Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei Trojaner bei Win 7 64 Bit (https://www.trojaner-board.de/119058-bundespolizei-trojaner-win-7-64-bit.html)

Sarama 10.07.2012 10:37
Bundespolizei Trojaner bei Win 7 64 Bit
 
Hallo.

Habe den Virus leider auch wie viel hier. Er kommt aber immer nur bei bestehender Internetverbindung. sobald ich den Router deaktiviere, kann ich ganz normal auf alles auf den PC zugreifen.
Im abgesicherten Modus mit Netzwerktreibern kommt er nicht

Betriebssystem: Win 7 Home 64 Bit
ist übrigens die Version 1.3 des Trojaners vom Bild her.


Vielen Dank für eure Hilfe :)


Malewarebytes Log:

Code:
Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXXXX :: XXXXXX [Administrator]

Schutz: Aktiviert

06.07.2012 14:06:43
mbam-log-2012-07-06 (14-06-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418779
Laufzeit: 1 Stunde(n), 5 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
hier der OTL Log:

Code:
OTL logfile created on: 7/6/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\XXXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free
8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/06 12:45:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Downloads\OTL.exe
PRC - [2012/07/05 23:04:24 | 000,056,832 | ---- | M] (Razer) -- C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe
PRC - [2012/05/15 20:40:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/15 10:24:57 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2009/08/17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/24 09:49:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/06/24 09:48:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/24 09:48:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/24 09:48:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/24 09:45:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/24 09:45:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/08/22 03:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/10 02:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Disabled | Stopped] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/07/02 12:52:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/17 11:41:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/09/02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/08/24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/05/21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/05/15 22:14:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/15 20:40:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/15 20:40:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/05/15 10:24:15 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 19:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/05/15 22:14:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/08/24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 6C 09 7B C2 36 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/02 12:52:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 23:12:55 | 000,000,000 | ---D | M]
 
[2012/05/15 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2012/07/05 14:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions
[2012/05/22 22:02:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/06/29 09:47:39 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/07/05 14:14:50 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\cookiemgr@jayapal.com
[2012/07/04 22:52:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\plugin@yontoo.com
[2012/05/17 17:21:39 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\support@lastpass.com
[2012/06/30 14:55:48 | 000,000,853 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\11-suche.xml
[2012/06/21 09:17:42 | 000,000,925 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\conduit.xml
[2012/06/30 14:55:48 | 000,002,209 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\englische-ergebnisse.xml
[2012/06/30 14:55:48 | 000,010,506 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\gmx-suche.xml
[2012/06/29 20:04:56 | 000,001,056 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\icqplugin.xml
[2012/06/30 14:55:48 | 000,002,368 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\lastminute.xml
[2012/06/30 14:55:48 | 000,005,489 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\webde-suche.xml
[2012/05/20 20:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/02 12:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012/05/15 19:53:45 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/06/30 14:55:37 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/07/02 12:52:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/27 11:49:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/27 11:49:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/27 11:49:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/27 11:49:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/27 11:49:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/27 11:49:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0901F52D-E71C-4FD5-BB09-90BA4EF4E0CD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell - "" = AutoRun
O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/06 12:52:53 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/06 12:52:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brotherhood Software
[2012/07/04 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2012/07/04 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v-Grabber
[2012/07/04 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/07/04 22:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/04 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Captcha_Brotherhood
[2012/07/03 00:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/30 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Nero
[2012/06/30 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/06/30 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/06/30 15:13:49 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\Windows\SysWow64\TwnLib20.dll
[2012/06/30 15:13:48 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\Windows\SysWow64\NeroCheck.exe
[2012/06/30 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2012/06/30 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead
[2012/06/27 11:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/06/21 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Noten
[2012/06/21 20:56:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\SnagIt Katalog
[2012/06/21 20:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\TechSmith
[2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnagIt 8
[2012/06/21 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/17 11:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/06/17 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/17 11:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/06/17 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Media Player Classic
[2012/06/17 11:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/17 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/16 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Application Data
[2012/06/16 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Macromedia
[2012/06/13 22:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/06/13 22:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012/06/13 22:07:01 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2012/06/13 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 16:02:49 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable
[2012/07/06 16:02:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 16:02:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/06 16:02:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 16:02:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/06 16:02:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 15:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 15:57:22 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 15:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 13:31:47 | 000,001,738 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/07/06 13:11:10 | 000,001,655 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/06 12:52:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/05 19:30:43 | 000,002,328 | ---- | M] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk
[2012/07/05 18:27:23 | 000,000,168 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\default.rss
[2012/06/27 11:42:41 | 000,002,096 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/21 20:33:52 | 000,285,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 22:08:21 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
 
========== Files Created - No Company Name ==========
 
[2012/07/06 16:02:49 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable
[2012/07/06 12:52:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/05 19:30:43 | 000,002,328 | ---- | C] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk
[2012/07/05 18:27:23 | 000,000,168 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\default.rss
[2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012/07/04 23:36:27 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012/06/17 11:41:53 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/17 11:21:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/13 22:08:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/13 22:07:38 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/06/13 22:07:38 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/06/13 22:07:38 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/05/15 20:46:53 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/05/15 20:07:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/05/15 10:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 00:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/08 00:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2012/05/15 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2012/05/30 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ
[2012/07/05 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mp3tag
[2012/05/25 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Samsung
[2012/05/25 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Temp
[2009/07/14 07:08:49 | 000,018,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
und hier der Extra Log von OTL:

Code:
OTL Extras logfile created on: 7/6/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\XXXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free
8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F2B793-C762-4DE1-BA25-7B2C664888A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{07EF8F31-2A59-45FC-97C8-29A5343CFB1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18A3E7EF-38EB-4356-86E2-0C83DE8FA5AC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{19CEF19F-1DB4-4CA7-A63C-67D0FF361BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B7596EA-B7C4-49CA-9E9F-403D1085D1A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{208FDEEE-914D-4BAE-A244-7F2A05E48C82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23C67B78-388B-4958-8C53-BF1D732EB475}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2ED2908C-4DFC-4E0A-8BDD-F933C21723B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{30D3865D-BC94-4EAC-9FC0-E496DBDE10FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AFBB47E-31B9-4DFD-997E-2BAA78B5994A}" = rport=138 | protocol=17 | dir=out | app=system |
"{42057307-C778-42FB-B8E6-C9B61098DEBC}" = lport=445 | protocol=6 | dir=in | app=system |
"{567A15C0-1299-42D8-AAA3-D5E6527971C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{58B0B87A-BE22-40D5-9470-7BFAB8FCB54D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68123E04-D368-4148-9211-CEC311B4FD98}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B7ED4B8-B49A-4B69-A86E-570B246CD6EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{90D175A1-DB31-4D27-9FF6-773350342A70}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D71084C-9020-47B6-BD5C-FB3E89FCEDBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD320B5B-F33C-4771-8A7A-D57C86A4A921}" = lport=137 | protocol=17 | dir=in | app=system |
"{BAC5EEB2-A1D7-4D51-AA32-05CFAFFE9088}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDCD3FB9-D556-43F2-946A-83E18E04652D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3B805BA-3A47-4F8B-B50C-666BA5D01595}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA5F316D-EC91-4A3C-BC6C-67BD4BE0EE0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0A7FEE9-F79B-40EA-B740-5190EFF4D33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D70C9092-7BD9-4A64-B1BF-8EE59C068006}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2D1FB10-EFD3-436E-A44E-62CD400D8E1C}" = lport=139 | protocol=6 | dir=in | app=system |
"{E97DCA6C-ECE2-4694-AAAF-7C9C8A0B74BD}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD58F70-6F82-42A6-983E-C4B88BC7E7D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{11275490-D433-49A8-94FF-77E97BD51959}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1D9F4B56-6420-407F-960A-8BD3BDA2A9CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{237ADCE9-E9BC-4586-8AF2-941A8D9BFBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A71B319-4433-4599-8757-955F8F1F395B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{2BC8330D-7A3E-41C3-8C6F-BEC66B14CFEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2F593765-8717-4103-ABCB-CFC60039C263}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3ABE48A1-CE9F-4301-A8F2-BB7201B0DAB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{4113A1F9-57BA-4CA2-85FD-B2CBB9988BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{44AD043A-9238-4D37-BE97-BA3B6ECE168B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe |
"{4E2FBDA4-E2B3-41CC-83C1-913CF8611FB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{551440C4-421C-44F7-ABF3-537B1C03D5E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{658C2492-DA79-4B3D-AA8C-5BAA29C42461}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6DB0D47B-A709-4FE4-BD0F-DBAE025D9FA3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{726CDAE4-6F0D-4ADD-B974-6DCD436D2728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7805EB47-6DB6-440E-8FAB-79EA721B3705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F8784E2-15CA-42EA-8345-20F60CE1DEC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{813174B3-BC56-4604-ABFE-492BFEB8323D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{934E1510-D8BC-4E16-987C-7EF0B0ACA32D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{955DA87E-C8C0-435F-B4F5-93B99970CA8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A697DEE4-4609-4837-977E-2790E20E3ADF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A955CFB4-350E-45EB-84A4-9117D1E78071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF279E52-86DE-43BF-BB5F-4CF9174CF2B5}" = protocol=6 | dir=out | app=system |
"{B89ADABB-5765-4EF5-AC95-088EAC5B2229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3B2F0A7-03A5-4924-AC78-892371AD1E3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D36E159F-2510-4984-97E2-10B2B0690794}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DBFA73EF-0BD7-4195-B509-C29DD85CE9D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF12E20A-C01D-4ABE-BBBD-58C18CBF4407}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{E8CD6107-E436-443E-ABF4-AF4C958680F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB1407F1-E0A3-44E1-9370-95B8BC909440}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F32E33B2-EA5B-4B72-B899-CD0D76A21872}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{1EF9AC67-C2AB-4CC9-BF41-183DB87AD6BE}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"TCP Query User{8B1648BE-CDEE-4B5C-982F-9D2FD6F55D96}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C93EDE71-3941-477B-BDC8-9E082204F380}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EC20AB66-CDC5-4CC4-9A4F-59DBE407C27B}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"UDP Query User{4853ECC6-8D95-4742-9632-E77EA2699825}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"UDP Query User{4D3EBD1C-A7E2-4B2D-AC60-6A19FB3E5EE2}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"UDP Query User{66C4C244-B793-44C5-8F12-F35891E1272B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{858D137D-FF21-4CA0-B535-B43D400270E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DBC38C9-D776-3050-FD3E-F4B5E99CCDDC}" = AMD Fuel
"{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64
"{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders
"{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish
"{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard
"{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2010100b-ec0d-4b02-be23-f2ad4a498994}" = Nero 9
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = AMD VISION Engine Control Center
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean
"{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All
"{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian
"{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai
"{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian
"{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional
"{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish
"0630-0716-3135-7887" = JDownloader 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/25/2012 4:47:24 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500
Description =
 
