| |
| |||||||
Log-Analyse und Auswertung: Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.12.2012, 14:21
| #1 |
 |  Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Hallo, ich bin auch Opfer des Polizei-Trojaners geworden: Ich werde mit einem Logo der österreichischen Polizei aufgefordert, EUR 100 zum entspreren meines Rechners zu zahlen. Ist das erste Mal unvermittelt aufgetaucht, das zweite Mal beim Starten, war nach Neustart dann aber wieder OK. Anbei Malwarebytes Anti-Malware Log. Funde habe ich wie gebeten nicht gelöscht (sind die damit automatisch in Quarantäne?). XXX ist meiner Zensur zum Opfer gefallen...: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.03.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX [Administrator] 03.12.2012 12:23:09 mbam-log-2012-12-03 (14-04-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 467899 Laufzeit: 1 Stunde(n), 38 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Vielen Dank für die Hilfe! Tom |
|
03.12.2012, 15:54
| #2 |
| /// Malware-holic   | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.12.2012, 17:04
| #3 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Hallo,
__________________danke für die rasche Antwort! OLT.txt: Code:
ATTFilter OTL logfile created on: 03.12.2012 15:59:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,63% Memory free 6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,75 Gb Total Space | 249,89 Gb Free Space | 56,06% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 9,56 Gb Free Space | 47,81% Space Free | Partition Type: FAT32 Drive Z: | 1832,31 Gb Total Space | 236,12 Gb Free Space | 12,89% Space Free | Partition Type: NTFS Computer Name: XXX | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 15:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.10.26 15:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.09.18 16:18:16 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012.09.10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.08.29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.03.23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe PRC - [2011.08.04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.03.14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2011.01.15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2010.08.15 20:40:19 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480 \Program\LogitechDesktopMessenger.exe PRC - [2010.08.06 17:52:18 | 000,636,272 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\VideoBrowser\CameraMonitor.exe PRC - [2010.02.11 09:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe PRC - [2009.11.04 14:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.12 07:31:10 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.09.12 13:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.09.12 13:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.08.15 20:40:13 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2010.07.01 19:27:10 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\VideoBrowser\pxl_m17n_tool.dll MOD - [2010.02.11 09:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe MOD - [2009.09.03 10:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll ========== Services (SafeList) ========== SRV - [2012.11.21 01:38:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.14 20:34:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32 \Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare) SRV - [2009.11.04 14:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100) SRV - [2009.09.27 17:55:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.09.12 13:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\1741.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (atikmdag) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.05.17 15:44:44 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32 \drivers\libusb0.sys -- (libusb0) DRV - [2011.03.30 12:54:32 | 001,073,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX) DRV - [2010.09.07 13:27:22 | 000,028,672 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32 \drivers\PcaSp60.sys -- (PcaSp60) DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.20 09:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.06.18 11:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2009.04.10 21:06:28 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.11.21 08:53:44 | 000,220,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) DRV - [2008.07.28 18:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.10.11 10:40:00 | 000,022,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MosIrUsb.sys -- (MosIrUsb) DRV - [2007.01.19 17:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32 \drivers\SCMNdisP.sys -- (SCMNdisP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}: {referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 4D C4 6B 31 D1 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}: {referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_deAT340 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.4.8.6 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.3 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.1.1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.13 23:16:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:38:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 01:38:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.21 01:38:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:38:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:38:46 | 000,000,000 | ---D | M] [2009.08.12 23:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2012.12.03 15:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions [2012.10.27 07:34:40 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.05.16 15:47:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.15 06:03:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.26 14:38:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.12.03 15:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged [2011.06.17 19:02:16 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\personas@christopher.beard.xpi [2012.11.12 13:53:43 | 000,342,379 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.12.03 10:54:05 | 000,035,785 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.12.03 15:08:52 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.12.03 15:08:51 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ebbh77ux.default\extensions\staged\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.21 01:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.11.21 01:38:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.24 16:55:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.24 16:55:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 