3MB        unbekannt

VideoBrowser        PIXELA        17.06.2012        164MB        1.01.100        notwendig

VLC media player 2.0.4        VideoLAN        03.11.2012        72,6MB        2.0.4        notwendig

Winamp        Nullsoft, Inc        02.08.2010        37,7MB        5.581 unnötig

Winamp Erkennungs-Plug-in        Nullsoft, Inc        02.08.2010        132KB        1.0.0.1        unnötig

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)        Dynastream Innovations        26.10.2012                07/07/2009 1.12.2        unbekannt

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)        Garmin        26.10.2012                04/19/2012 2.3.1.0        notwendig

Windows Live Essentials        Microsoft Corporation        02.06.2009        136MB        14.0.8050.1202        unnötig

Windows Live ID-Anmelde-Assistent        Microsoft Corporation        26.05.2010        4,68MB        6.500.3165.0        unnötig

Windows Live Sync        Microsoft Corporation        02.06.2009        2,79MB        14.0.8050.1202        unnötig

Windows Live-Uploadtool        Microsoft Corporation        02.06.2009        225KB        14.0.8014.1029        unnötig

Windows Media Player Firefox Plugin        Microsoft Corp        11.09.2011        296KB        1.0.0.8        notwendig

WinRAR                12.08.2009        3,72MB        notwendig

Xirrus Wi-Fi Inspector        Xirrus        08.10.2010        43,6MB        1.2.0000        unnötig

Adobe Acrobat 7.1.0 Komplett veraltet, ein Upgrade auf Version 11 ist nötig, schon aus sicherheitstechnischen Gründen!

Deinstaliere:
Adobe : alle für dich unnötigen.
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Cobian
cyberlabDESIGNER
Debugging
ffdshow
Google : alle
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Naviextras
NETGEAR
SAMSUNG
Saturn
Sophos
Windows Live : alle für dich unnötigen
Xirrus

Öffne ccleaner, analysieren starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

puuuh. danke.

also:

Code:

# AdwCleaner v2.011 - Datei am 06/12/2012 um 23:30:33 erstellt

# Aktualisiert am 02/12/2012 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : *** - ***

# Bootmodus : Normal

# Ausgeführt unter : \\NAS\Download\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16455
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v17.0.1 (de)
 

Profilname : default 

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [990 octets] - [06/12/2012 23:30:33]
 

########## EOF - C:\AdwCleaner[R1].txt - [1049 octets] ##########

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige
jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die
Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

neustarten, testen wie PC und Browser laufen

Thx!

Hier ist der Log:

Code:

# AdwCleaner v2.011 - Datei am 06/12/2012 um 23:43:02 erstellt

# Aktualisiert am 02/12/2012 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : *** - *** -PC

# Bootmodus : Normal

# Ausgeführt unter : \\NAS\Download\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16455
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v17.0.1 (de)
 

Profilname : default 

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1118 octets] - [06/12/2012 23:30:33]

AdwCleaner[S1].txt - [1052 octets] - [06/12/2012 23:43:02]
 

########## EOF - C:\AdwCleaner[S1].txt - [1112 octets] ##########

Nach erster KURZanalyse scheint alles normal zu laufen.

Öffne otl, bereinigen, PC startet neu, löscht Remover.
Sichere den PC ab. Fragen kann ich aber erst mittwoch beantworten.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Hallo,

vielen Dank vorerst für die großartige Hilfe, ich hoffe du konntest deinen Urlaub genießen.

Folgender Status:

1. Habe mich für Emsisoft entschieden - läuft sehr gut. Für Konfighilfe bin ich dankbar.

2. Als Browser verwende ich firefox und würde gerne dabei bleiben, sofern es keine unüberwindbaren Sicherheitsbedenken gibt. Sandbox habe ich noch nicht eingerichtet.

3. Ansonsten alle angeführten Schritte erfolgreich durchgeführt.

Danke Tom

Hi,
ja, Urlaub war schön :-)
emsi:

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.

Chrome:
hast du ihn dir denn schon mal angesehen? bietet noch einige Sicherheitsfeatures, die der ff nicht hatt, und er sollte auch schneller sein.