Error - 6/25/2012 4:47:27 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500
Description =
 
Error - 6/25/2012 11:09:16 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/25/2012 2:35:13 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xef4  Startzeit der fehlerhaften Anwendung:
 0x01cd530063fc409b  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 7fdb03c3-bef4-11e1-92d2-e0cb4e111fc8
 
Error - 6/25/2012 2:55:20 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x10e4  Startzeit der fehlerhaften Anwendung:
 0x01cd5302960dbd1d  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 4f995e7d-bef7-11e1-92d2-e0cb4e111fc8
 
Error - 6/25/2012 6:31:22 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/26/2012 4:14:37 AM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.0.4534,
 Zeitstempel: 0x4fc8243c  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
0x65ae9903  ID des fehlerhaften Prozesses: 0xf48  Startzeit der fehlerhaften Anwendung:
 0x01cd537318f64c93  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 f7b72562-bf66-11e1-92d2-e0cb4e111fc8
 
Error - 6/26/2012 6:30:55 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/27/2012 2:25:21 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung:
 0x01cd548fc6ac21f5  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 741d4901-c085-11e1-92d2-e0cb4e111fc8
 
Error - 6/28/2012 3:46:36 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >

markusg 12.07.2012 18:04
hi
füge im script deinen nutzernamen ein.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer)
 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

Sarama 13.07.2012 13:51
so hier der OTL Log:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Sarama\AppData\Local\Temp\zfguvbsoiblghw.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sarama
->Flash cache emptied: 10589 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sarama
->Temp folder emptied: 2787351295 bytes
->Temporary Internet Files folder emptied: 268615625 bytes
->Java cache emptied: 603 bytes
->FireFox cache emptied: 826553248 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141485289 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46360731 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,882.00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_114351

Files\Folders moved on Reboot...
C:\Users\Sarama\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Sarama\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
übrigens geht jetzt Internet wieder und kommt und das auch im normalen Modus. und der Task-Manager geht auch wieder aufzurufen, den hatte der Trojaner auch blockiert.

Vielen Dank schonmal. Soll ich trotzdem noch was machen?
Und was meinst du mit "Benutzernamen in Script einfügen"?
Meinst du, da wo die XXXX stehen?

LG!

markusg 13.07.2012 17:05
ja genau da :-)
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sarama 13.07.2012 23:24
Hier der ComboFix Log:

[code]
Combofix Logfile:
Code:
ComboFix 12-07-13.03 - Sarama 13.07.2012  23:34:39.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.2315 [GMT 2:00]
ausgeführt von:: c:\users\Sarama\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\windows\SysWow64\muzapp.exe
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 21:55 . 2012-07-13 21:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-13 21:31 . 2012-07-13 21:31        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-07-13 21:30 . 2012-07-13 21:30        --------        d-----w-        c:\program files (x86)\Oracle
2012-07-13 21:29 . 2012-07-13 21:29        --------        d-----w-        c:\program files (x86)\Java
2012-07-13 12:53 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-13 12:39 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-13 12:39 . 2012-06-06 06:06        1881600        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-13 12:39 . 2012-06-06 05:05        1390080        ----a-w-        c:\windows\SysWow64\msxml6.dll
2012-07-13 12:39 . 2012-06-06 05:05        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-07-13 12:39 . 2010-06-26 03:55        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2012-07-13 12:39 . 2010-06-26 03:24        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2012-07-13 12:37 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{62DFFB58-51CF-423E-B612-