16:55:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 16:55:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 16:55:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Polar Sync] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14 \ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CCF756F-10CF-4D36-B786-1E3093552477}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FDBF888-4408-4BBC-A906-BB97E26FA47D}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4192B15E-52CF-4ACF-AC53-1BCEE47113EE}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BE7AF8A-FAD4-40FE-85A6-950352AB9CCC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B7F60EF-5E7F-4675-A364-46B916C30733}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122CC82-279E-4949-AA9C-F6BC3BAE5C13}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol- 8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3a621dc1-fb43-11e0-9ee1-0026f25911e4}\Shell - "" = AutoRun O33 - MountPoints2\{3a621dc1-fb43-11e0-9ee1-0026f25911e4}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{3a621ddb-fb43-11e0-9ee1-00261865aa1f}\Shell - "" = AutoRun O33 - MountPoints2\{3a621ddb-fb43-11e0-9ee1-00261865aa1f}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{8207a51b-8a4c-11de-a56f-00261865aa1f}\Shell - "" = AutoRun O33 - MountPoints2\{8207a51b-8a4c-11de-a56f-00261865aa1f}\Shell\AutoRun\command - "" = J:\laucher.exe O33 - MountPoints2\{e3ca6d05-49f7-11df-bb49-00261865aa1f}\Shell - "" = AutoRun O33 - MountPoints2\{e3ca6d05-49f7-11df-bb49-00261865aa1f}\Shell\AutoRun\command - "" = J:\laucher.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0D70DB0C-ADFD-B541-A147-04822989C0B9} - ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {88802E62-4167-E049-E4DA-A422BEA2B05B} - Browser Customizations ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 15:57:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.11.21 01:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.19 22:28:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.19 21:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.11.13 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Mail_20121113 [2012.11.08 18:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.03 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.03 15:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.12.03 15:23:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.03 15:07:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.03 14:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 14:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 13:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.03 10:22:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.03 10:22:49 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.03 10:22:49 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.03 10:22:49 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.03 10:21:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.03 10:18:53 | 000,035,957 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.12.03 10:18:52 | 000,035,957 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.12.03 10:18:35 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.03 10:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 10:18:01 | 3211,972,608 | -HS- | M] () -- C:\hiberfil.sys [2012.12.03 10:14:58 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.21 01:17:36 | 000,205,824 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.19 22:28:10 | 000,000,782 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.18 18:40:04 | 001,725,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.13 23:16:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.03 22:56:26 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.19 22:28:10 | 000,000,782 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.19 22:28:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.03 22:56:26 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.25 09:56:03 | 000,002,048 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\cyberlabDESIGNER Prefs [2012.03.16 21:56:36 | 000,047,104 | ---- | C] () -- C:\Windows\System32\AntUsbCIv2.dll [2011.11.25 21:35:53 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Local\PUTTY.RND [2010.12.18 16:27:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.08.08 18:24:22 | 000,001,356 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [2010.06.20 20:22:00 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat [2010.04.10 18:35:53 | 000,024,206 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\UserTile.png [2009.10.05 22:25:00 | 000,001,024 | ---- | C] () -- C:\Users\XXX\.rnd [2009.08.13 00:35:33 | 000,205,824 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.13 09:33:43 | 000,035,957 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.13 09:33:43 | 000,035,957 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.10.04 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AccumulatedSummary [2009.09.02 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Aventail [2011.12.26 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\becker [2011.01.16 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CalculatedFieldsPlugin [2012.10.02 22:20:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon [2012.08.25 09:55:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\cyberlabDESIGNER [2010.12.04 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.26 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla [2012.11.21 01:11:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Free Download Manager [2012.05.24 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GARMIN [2010.06.28 18:36:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Geogrid [2010.03.01 23:31:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HighScorePlugin [2012.11.04 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JOSM [2010.12.04 09:59:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mp3tag [2009.12.08 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mquadr.at [2011.05.12 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Open XML Editor [2009.09.29 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OverlayPlugin [2010.04.10 18:35:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PeerNetworking [2009.09.29 21:18:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PerformancePredictorPlugin [2012.01.31 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Scan2PDF [2009.08.16 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.08.12 08:32:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.06.02 09:58:21 | 000,000,000 | -HSD | M] -- C:\Boot [2009.08.12 08:28:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.06.02 10:09:15 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.02 