3C0AFE1DEFB2}\mpengine.dll
2012-07-13 09:43 . 2012-07-13 09:43        --------        d-----w-        C:\_OTL
2012-07-06 15:13 . 2012-07-06 15:13        --------        d-----w-        c:\users\Sarama\AppData\Local\ElevatedDiagnostics
2012-07-06 10:52 . 2012-07-06 10:52        --------        d-----w-        c:\users\Sarama\AppData\Roaming\Malwarebytes
2012-07-06 10:52 . 2012-07-06 10:52        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-06 10:52 . 2012-07-06 10:52        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 10:52 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-05 17:30 . 2012-07-05 17:30        --------        d-----w-        c:\program files (x86)\JDownloader
2012-07-05 17:30 . 2012-07-05 17:30        --------        d-----w-        c:\program files (x86)\Brotherhood Software
2012-07-04 21:35 . 2012-07-12 21:47        --------        d-----w-        c:\program files (x86)\JDownloader 2
2012-07-04 20:52 . 2012-07-04 20:52        --------        d-----w-        c:\program files (x86)\v-Grabber
2012-07-04 20:52 . 2012-07-04 20:52        --------        d-----w-        c:\program files (x86)\Yontoo
2012-07-04 20:52 . 2012-07-04 20:52        --------        d-----w-        c:\programdata\Tarma Installer
2012-07-04 20:29 . 2012-07-07 10:25        --------        d-----w-        c:\users\Sarama\AppData\Local\Captcha_Brotherhood
2012-07-02 22:21 . 2012-07-02 22:21        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2012-06-30 13:54 . 2012-06-30 13:59        --------        d-----w-        c:\users\Sarama\AppData\Roaming\Nero
2012-06-30 13:23 . 2012-06-30 13:39        --------        d-----w-        c:\program files (x86)\Nero
2012-06-30 13:22 . 2012-06-30 13:53        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2012-06-30 13:22 . 2012-06-30 13:30        --------        d-----w-        c:\programdata\Nero
2012-06-30 13:13 . 2000-06-26 08:45        106496        ----a-w-        c:\windows\SysWow64\TwnLib20.dll
2012-06-30 13:13 . 2012-06-30 13:13        --------        d-----w-        c:\program files (x86)\Common Files\Ahead
2012-06-30 13:13 . 2001-07-09 08:50        155648        ----a-w-        c:\windows\SysWow64\NeroCheck.exe
2012-06-30 13:13 . 2012-06-30 13:47        --------        d-----w-        c:\program files (x86)\Ahead
2012-06-25 11:03 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-25 11:03 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-25 11:03 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-25 11:03 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-25 11:03 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-25 11:03 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-25 11:03 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-25 11:03 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-25 11:03 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-24 08:28 . 2012-06-24 08:28        --------        d-----w-        c:\program files (x86)\Microsoft
2012-06-21 18:55 . 2012-06-21 18:55        --------        d-----w-        c:\programdata\TechSmith
2012-06-21 18:55 . 2012-06-21 18:55        --------        d-----w-        c:\users\Sarama\AppData\Local\TechSmith
2012-06-21 18:55 . 2012-06-21 18:55        --------        d-----w-        c:\program files (x86)\TechSmith
2012-06-17 09:41 . 2012-06-17 09:41        --------        d-----w-        c:\programdata\McAfee Security Scan
2012-06-17 09:41 . 2012-06-17 09:41        --------        d-----w-        c:\programdata\McAfee
2012-06-17 09:41 . 2012-06-27 09:42        --------        d-----w-        c:\program files (x86)\McAfee Security Scan
2012-06-17 09:24 . 2012-06-17 09:24        --------        d-----w-        c:\users\Sarama\AppData\Roaming\Media Player Classic
2012-06-17 09:21 . 2011-03-02 10:43        175616        ----a-w-        c:\windows\SysWow64\unrar.dll
2012-06-17 09:21 . 2012-06-17 09:22        --------        d-----w-        c:\program files (x86)\K-Lite Codec Pack
2012-06-17 09:13 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-17 09:13 . 2011-01-17 11:09        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-06-17 09:13 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-06-17 09:13 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll
2012-06-17 09:13 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll
2012-06-16 20:27 . 2012-06-16 20:27        --------        d-----w-        c:\users\Sarama\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:06 . 2012-05-15 19:24        772544        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 20:06 . 2012-05-15 19:24        687544        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-06-17 09:41 . 2012-05-16 21:38        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 09:41 . 2012-05-16 21:38        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 10:25 . 2012-05-15 17:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-29 20:42 . 2011-03-28 16:36        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-21 02:09 . 2012-05-25 13:21        99384        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-05-21 02:09 . 2012-05-25 13:21        203320        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-05-19 07:52 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-05-19 07:52 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-05-16 19:31 . 2012-05-16 19:31        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-16 19:31 . 2012-05-16 19:31        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-05-16 19:31 . 2012-05-16 19:31        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-05-16 19:31 . 2012-05-16 19:31        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-16 19:31 . 2012-05-16 19:31        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-05-16 19:31 . 2012-05-16 19:31        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-05-16 19:31 . 2012-05-16 19:31        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-05-16 19:31 . 2012-05-16 19:31        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-05-16 19:31 . 2012-05-16 19:31        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-05-16 19:31 . 2012-05-16 19:31        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-05-16 19:31 . 2012-05-16 19:31        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-05-16 19:31 . 2012-05-16 19:31        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-05-16 19:31 . 2012-05-16 19:31        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-05-16 19:31 . 2012-05-16 19:31        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-05-16 19:31 . 2012-05-16 19:31        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-05-16 19:31 . 2012-05-16 19:31        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-05-16 19:31 . 2012-05-16 19:31        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-05-16 19:31 . 2012-05-16 19:31        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-05-16 19:31 . 2012-05-16 19:31        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-05-16 19:31 . 2012-05-16 19:31        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-05-16 19:31 . 2012-05-16 19:31        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-05-16 19:31 . 2012-05-16 19:31        448512        ----a-w-        c:\windows\system32\html.iec
2012-05-16 19:31 . 2012-05-16 19:31        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-05-16 19:31 . 2012-05-16 19:31        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-05-16 19:31 . 2012-05-16 19:31        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-05-16 19:31 . 2012-05-16 19:31        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-05-16 19:31 . 2012-05-16 19:31        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-05-16 19:31 . 2012-05-16 19:31        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-05-16 19:31 . 2012-05-16 19:31        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-05-16 19:31 . 2012-05-16 19:31        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-05-16 19:31 . 2012-05-16 19:31        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-05-16 19:31 . 2012-05-16 19:31        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-05-15 20:14 . 2012-05-15 20:14        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-15 18:40 . 2012-05-15 17:36        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-15 18:40 . 2012-05-15 17:36        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-15 08:24 . 2012-05-15 08:24        520192        ----a-w-        c:\windows\SysWow64\ASUS_Screensaver.scr
2012-05-15 08:24 . 2012-05-15 08:24        3054136        ----a-w-        c:\windows\AsScrPro.exe
2012-05-15 08:24 . 2012-05-15 08:24        35384        ----a-w-        c:\windows\system32\drivers\AsDsm.sys
2012-05-04 11:06 . 2012-06-13 19:10        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 19:10        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 19:10        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55 . 2012-06-13 19:10        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 19:10        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 19:10        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 19:10        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08        143360        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-15 348624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 7168]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer

\CLMSMonitorService.exe [2011-09-02 75048]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02

292136]
R4 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-13 113120]
R4 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/15 22:14];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 10:08

148976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 FastBootAgent;FastBootAgent;c:\windows\system32\FBAgent.exe [2009-08-22 356480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [2009-05-18 343592]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52        159744        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sarama\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - user.js: extentions.y2layers.installId - 6cdfe064-5e3b-4a6a-a60f-56ace05554d3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-14  00:06:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-13 22:06
.
Vor Suchlauf: 9 Verzeichnis(se), 45.446.541.312 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 44.821.016.576 Bytes frei
.
- - End Of File - - 27F6020677E2982042FA3C992648CB7A
--- --- ---

markusg 15.07.2012 20:27
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Sarama 15.07.2012 21:52
hier der TDSS Killer Log:

Code:
22:42:52.0234 2104        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
22:42:52.0520 2104        ============================================================
22:42:52.0520 2104        Current date / time: 2012/07/15 22:42:52.0520
22:42:52.0520 2104        SystemInfo:
22:42:52.0520 2104       
22:42:52.0520 2104        OS Version: 6.1.7601 ServicePack: 1.0
22:42:52.0520 2104        Product type: Workstation
22:42:52.0520 2104        ComputerName: SARAMA
22:42:52.0521 2104        UserName: Sarama
22:42:52.0521 2104        Windows directory: C:\Windows
22:42:52.0521 2104        System windows directory: C:\Windows
22:42:52.0521 2104        Running under WOW64
22:42:52.0521 2104        Processor architecture: Intel x64
22:42:52.0521 2104        Number of processors: 2
22:42:52.0521 2104        Page size: 0x1000
22:42:52.0521 2104        Boot type: Normal boot
22:42:52.0521 2104        ============================================================
22:42:54.0199 2104        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:54.0205 2104        ============================================================
22:42:54.0205 2104        \Device\Harddisk0\DR0:
22:42:54.0205 2104        MBR partitions:
22:42:54.0205 2104        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x950A600
22:42:54.0222 2104        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB2557B7, BlocksNum 0x1A1D7F0A
22:42:54.0222 2104        ============================================================
22:42:54.0275 2104        C: <-> \Device\Harddisk0\DR0\Partition0
22:42:54.0295 2104        D: <-> \Device\Harddisk0\DR0\Partition1
22:42:54.0295 2104        ============================================================
22:42:54.0295 2104        Initialize success
22:42:54.0296 2104        ============================================================
22:43:53.0697 5212        ============================================================
22:43:53.0697 5212        Scan started
22:43:53.0697 5212        Mode: Manual; SigCheck; TDLFS;
22:43:53.0697 5212        ============================================================
22:43:56.0481 5212        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:43:56.0637 5212        1394ohci - ok
22:43:56.0668 5212        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:43:56.0699 5212        ACPI - ok
22:43:56.0715 5212        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:43:56.0793 5212        AcpiPmi - ok
22:43:56.0949 5212        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:43:56.0964 5212        AdobeARMservice - ok
22:43:57.0245 5212        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:43:57.0261 5212        AdobeFlashPlayerUpdateSvc - ok
22:43:57.0323 5212        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:43:57.0370 5212        adp94xx - ok
22:43:57.0385 5212        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:43:57.0417 5212        adpahci - ok
22:43:57.0432 5212        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:43:57.0463 5212        adpu320 - ok
22:43:57.0619 5212        ADSMService    (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
22:43:57.0651 5212        ADSMService ( UnsignedFile.Multi.Generic ) - warning
22:43:57.0651 5212        ADSMService - detected UnsignedFile.Multi.Generic (1)
22:43:57.0682 5212        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:43:57.0807 5212        AeLookupSvc - ok
22:43:57.0869 5212        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:43:57.0931 5212        AFD - ok
22:43:57.0978 5212        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:43:57.0994 5212        agp440 - ok
22:43:58.0025 5212        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:43:58.0072 5212        ALG - ok
22:43:58.0103 5212        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:43:58.0119 5212        aliide - ok
22:43:58.0150 5212        AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
22:43:58.0259 5212        AMD External Events Utility - ok
22:43:58.0321 5212        AMD FUEL Service - ok
22:43:58.0368 5212        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:43:58.0384 5212        amdide - ok
22:43:58.0415 5212        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:43:58.0462 5212        amdiox64 - ok
22:43:58.0493 5212        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:43:58.0540 5212        AmdK8 - ok
22:43:59.0008 5212        amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:59.0335 5212        amdkmdag - ok
22:43:59.0710 5212        amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:43:59.0772 5212        amdkmdap - ok
22:43:59.0819 5212        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:43:59.0850 5212        AmdPPM - ok
22:43:59.0881 5212        amdsata        (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys
22:43:59.0897 5212        amdsata - ok
22:43:59.0928 5212        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:43:59.0944 5212        amdsbs - ok
22:43:59.0975 5212        amdxata        (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys
22:43:59.0991 5212        amdxata - ok
22:44:00.0225 5212        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:44:00.0240 5212        AntiVirSchedulerService - ok
22:44:00.0287 5212        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:44:00.0303 5212        AntiVirService - ok
22:44:00.0349 5212        AnyDVD          (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
22:44:00.0365 5212        AnyDVD - ok
22:44:00.0443 5212        AODDriver4.1    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:44:00.0459 5212        AODDriver4.1 - ok
22:44:00.0490 5212        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:44:00.0646 5212        AppID - ok
22:44:00.0677 5212        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:44:00.0739 5212        AppIDSvc - ok
22:44:00.0786 5212        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:44:00.0833 5212        Appinfo - ok
22:44:01.0114 5212        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:44:01.0129 5212        arc - ok
22:44:01.0145 5212        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:44:01.0161 5212        arcsas - ok
22:44:01.0254 5212        AsDsm          (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
22:44:01.0270 5212        AsDsm - ok
22:44:01.0348 5212        ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
22:44:01.0363 5212        ASLDRService - ok
22:44:01.0410 5212        ASMMAP64        (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
22:44:01.0426 5212        ASMMAP64 - ok
22:44:01.0441 5212        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:01.0504 5212        AsyncMac - ok
22:44:01.0551 5212        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:44:01.0566 5212        atapi - ok
22:44:01.0707 5212        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
22:44:01.0847 5212        athr - ok
22:44:02.0627 5212        atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:02.0783 5212        atikmdag - ok
22:44:03.0157 5212        AtiPcie        (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:44:03.0173 5212        AtiPcie - ok
22:44:03.0267 5212        ATKGFNEXSrv    (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
22:44:03.0313 5212        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
22:44:03.0313 5212        ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
22:44:03.0376 5212        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:44:03.0454 5212        AudioEndpointBuilder - ok
22:44:03.0469 5212        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:44:03.0516 5212        AudioSrv - ok
22:44:03.0594 5212        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
22:44:03.0610 5212        avgntflt - ok
22:44:03.0641 5212        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
22:44:03.0657 5212        avipbb - ok
22:44:03.0672 5212        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:44:03.0688 5212        avkmgr - ok
22:44:03.0750 5212        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:44:03.0797 5212        AxInstSV - ok
22:44:03.0844 5212        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:44:03.0891 5212        b06bdrv - ok
22:44:03.0937 5212        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:44:03.0969 5212        b57nd60a - ok
22:44:04.0000 5212        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:44:04.0031 5212        BDESVC - ok
22:44:04.0062 5212        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:44:04.0125 5212        Beep - ok
22:44:04.0203 5212        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:44:04.0281 5212        BFE - ok
22:44:04.0343 5212        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:44:04.0468 5212        BITS - ok
22:44:04.0577 5212        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:04.0608 5212        blbdrive - ok
22:44:04.0639 5212        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:44:04.0671 5212        bowser - ok
22:44:04.0702 5212        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:04.0780 5212        BrFiltLo - ok
22:44:04.0780 5212        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:04.0811 5212        BrFiltUp - ok
22:44:04.0858 5212        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:44:04.0936 5212        BridgeMP - ok
22:44:04.0983 5212        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:44:05.0045 5212        Browser - ok
22:44:05.0092 5212        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:44:05.0139 5212        Brserid - ok
22:44:05.0170 5212        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:05.0201 5212        BrSerWdm - ok
22:44:05.0201 5212        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:05.0232 5212        BrUsbMdm - ok
22:44:05.0248 5212        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:05.0263 5212        BrUsbSer - ok
22:44:05.0295 5212        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:05.0310 5212        BTHMODEM - ok
22:44:05.0357 5212        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:44:05.0419 5212        bthserv - ok
22:44:05.0435 5212        catchme - ok
22:44:05.0482 5212        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:44:05.0560 5212        cdfs - ok
22:44:05.0607 5212        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:44:05.0669 5212        cdrom - ok
22:44:05.0716 5212        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:44:05.0763 5212        CertPropSvc - ok
22:44:05.0809 5212        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:44:05.0841 5212        circlass - ok
22:44:05.0887 5212        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:44:05.0919 5212        CLFS - ok
22:44:06.0199 5212        CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
22:44:06.0231 5212        CLHNServiceForPowerDVD - ok
22:44:06.0387 5212        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:06.0449 5212        clr_optimization_v2.0.50727_32 - ok
22:44:06.0543 5212        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:44:06.0621 5212        clr_optimization_v2.0.50727_64 - ok
22:44:06.0823 5212        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:07.0057 5212        clr_optimization_v4.0.30319_32 - ok
22:44:07.0213 5212        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:44:07.0369 5212        clr_optimization_v4.0.30319_64 - ok
22:44:07.0385 5212        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:07.0416 5212        CmBatt - ok
22:44:07.0447 5212        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:44:07.0463 5212        cmdide - ok
22:44:07.0510 5212        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:44:07.0588 5212        CNG - ok
22:44:07.0619 5212        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:44:07.0635 5212        Compbatt - ok
22:44:07.0666 5212        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:44:07.0697 5212        CompositeBus - ok
22:44:07.0713 5212        COMSysApp - ok
22:44:07.0728 5212        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:07.0744 5212        crcdisk - ok
22:44:07.0791 5212        CRFILTER        (64beed6775c22b0362fa9ded3f8124a1) C:\Windows\system32\DRIVERS\CRFILTER.sys
22:44:07.0822 5212        CRFILTER - ok
22:44:07.0869 5212        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:44:07.0900 5212        CryptSvc - ok
22:44:08.0118 5212        CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
22:44:08.0134 5212        CyberLink PowerDVD 11.0 Monitor Service - ok
22:44:08.0181 5212        CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
22:44:08.0196 5212        CyberLink PowerDVD 11.0 Service - ok
22:44:08.0259 5212        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:44:08.0337 5212        DcomLaunch - ok
22:44:08.0399 5212        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:44:08.0477 5212        defragsvc - ok
22:44:08.0571 5212        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:44:08.0633 5212        DfsC - ok