16:26:08 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.06.26 18:17:14 | 000,000,000 | ---D | M] -- C:\PCShareManagerUpload [2012.12.03 10:53:52 | 000,000,000 | ---D | M] -- C:\Program Files [2012.12.03 10:14:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.12 08:28:24 | 000,000,000 | -HSD | M] -- C:\Programme [2010.04.07 23:34:46 | 000,000,000 | RHSD | M] -- C:\RECYCLER [2012.12.03 16:01:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.08.12 08:32:22 | 000,000,000 | R--D | M] -- C:\Users [2012.11.13 23:16:09 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.10 22:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.08.13 06:19:07 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.08.13 06:19:07 | 000,001,118 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.03.28 18:10:08 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2012.10.14 20:34:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32 \DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32 \DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32 \DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32 \DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32 \DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32 \DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32 \DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows- cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows- explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows- explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows- explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows- explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows- explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe < MD5 for: IASTOR.SYS > [2008.09.12 12:48:26 | 000,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys [2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32 \DriverStore\FileRepository\iaahci.inf_3c4af4a0\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32 \DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32 \DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows- security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32 \DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32 \DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows- s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows- user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows- userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows- winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows- w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2009.10.05 22:25:02 | 000,001,024 | ---- | M] () -- C:\Users\XXX\.rnd [2012.12.03 15:59:30 | 005,767,168 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT [2012.12.03 15:59:30 | 000,262,144 | -H-- | M] () -- C:\Users\XXX\ntuser.dat.LOG1 [2009.08.12 08:32:23 | 000,000,000 | -H-- | M] () -- C:\Users\XXX\ntuser.dat.LOG2 [2012.12.03 10:15:12 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.12.03 10:15:12 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans- ms [2009.08.12 08:33:09 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans- ms [2009.08.12 08:32:23 | 000,000,020 | -HS- | M] () -- C:\Users\XXX\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 15:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,63% Memory free
6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 249,89 Gb Free Space | 56,06% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,56 Gb Free Space | 47,81% Space Free | Partition Type: FAT32
Drive Z: | 1832,31 Gb Total Space | 236,12 Gb Free Space | 12,89% Space Free | Partition Type: NTFS
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Saturn Picture Center] -- "C:\Program Files\Saturn\Saturn Picture Center\Saturn Picture Center.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7
\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7
\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02216ECA-F0BD-47AE-A7E0-59906D24F4FC}" = rport=139 | protocol=6 | dir=out | app=system |
"{4DB720EF-2D95-477E-8382-7904BE5489E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{5467AE89-C88C-4401-AFEE-C6C879C0BE29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59D0B8FB-9550-4237-A990-35208A68B3CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F748D5F-EB2F-4E4B-A5D8-2D50236F707F}" = lport=137 | protocol=17 | dir=in | app=system |
"{67C815EE-0548-47DF-B611-8D45E06EEB7D}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A5AFF9F-3F56-490A-B160-20CD5C532A90}" = rport=138 | protocol=17 | dir=out | app=system |
"{78B0D2B2-9B77-431F-8EB6-8F0A21BCF4CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A738D662-A040-4F6B-916A-F957A4980F7F}" = lport=138 | protocol=17 | dir=in | app=system |
"{C07E89B5-B71A-442F-8FAA-D3485AC0476B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C88796E8-61A9-4588-B87D-4B31B590931A}" = lport=4004 | protocol=6 | dir=in | name=medienmanager tcp port |
"{C9D585EB-DF2F-4694-A4E6-BEA9B34BC6C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D369CB1F-8EB0-4E87-BD41-38849211A8D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E75CD32D-8863-455F-B0A9-3E9413F66C3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{EBEC3F50-DC74-4D9C-8C6B-72934460FBF0}" = lport=1900 | protocol=17 | dir=in | name=medienmanager upnp broadcast |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BA13BA-84FF-414F-9E76-7A895DFB8745}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\rescue.exe |
"{17686534-6664-4944-9527-44C98E90A5E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3861E82F-997E-4FA0-B36F-2206F10FFB79}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
|
"{536DAFAC-341C-476F-8586-00F12970C713}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{54184224-55EA-406D-84F0-F1D8C79E64F3}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
|
"{5B135F37-79F3-4030-82F3-2D237BE42582}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{60ECD0FD-A078-4D36-B751-87A1839DB7C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6338BDB5-1C23-4539-B897-7F5309827C01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{63DCC56F-2601-4D34-99A3-531B2770C6A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C7CC989-02E3-47AE-88AB-8CCE7D22161A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D4FE27D-D3CF-4204-9A4E-95614EAE19CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6DE0AC03-7D54-4C4A-85E0-D7B8562E3BB1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{76F50E97-8B5A-4499-86C3-3A1867314BA4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{80118167-EBA5-4B9F-9E05-01E477988076}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\rescue.exe |