22:44:08.0680 5212        dg_ssudbus      (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
22:44:08.0711 5212        dg_ssudbus - ok
22:44:08.0758 5212        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:44:08.0836 5212        Dhcp - ok
22:44:08.0883 5212        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:44:08.0945 5212        discache - ok
22:44:08.0976 5212        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:44:08.0992 5212        Disk - ok
22:44:09.0039 5212        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:44:09.0070 5212        Dnscache - ok
22:44:09.0132 5212        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:44:09.0195 5212        dot3svc - ok
22:44:09.0226 5212        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:44:09.0304 5212        DPS - ok
22:44:09.0335 5212        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:44:09.0366 5212        drmkaud - ok
22:44:09.0413 5212        dtsoftbus01    (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:44:09.0444 5212        dtsoftbus01 - ok
22:44:09.0507 5212        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:44:09.0569 5212        DXGKrnl - ok
22:44:09.0631 5212        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:44:09.0694 5212        EapHost - ok
22:44:09.0850 5212        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:44:09.0975 5212        ebdrv - ok
22:44:10.0224 5212        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:44:10.0271 5212        EFS - ok
22:44:10.0411 5212        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:44:10.0489 5212        ehRecvr - ok
22:44:10.0521 5212        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:44:10.0552 5212        ehSched - ok
22:44:10.0677 5212        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:44:10.0692 5212        ElbyCDIO - ok
22:44:10.0755 5212        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:44:10.0786 5212        elxstor - ok
22:44:10.0817 5212        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:44:10.0848 5212        ErrDev - ok
22:44:10.0879 5212        ETD            (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys
22:44:10.0942 5212        ETD - ok
22:44:10.0989 5212        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:44:11.0051 5212        EventSystem - ok
22:44:11.0098 5212        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:44:11.0160 5212        exfat - ok
22:44:11.0223 5212        FastBootAgent  (b9352b6c6cc8274bdea3e59dc2e59be4) C:\Windows\system32\FBAgent.exe
22:44:11.0254 5212        FastBootAgent - ok
22:44:11.0269 5212        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:44:11.0332 5212        fastfat - ok
22:44:11.0394 5212        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:44:11.0457 5212        Fax - ok
22:44:11.0472 5212        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:44:11.0519 5212        fdc - ok
22:44:11.0550 5212        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:44:11.0597 5212        fdPHost - ok
22:44:11.0613 5212        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:44:11.0675 5212        FDResPub - ok
22:44:11.0706 5212        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:44:11.0722 5212        FileInfo - ok
22:44:11.0737 5212        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:44:11.0800 5212        Filetrace - ok
22:44:11.0800 5212        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:11.0831 5212        flpydisk - ok
22:44:11.0862 5212        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:44:11.0893 5212        FltMgr - ok
22:44:11.0956 5212        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:44:12.0018 5212        FontCache - ok
22:44:12.0112 5212        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:12.0127 5212        FontCache3.0.0.0 - ok
22:44:12.0237 5212        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:44:12.0252 5212        FsDepends - ok
22:44:12.0283 5212        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:44:12.0299 5212        Fs_Rec - ok
22:44:12.0346 5212        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:44:12.0377 5212        fvevol - ok
22:44:12.0393 5212        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:12.0408 5212        gagp30kx - ok
22:44:12.0471 5212        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:44:12.0549 5212        gpsvc - ok
22:44:12.0580 5212        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:44:12.0595 5212        hcw85cir - ok
22:44:12.0642 5212        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:44:12.0705 5212        HdAudAddService - ok
22:44:12.0720 5212        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:44:12.0751 5212        HDAudBus - ok
22:44:12.0783 5212        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:12.0814 5212        HidBatt - ok
22:44:12.0829 5212        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:44:12.0861 5212        HidBth - ok
22:44:12.0892 5212        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:44:12.0923 5212        HidIr - ok
22:44:12.0939 5212        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:44:13.0001 5212        hidserv - ok
22:44:13.0048 5212        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:44:13.0063 5212        HidUsb - ok
22:44:13.0095 5212        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:44:13.0157 5212        hkmsvc - ok
22:44:13.0188 5212        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:44:13.0219 5212        HomeGroupListener - ok
22:44:13.0266 5212        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:44:13.0297 5212        HomeGroupProvider - ok
22:44:13.0344 5212        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:44:13.0360 5212        HpSAMD - ok
22:44:13.0422 5212        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:44:13.0500 5212        HTTP - ok
22:44:13.0531 5212        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:44:13.0547 5212        hwpolicy - ok
22:44:13.0578 5212        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:44:13.0609 5212        i8042prt - ok
22:44:13.0656 5212        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:44:13.0687 5212        iaStorV - ok
22:44:13.0843 5212        ICQ Service    (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
22:44:13.0859 5212        ICQ Service - ok
22:44:14.0062 5212        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:44:14.0124 5212        idsvc - ok
22:44:14.0389 5212        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:44:14.0405 5212        iirsp - ok
22:44:14.0467 5212        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:44:14.0545 5212        IKEEXT - ok
22:44:14.0577 5212        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:44:14.0592 5212        intelide - ok
22:44:14.0623 5212        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:44:14.0639 5212        intelppm - ok
22:44:14.0686 5212        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:44:14.0764 5212        IPBusEnum - ok
22:44:14.0795 5212        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:14.0857 5212        IpFilterDriver - ok
22:44:14.0904 5212        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:44:14.0967 5212        iphlpsvc - ok
22:44:15.0013 5212        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:44:15.0045 5212        IPMIDRV - ok
22:44:15.0091 5212        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:44:15.0138 5212        IPNAT - ok
22:44:15.0154 5212        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:44:15.0232 5212        IRENUM - ok
22:44:15.0247 5212        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:44:15.0263 5212        isapnp - ok
22:44:15.0294 5212        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:44:15.0325 5212        iScsiPrt - ok
22:44:15.0341 5212        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:44:15.0357 5212        kbdclass - ok
22:44:15.0388 5212        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:44:15.0419 5212        kbdhid - ok
22:44:15.0466 5212        kbfiltr        (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
22:44:15.0481 5212        kbfiltr - ok
22:44:15.0528 5212        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:15.0544 5212        KeyIso - ok
22:44:15.0575 5212        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:44:15.0591 5212        KSecDD - ok
22:44:15.0622 5212        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:44:15.0653 5212        KSecPkg - ok
22:44:15.0669 5212        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:44:15.0731 5212        ksthunk - ok
22:44:15.0778 5212        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:44:15.0856 5212        KtmRm - ok
22:44:15.0887 5212        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:44:15.0981 5212        LanmanServer - ok
22:44:16.0027 5212        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:44:16.0074 5212        LanmanWorkstation - ok
22:44:16.0121 5212        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:44:16.0168 5212        lltdio - ok
22:44:16.0215 5212        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:44:16.0277 5212        lltdsvc - ok
22:44:16.0293 5212        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:44:16.0355 5212        lmhosts - ok
22:44:16.0386 5212        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:16.0402 5212        LSI_FC - ok
22:44:16.0417 5212        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:16.0433 5212        LSI_SAS - ok
22:44:16.0464 5212        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:16.0495 5212        LSI_SAS2 - ok
22:44:16.0511 5212        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:16.0527 5212        LSI_SCSI - ok
22:44:16.0542 5212        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:44:16.0605 5212        luafv - ok
22:44:16.0620 5212        lullaby        (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
22:44:16.0636 5212        lullaby - ok
22:44:16.0683 5212        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:44:16.0714 5212        MBAMProtector - ok
22:44:16.0807 5212        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:44:16.0870 5212        MBAMService - ok
22:44:17.0041 5212        McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
22:44:17.0073 5212        McComponentHostService - ok
22:44:17.0119 5212        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:44:17.0135 5212        Mcx2Svc - ok
22:44:17.0166 5212        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:44:17.0182 5212        megasas - ok
22:44:17.0197 5212        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:17.0229 5212        MegaSR - ok
22:44:17.0260 5212        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:44:17.0322 5212        MMCSS - ok
22:44:17.0338 5212        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:44:17.0385 5212        Modem - ok
22:44:17.0416 5212        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:44:17.0431 5212        monitor - ok
22:44:17.0463 5212        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:44:17.0478 5212        mouclass - ok
22:44:17.0509 5212        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:44:17.0541 5212        mouhid - ok
22:44:17.0587 5212        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:44:17.0603 5212        mountmgr - ok
22:44:17.0681 5212        MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:44:17.0697 5212        MozillaMaintenance - ok
22:44:17.0728 5212        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:44:17.0743 5212        mpio - ok
22:44:17.0775 5212        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:44:17.0821 5212        mpsdrv - ok
22:44:17.0884 5212        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:44:17.0962 5212        MpsSvc - ok
22:44:17.0993 5212        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:44:18.0024 5212        MRxDAV - ok
22:44:18.0055 5212        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:18.0118 5212        mrxsmb - ok
22:44:18.0149 5212        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:18.0180 5212        mrxsmb10 - ok
22:44:18.0211 5212        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:18.0258 5212        mrxsmb20 - ok
22:44:18.0305 5212        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:44:18.0321 5212        msahci - ok
22:44:18.0352 5212        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:44:18.0367 5212        msdsm - ok
22:44:18.0399 5212        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:44:18.0430 5212        MSDTC - ok
22:44:18.0461 5212        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:44:18.0523 5212        Msfs - ok
22:44:18.0523 5212        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:44:18.0586 5212        mshidkmdf - ok
22:44:18.0601 5212        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:44:18.0617 5212        msisadrv - ok