"{87DB2A85-FE93-426A-AF46-3575C8228655}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A43B7B4-AE58-4240-8F2C-B48A0C346B6C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{8CED8582-53A0-4A52-8D81-5073D83FE13E}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\qiswizard.exe |
"{8CF7402F-27AC-4E0B-ADB8-F00CC1A428B2}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480
\program\logitechdesktopmessenger.exe |
"{8D06FD49-23CB-45DE-B15D-8B3A41A252EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{90398EC4-6B96-4628-BDD7-2905BA8F672E}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\qiswizard.exe |
"{9A4F847C-E120-4D25-AA07-1C0EC55DB03A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480
\program\logitechdesktopmessenger.exe |
"{9CDD64E5-6578-4570-8860-AD0EED42C5EB}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\discovery.exe |
"{AC541F4A-B9A3-45C5-AA83-759114556CBF}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66u wireless router utilities\discovery.exe |
"{ADC49351-0F12-493C-86D4-60B893A2C7EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B291244A-9340-44E2-B9C0-CF8C99957484}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFC87E5E-2FB9-4A66-B573-BF2852CF2EBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CD3C9DEA-42C5-4CFB-9E32-4904F6A8433D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{F9096CE8-DEC5-4851-A301-AA8FDD82F363}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD3F4062-D454-4E84-B49C-5BF6A6615282}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{021B1ADE-632F-42C8-A270-87D8193F3358}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet
explorer\iexplore.exe |
"TCP Query User{0BC970A0-E7D1-4A87-B314-555E8A346200}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6
\bin\javaw.exe |
"TCP Query User{2FF3D845-FD9A-407D-B76E-DEF2F3EB4B21}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe
|
"TCP Query User{595AB770-E329-47E9-85A1-B30FF2C5E8BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6
\bin\javaw.exe |
"TCP Query User{8170F382-BADA-4C2C-AB04-E914D8516511}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free
download manager\fdm.exe |
"TCP Query User{92B83349-FE36-4EC0-B1FB-984581D895A4}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free
download manager\fdm.exe |
"TCP Query User{C2FF3E64-3ECB-4961-BB38-41A3B45B2227}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6
\bin\java.exe |
"TCP Query User{CC48E522-83BD-4704-ABB0-F1D3F3256C64}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program
files\qnap\finder\finder.exe |
"TCP Query User{F2C01355-2752-416C-ABC6-220FF2283874}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7
\bin\javaw.exe |
"TCP Query User{F5D3E301-B51C-4ECD-8318-7F0E78005AD4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program
files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FD0AC802-5C1E-48B6-B4A4-D0154D7522A5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 |
dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{0820A41C-CD78-46BE-90FA-63A3B8446F53}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6
\bin\javaw.exe |
"UDP Query User{1F962526-C1E5-4D07-995D-6364DBE5625B}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program
files\qnap\finder\finder.exe |
"UDP Query User{218C8C0A-84F6-4306-A355-DB00A5C2F2B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6
\bin\javaw.exe |
"UDP Query User{281B65D9-8879-45F1-B93C-F88416E30C42}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program
files\google\google earth\plugin\geplugin.exe |
"UDP Query User{2CE647DF-6669-47C5-B1CC-9DBC3125E8F5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program
files\videolan\vlc\vlc.exe |
"UDP Query User{34C4ED0B-DBB3-4EC4-A66F-CFB0DF92079A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6
\bin\java.exe |
"UDP Query User{5C52D926-3385-4AD0-930E-BF376D928ED0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet
explorer\iexplore.exe |
"UDP Query User{61A6C1B7-4312-4570-A8E7-DC8F6C990005}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free
download manager\fdm.exe |
"UDP Query User{7F95743E-958C-49DA-BDD0-EC22E13013E5}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17
| dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{9279885D-4AE5-4ADA-8C90-2B8EF676C7B9}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free
download manager\fdm.exe |
"UDP Query User{A20271DA-771F-4AB7-A030-FF3AE590A9FE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7
\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{38365E47-3DD2-41F4-827B-F4CF7C8EF8B3}" = Garmin BaseCamp
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}" = Garmin MapInstall
"{617FB820-123E-4A9C-A97F-9238B5878487}" = AMap Fly 5.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{88CA8932-7987-4D7A-BEE3-227BDB3CA888}" = ASUS RT-N66U Wireless Router Utilities
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1
(SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1
(SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6D17D97-44CE-402E-BBF2-B38492CBFED7}" = Garmin ANT Agent
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C7ECF049-5398-4D99-A733-6D67052308CC}" = Geogrid®-Viewer
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D79DC615-EC9F-4EFA-9482-5911168D8F32}" = VideoBrowser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F57DADA5-BF42-4AA8-9992-2F6B63F4F3AB}" = Garmin Training Center
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"AC3ACM" = AC-3 ACM Codec
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"avast" = avast! Free Antivirus
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6200 series Benutzerregistrierung" = Canon MG6200 series Benutzerregistrierung
"Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CobBackup10" = Cobian Backup 10
"Content Manager 2" = Content Manager 2
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Updater" = Google Updater
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Mp3tag" = Mp3tag v2.47b
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Open XML Editor" = Open XML Editor
"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 13.5.32.0
"QNAP_FINDER" = QNAP Finder
"QNAP_NASNetBak" = QNAP NetBak Replicator
"Saturn Picture Center" = Saturn Picture Center
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"cyberlabDESIGNER" = cyberlabDESIGNER
"JOSM" = JOSM
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:13 | Computer Name = XXX| Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:13 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
Error - 03.12.2011 16:19:14 | Computer Name = XXX | Source = Windows Search Service | ID = 3013
Description =
[ Cobian Backup Boletus VSC Service Events ]
Error - 17.11.2010 20:24:43 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
Error - 17.12.2010 20:03:54 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The creation of a shadow copy is already in progress.