22:44:18.0648 5212        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:44:18.0711 5212        MSiSCSI - ok
22:44:18.0711 5212        msiserver - ok
22:44:18.0757 5212        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:44:18.0820 5212        MSKSSRV - ok
22:44:18.0820 5212        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:18.0882 5212        MSPCLOCK - ok
22:44:18.0882 5212        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:44:18.0929 5212        MSPQM - ok
22:44:18.0976 5212        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:44:19.0007 5212        MsRPC - ok
22:44:19.0054 5212        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:44:19.0069 5212        mssmbios - ok
22:44:19.0116 5212        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:44:19.0163 5212        MSTEE - ok
22:44:19.0194 5212        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:19.0210 5212        MTConfig - ok
22:44:19.0241 5212        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
22:44:19.0257 5212        MTsensor - ok
22:44:19.0272 5212        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:44:19.0319 5212        Mup - ok
22:44:19.0366 5212        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:44:19.0444 5212        napagent - ok
22:44:19.0491 5212        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:44:19.0537 5212        NativeWifiP - ok
22:44:19.0615 5212        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:44:19.0662 5212        NDIS - ok
22:44:19.0693 5212        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:19.0756 5212        NdisCap - ok
22:44:19.0771 5212        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:19.0834 5212        NdisTapi - ok
22:44:19.0912 5212        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:19.0959 5212        Ndisuio - ok
22:44:20.0005 5212        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:20.0068 5212        NdisWan - ok
22:44:20.0099 5212        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:44:20.0146 5212        NDProxy - ok
22:44:20.0349 5212        Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:44:20.0395 5212        Nero BackItUp Scheduler 4.0 - ok
22:44:20.0442 5212        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:44:20.0505 5212        NetBIOS - ok
22:44:20.0551 5212        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:44:20.0598 5212        NetBT - ok
22:44:20.0661 5212        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:20.0676 5212        Netlogon - ok
22:44:20.0723 5212        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:44:20.0801 5212        Netman - ok
22:44:20.0863 5212        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:44:20.0926 5212        netprofm - ok
22:44:21.0019 5212        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:21.0035 5212        NetTcpPortSharing - ok
22:44:21.0051 5212        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:21.0066 5212        nfrd960 - ok
22:44:21.0129 5212        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:44:21.0207 5212        NlaSvc - ok
22:44:21.0207 5212        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:44:21.0253 5212        Npfs - ok
22:44:21.0285 5212        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:44:21.0347 5212        nsi - ok
22:44:21.0363 5212        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:44:21.0425 5212        nsiproxy - ok
22:44:21.0519 5212        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:44:21.0597 5212        Ntfs - ok
22:44:21.0815 5212        ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
22:44:21.0831 5212        ntk_PowerDVD - ok
22:44:22.0158 5212        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:44:22.0221 5212        Null - ok
22:44:22.0252 5212        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:44:22.0267 5212        nvraid - ok
22:44:22.0299 5212        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:44:22.0314 5212        nvstor - ok
22:44:22.0361 5212        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:44:22.0377 5212        nv_agp - ok
22:44:22.0392 5212        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:44:22.0423 5212        ohci1394 - ok
22:44:22.0470 5212        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:44:22.0517 5212        p2pimsvc - ok
22:44:22.0564 5212        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:44:22.0595 5212        p2psvc - ok
22:44:22.0626 5212        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:44:22.0657 5212        Parport - ok
22:44:22.0689 5212        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:44:22.0704 5212        partmgr - ok
22:44:22.0735 5212        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:44:22.0767 5212        PcaSvc - ok
22:44:22.0813 5212        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:44:22.0829 5212        pci - ok
22:44:22.0845 5212        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:44:22.0860 5212        pciide - ok
22:44:22.0891 5212        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:22.0923 5212        pcmcia - ok
22:44:22.0923 5212        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:44:22.0938 5212        pcw - ok
22:44:23.0001 5212        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:44:23.0094 5212        PEAUTH - ok
22:44:23.0297 5212        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:44:23.0328 5212        PerfHost - ok
22:44:23.0406 5212        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:44:23.0515 5212        pla - ok
22:44:23.0562 5212        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:44:23.0609 5212        PlugPlay - ok
22:44:23.0640 5212        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:44:23.0687 5212        PNRPAutoReg - ok
22:44:23.0718 5212        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:44:23.0749 5212        PNRPsvc - ok
22:44:23.0796 5212        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:44:23.0859 5212        PolicyAgent - ok
22:44:23.0890 5212        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:44:23.0937 5212        Power - ok
22:44:24.0061 5212        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:44:24.0124 5212        PptpMiniport - ok
22:44:24.0155 5212        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:44:24.0186 5212        Processor - ok
22:44:24.0233 5212        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:44:24.0264 5212        ProfSvc - ok
22:44:24.0295 5212        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:24.0311 5212        ProtectedStorage - ok
22:44:24.0373 5212        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:44:24.0420 5212        Psched - ok
22:44:24.0498 5212        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:44:24.0576 5212        ql2300 - ok
22:44:24.0904 5212        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:24.0935 5212        ql40xx - ok
22:44:24.0966 5212        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:44:24.0997 5212        QWAVE - ok
22:44:25.0013 5212        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:44:25.0044 5212        QWAVEdrv - ok
22:44:25.0044 5212        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:44:25.0107 5212        RasAcd - ok
22:44:25.0153 5212        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:25.0216 5212        RasAgileVpn - ok
22:44:25.0247 5212        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:44:25.0309 5212        RasAuto - ok
22:44:25.0341 5212        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:25.0403 5212        Rasl2tp - ok
22:44:25.0434 5212        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:44:25.0497 5212        RasMan - ok
22:44:25.0528 5212        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:25.0590 5212        RasPppoe - ok
22:44:25.0621 5212        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:44:25.0699 5212        RasSstp - ok
22:44:25.0731 5212        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:44:25.0809 5212        rdbss - ok
22:44:25.0824 5212        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:25.0855 5212        rdpbus - ok
22:44:25.0871 5212        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:25.0918 5212        RDPCDD - ok
22:44:25.0933 5212        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:44:25.0980 5212        RDPENCDD - ok
22:44:25.0996 5212        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:44:26.0043 5212        RDPREFMP - ok
22:44:26.0074 5212        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:44:26.0121 5212        RDPWD - ok
22:44:26.0167 5212        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:44:26.0199 5212        rdyboost - ok
22:44:26.0230 5212        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:44:26.0292 5212        RemoteAccess - ok
22:44:26.0323 5212        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:44:26.0386 5212        RemoteRegistry - ok
22:44:26.0417 5212        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:44:26.0479 5212        RpcEptMapper - ok
22:44:26.0495 5212        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:44:26.0526 5212        RpcLocator - ok
22:44:26.0573 5212        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:44:26.0635 5212        RpcSs - ok
22:44:26.0667 5212        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:44:26.0729 5212        rspndr - ok
22:44:26.0760 5212        RTL8167        (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:44:26.0807 5212        RTL8167 - ok
22:44:26.0838 5212        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:26.0854 5212        SamSs - ok
22:44:26.0901 5212        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:44:26.0916 5212        sbp2port - ok
22:44:26.0947 5212        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:44:27.0010 5212        SCardSvr - ok
22:44:27.0041 5212        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:44:27.0088 5212        scfilter - ok
22:44:27.0166 5212        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:44:27.0244 5212        Schedule - ok
22:44:27.0291 5212        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:44:27.0322 5212        SCPolicySvc - ok
22:44:27.0369 5212        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:44:27.0400 5212        SDRSVC - ok
22:44:27.0509 5212        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:44:27.0571 5212        secdrv - ok
22:44:27.0603 5212        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:44:27.0665 5212        seclogon - ok
22:44:27.0696 5212        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:44:27.0759 5212        SENS - ok
22:44:27.0774 5212        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:44:27.0805 5212        SensrSvc - ok
22:44:27.0821 5212        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:44:27.0837 5212        Serenum - ok
22:44:27.0899 5212        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:44:27.0946 5212        Serial - ok
22:44:27.0977 5212        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:44:28.0008 5212        sermouse - ok
22:44:28.0055 5212        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:44:28.0102 5212        SessionEnv - ok
22:44:28.0117 5212        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:44:28.0149 5212        sffdisk - ok
22:44:28.0164 5212        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:44:28.0180 5212        sffp_mmc - ok
22:44:28.0195 5212        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:44:28.0227 5212        sffp_sd - ok
22:44:28.0258 5212        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:28.0289 5212        sfloppy - ok
22:44:28.0351 5212        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:44:28.0429 5212        SharedAccess - ok
22:44:28.0476 5212        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:44:28.0539 5212        ShellHWDetection - ok
22:44:28.0585 5212        SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
22:44:28.0601 5212        SiSGbeLH - ok
22:44:28.0601 5212        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:28.0617 5212        SiSRaid2 - ok
22:44:28.0632 5212        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:28.0679 5212        SiSRaid4 - ok
22:44:28.0695 5212        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:44:28.0741 5212        Smb - ok
22:44:28.0788 5212        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:44:28.0819 5212        SNMPTRAP - ok
22:44:28.0944 5212        SNP2UVC        (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:44:29.0007 5212        SNP2UVC - ok
22:44:29.0350 5212        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:44:29.0365 5212        spldr - ok
22:44:29.0428 5212        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:44:29.0490 5212        Spooler - ok
22:44:29.0662 5212        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:44:29.0818 5212        sppsvc - ok
22:44:30.0114 5212        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:44:30.0161 5212        sppuinotify - ok
22:44:30.0301 5212        SRS_PremiumSound_Service (ac51533c7eeb05aa02b294a60e946238) C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys
22:44:30.0333 5212        SRS_PremiumSound_Service - ok
22:44:30.0411 5212        SRS_VolSync_Service (4f4b88e2fb91aeef0251f627bd7ae322) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
22:44:30.0442 5212        SRS_VolSync_Service - ok
22:44:30.0489 5212        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:44:30.0567 5212        srv - ok
22:44:30.0598 5212        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:44:30.0629 5212        srv2 - ok
22:44:30.0645 5212        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:44:30.0676 5212        srvnet - ok
22:44:30.0738 5212        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:44:30.0801 5212        SSDPSRV - ok
22:44:30.0816 5212        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:44:30.0863 5212        SstpSvc - ok
22:44:30.0910 5212        ssudmdm        (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:44:30.0925 5212        ssudmdm - ok
22:44:30.0941 5212        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:44:30.0957 5212        stexstor - ok
22:44:31.0019 5212        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:44:31.0081 5212        stisvc - ok
22:44:31.0128 5212        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:44:31.0144 5212        swenum - ok
22:44:31.0191 5212        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:44:31.0269 5212        swprv - ok
22:44:31.0362 5212        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:44:31.0456 5212        SysMain - ok
22:44:31.0705 5212        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:44:31.0752 5212        TabletInputService - ok
22:44:31.0783 5212        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:44:31.0846 5212        TapiSrv - ok
22:44:31.0877 5212        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:44:31.0939 5212        TBS - ok
22:44:32.0111 5212        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:44:32.0205 5212        Tcpip - ok
22:44:32.0626 5212        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:44:32.0673 5212        TCPIP6 - ok
22:44:33.0016 5212        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:44:33.0063 5212        tcpipreg - ok
22:44:33.0094 5212        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:44:33.0125 5212        TDPIPE - ok
22:44:33.0156 5212        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:44:33.0172 5212        TDTCP - ok
22:44:33.0203 5212        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:44:33.0250 5212        tdx - ok
22:44:33.0297 5212        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:44:33.0312 5212        TermDD - ok
22:44:33.0343 5212        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:44:33.0421 5212        TermService - ok
22:44:33.0453 5212        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:44:33.0484 5212        Themes - ok
22:44:33.0531 5212        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:44:33.0562 5212        THREADORDER - ok
22:44:33.0593 5212        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:44:33.0655 5212        TrkWks - ok
22:44:33.0718 5212        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:44:33.0796 5212        TrustedInstaller - ok
22:44:33.0827 5212        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:33.0874 5212        tssecsrv - ok
22:44:33.0905 5212        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:44:33.0936 5212        TsUsbFlt - ok
22:44:33.0999 5212        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:44:34.0045 5212        tunnel - ok
22:44:34.0077 5212        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:44:34.0092 5212        uagp35 - ok
22:44:34.0139 5212        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:44:34.0217 5212        udfs - ok
22:44:34.0248 5212        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:44:34.0279 5212        UI0Detect - ok
22:44:34.0326 5212        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:44:34.0342 5212        uliagpkx - ok
22:44:34.0357 5212        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:44:34.0389 5212        umbus - ok
22:44:34.0420 5212        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:44:34.0451 5212        UmPass - ok
22:44:34.0498 5212        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:44:34.0591 5212        upnphost - ok
22:44:34.0607 5212        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:34.0638 5212        usbccgp - ok
22:44:34.0685 5212        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:44:34.0716 5212        usbcir - ok
22:44:34.0747 5212        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:44:34.0779 5212        usbehci - ok
22:44:34.0810 5212        usbfilter      (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys
22:44:34.0810 5212        usbfilter - ok
22:44:34.0857 5212        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:44:34.0903 5212        usbhub - ok
22:44:34.0919 5212        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:44:34.0966 5212        usbohci - ok
22:44:34.0997 5212        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:44:35.0028 5212        usbprint - ok
22:44:35.0059 5212        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:44:35.0091 5212        usbscan - ok
22:44:35.0122 5212        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:35.0153 5212        USBSTOR - ok
22:44:35.0184 5212        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:44:35.0200 5212        usbuhci - ok
22:44:35.0247 5212        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:44:35.0278 5212        usbvideo - ok
22:44:35.0340 5212        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:44:35.0403 5212        UxSms - ok
22:44:35.0434 5212        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:44:35.0449 5212        VaultSvc - ok
22:44:35.0496 5212        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:44:35.0512 5212        vdrvroot - ok
22:44:35.0574 5212        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:44:35.0637 5212        vds - ok
22:44:35.0683 5212        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:35.0699 5212        vga - ok
22:44:35.0715 5212        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:44:35.0777 5212        VgaSave - ok
22:44:35.0808 5212        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:44:35.0824 5212        vhdmp - ok
22:44:35.0949 5212        VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
22:44:36.0042 5212        VIAHdAudAddService - ok
22:44:36.0073 5212        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:44:36.0089 5212        viaide - ok
22:44:36.0105 5212        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:44:36.0120 5212        volmgr - ok
22:44:36.0167 5212        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:44:36.0198 5212        volmgrx - ok
22:44:36.0214 5212        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:44:36.0245 5212        volsnap - ok
22:44:36.0292 5212        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:36.0307 5212        vsmraid - ok
22:44:36.0401 5212        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:44:36.0510 5212        VSS - ok
22:44:36.0853 5212        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:44:36.0885 5212        vwifibus - ok
22:44:36.0900 5212        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:44:36.0916 5212        vwififlt - ok
22:44:36.0978 5212        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:44:37.0041 5212        W32Time - ok
22:44:37.0056 5212        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:44:37.0087 5212        WacomPen - ok
22:44:37.0119 5212        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:44:37.0165 5212        WANARP - ok
22:44:37.0165 5212        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:44:37.0212 5212        Wanarpv6 - ok
22:44:37.0618 5212        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:44:37.0696 5212        wbengine - ok
22:44:37.0946 5212        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:44:37.0992 5212        WbioSrvc - ok
22:44:38.0024 5212        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:44:38.0070 5212        wcncsvc - ok
22:44:38.0102 5212        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:44:38.0133 5212        WcsPlugInService - ok
22:44:38.0258 5212        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:44:38.0273 5212        Wd - ok
22:44:38.0320 5212        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:44:38.0367 5212        Wdf01000 - ok
22:44:38.0367 5212        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:44:38.0414 5212        WdiServiceHost - ok
22:44:38.0414 5212        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:44:38.0445 5212        WdiSystemHost - ok
22:44:38.0492 5212        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:44:38.0538 5212        WebClient - ok
22:44:38.0585 5212        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:44:38.0648 5212        Wecsvc - ok
22:44:38.0679 5212        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:44:38.0741 5212        wercplsupport - ok
22:44:38.0757 5212        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:44:38.0819 5212        WerSvc - ok
22:44:38.0928 5212        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:38.0975 5212        WfpLwf - ok
22:44:38.0975 5212        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:44:38.0991 5212        WIMMount - ok
22:44:39.0069 5212        WinDefend - ok
22:44:39.0069 5212        WinHttpAutoProxySvc - ok
22:44:39.0225 5212        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:44:39.0287 5212        Winmgmt - ok
22:44:39.0381 5212        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:44:39.0506 5212        WinRM - ok
22:44:39.0864 5212        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:39.0896 5212        WinUsb - ok
22:44:39.0958 5212        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:44:40.0020 5212        Wlansvc - ok
22:44:40.0192 5212        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:44:40.0286 5212        wlidsvc - ok
22:44:40.0676 5212        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:44:40.0691 5212        WmiAcpi - ok
22:44:40.0847 5212        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:44:40.0894 5212        wmiApSrv - ok
22:44:40.0972 5212        WMPNetworkSvc - ok
22:44:41.0003 5212        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:44:41.0034 5212        WPCSvc - ok
22:44:41.0066 5212        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:44:41.0097 5212        WPDBusEnum - ok
22:44:41.0128 5212        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:44:41.0175 5212        ws2ifsl - ok
22:44:41.0206 5212        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:44:41.0253 5212        wscsvc - ok
22:44:41.0253 5212        WSearch - ok
22:44:41.0378 5212        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:44:41.0487 5212        wuauserv - ok
22:44:41.0814 5212        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:44:41.0861 5212        WudfPf - ok
22:44:41.0892 5212        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:41.0939 5212        WUDFRd - ok
22:44:41.0970 5212        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:44:42.0017 5212        wudfsvc - ok
22:44:42.0064 5212        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:44:42.0111 5212        WwanSvc - ok
22:44:42.0345 5212        {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
22:44:42.0376 5212        {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
22:44:42.0407 5212        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:44:43.0484 5212        \Device\Harddisk0\DR0 - ok
22:44:43.0484 5212        Boot (0x1200)  (367c7cbdd2441f252043f95881c6b7b7) \Device\Harddisk0\DR0\Partition0
22:44:43.0484 5212        \Device\Harddisk0\DR0\Partition0 - ok
22:44:43.0499 5212        Boot (0x1200)  (4f2d9a4a4b41def6978a973084681218) \Device\Harddisk0\DR0\Partition1
22:44:43.0499 5212        \Device\Harddisk0\DR0\Partition1 - ok
22:44:43.0499 5212        ============================================================
22:44:43.0499 5212        Scan finished
22:44:43.0499 5212        ============================================================
22:44:43.0515 5780        Detected object count: 2
22:44:43.0515 5780        Actual detected object count: 2
22:44:58.0678 5780        ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:58.0678 5780        ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:58.0678 5780        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:58.0678 5780        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:46:48.0589 5340        Deinitialize success

markusg 17.07.2012 21:56
hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Sarama 17.07.2012 22:37
hier die Liste. Hoffe, die passt so

Code:
Acrobat.com        Adobe Systems Incorporated                                notwendig
Adobe AIR        Adobe Systems Inc.                                        unbekannt
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated                notwendig
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        notwendig
AMD Catalyst Install Manager        Advanced Micro Devices, Inc.                notwendig
AMD USB Filter Driver        Advanced Micro Devices, Inc.                        notwendig
ASUS CopyProtect                                                        unbekannt
ASUS Data Security Manager                                                notwendig
ASUS FancyStart        ASUSTeK Computer Inc.                                        unbekannt
ASUS LifeFrame3        ASUS                        notwendig
ASUS Live Update                        notwendig
ASUS MultiFrame        ASUS                        notwendig
ASUS Power4Gear Hybrid                        notwendig
ASUS SmartLogon        ASUS                        notwendig
ASUS Splendid Video Enhancement Technology        notwendig
ASUS_Screensaver                                unnötig       
Atheros Client Installation Program                unbekannt
ATK Generic Function Service                        unbekannt
ATK Hotkey        ASUS                                unbekannt
ATK Media        ASUS                                unbekannt
ATKOSD2        ASUS                                        unbekannt
Avira Free Antivirus        Avira                        notwendig
Captcha Brotherhood                                notwendig
CCleaner        Piriform                        notwendig
ControlDeck        ASUS                                unbekannt
CyberLink PowerDVD 11        CyberLink Corp.                notwendig
DVDFab 8.1.7.8 (17/04/2012) Qt        Fengtao Software Inc.                notwendig       
ETDWare PS/2-x64 7.0.5.5_WHQL                                        unbekannt               
Fast Boot        ASUS                                                unbekannt
FreeRIP v3.2        MGShareware                                        notwendig
ICQ Toolbar        ICQ                                                unnötig
ICQ7.5        ICQ                                                        notwendig
Java(TM) 7 Update 5                                                notwendig
JavaFX 2.1.1        Oracle Corporation                                unbekannt
JDownloader 2        AppWork GmbH                                        notwendig
K-Lite Codec Pack 8.8.0 (Full)                                        notwendig
LastPass (uninstall only)        LastPass                        notwendig               
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation                        notwendig
McAfee Security Scan Plus        McAfee, Inc.                                                        unnötig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation                                unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation                unbekannt
Microsoft Office Live Add-in 1.5        Microsoft Corporation                                        unbekannt
Microsoft Office XP Professional mit FrontPage        Microsoft Corporation                                notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation                                unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation                                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation                unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation                unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation                unbekannt
Mozilla Firefox 14.0 (x86 de)        Mozilla                                notwendig
Mozilla Maintenance Service        Mozilla                                    unbekannt
Mp3tag v2.50        Florian Heidenreich                                notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation                unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation                unbekannt
Multimedia Card Reader                                                notwendig
Nero 9        Nero AG                                                            notwendig       
Realtek 8136 8168 8169 Ethernet Driver        Realtek                            notwendig
Samsung Kies        Samsung Electronics Co., Ltd.                        notwendig
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.                notwendig
SnagIt 8        TechSmith Corporation                                                unnötig
SRS Premium Sound        SRS Labs, Inc.                                                notwendig
USB 2.0 1.3M UVC WebCam                                                                notwendig               
VIA Platform Device Manager        VIA Technologies, Inc.                notwendig
VLC media player 2.0.1        VideoLAN                                notwendig
Winamp        Nullsoft, Inc                                                notwendig
Winamp Anwendungserkennung        Nullsoft, Inc                        notwendig
Windows Live Essentials        Microsoft Corporation                        unbekannt
WinFlash        ASUS                                                unbekannt
WinRAR                                                                notwendig       
Wireless Console 3        ASUS                                        notwendig
Yontoo 1.10.02        Yontoo LLC                                        unbekannt

markusg 19.07.2012 20:34
deinstaliere:
Adobe Flash Player alle
http://get.adobe.com/de/flashplayer/
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ICQ Toolbar
McAfee
SnagIt
Windows Live
Yontoo

öffne ccleaner analysieren starten.
öffne otl, cleanup, pc startet neu, testen wie das system läuft

Sarama 21.07.2012 12:17
Alles gemacht. Bis jetzt läuft PC gut.
Vielen Dank schonmal für alles. Echt tolled Forum :)

Werde mich auch mit einer kleinen Spende erkenntlich zeigen ;)

Soll bzw. kann ich noch was machen?

LG! Randy

markusg 25.07.2012 18:01
danke fürs spenden.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

Sarama 26.07.2012 22:07
Hab einiges schon gemacht. Danke nochmal :)

Hab Emisoft Programm und nutze Firefox.

LG! Randy

markusg 27.07.2012 21:31
schon mal chrome angesehen? sicherer und schneller.
emsi konfig:

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das wäre es, hoffe es war verständlich.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:45 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129