Error - 10.01.2011 20:23:51 | Computer Name = XXX | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
[ System Events ]
Error - 16.11.2012 10:35:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description =
Error - 16.11.2012 10:35:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description =
Error - 16.11.2012 10:41:23 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description =
Error - 16.11.2012 10:41:23 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description =
Error - 18.11.2012 13:39:32 | Computer Name = XXX | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00261865AA1F zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%258. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 18.11.2012 13:40:44 | Computer Name = XXX | Source = DCOM | ID = 10016
Description =
Error - 03.12.2012 04:36:43 | Computer Name = XXX | Source = DCOM | ID = 10016
Description =
Error - 03.12.2012 04:36:44 | Computer Name = XXX | Source = DCOM | ID = 10016
Description =
Error - 03.12.2012 05:19:30 | Computer Name = XXX | Source = DCOM | ID = 10016
Description =
Error - 03.12.2012 05:19:40 | Computer Name = XXX | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
04.12.2012, 16:58
| #4 |
| /// Malware-holic | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 23:45
| #5 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Vielen Dank, hier ist der Log: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56516 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: ***
->Flash cache emptied: 58694 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 199002653 bytes
->Temporary Internet Files folder emptied: 236191057 bytes
->Java cache emptied: 16550337 bytes
->FireFox cache emptied: 69706060 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27183370 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 523,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12042012_230929
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter [2012.11.19 22:28:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
Danke Tom |
|
06.12.2012, 16:44
| #6 | |
| /// Malware-holic | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... |
|
06.12.2012, 20:42
| #7 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Vielen Dank. Hier der Log: Code:
ATTFilter ComboFix 12-12-04.01 - *** 06.12.2012 20:02:15.1.8 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3062.1508 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\***\AppData\Local\assembly\tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-06 bis 2012-12-06 ))))))))))))))))))))))))))))))
.
.
2012-12-06 19:11 . 2012-12-06 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-05 01:19 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{590802BB-B754-4EE6-9FF5-07F87AB11D6E}\mpengine.dll
2012-12-04 22:09 . 2012-12-04 22:09 -------- d-----w- C:\_OTL
2012-11-16 05:14 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 05:13 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-08 17:04 . 2012-11-08 17:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-03-30 05:17 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-01-23 18:21 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-01-23 18:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-01-23 18:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-01-23 18:21 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-01-23 18:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-01-23 18:20 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-01-23 18:20 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-14 19:58 . 2012-10-14 19:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-14 19:57 . 2012-10-14 19:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-14 19:57 . 2011-09-18 17:22 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-14 19:34 . 2012-04-16 18:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-14 19:34 . 2011-06-17 18:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2009-08-16 21:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 10:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-21 00:38 . 2012-11-21 00:38 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-29 981656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-2-4 25214]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-8-15 66864]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-10-9 3280896]
VideoBrowser Camera Monitor.lnk - c:\program files\PIXELA\VideoBrowser\CameraMonitor.exe [2012-6-17 636272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:34]
.
2012-12-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-12 19:19]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 05:15]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 05:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\
FF - ExtSQL: !HIDDEN! 2009-07-02 17:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Polar Sync - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-06 20:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1741.tmp"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-06 20:20:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-06 19:20
.
Vor Suchlauf: 7 Verzeichnis(se), 268.525.289.472 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 268.424.744.960 Bytes frei
.
- - End Of File - - DD136DA883D5FCEDA6D949DAACE293A7
|
|
06.12.2012, 21:11
| #8 |
| /// Malware-holic | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Hi, Anmerkung, bin von Morgen, bis Mittwoch im Urlaub. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 21:29
| #9 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Danke danke danke. TDSS killer Log Code:
ATTFilter 21:20:26.0164 0536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:20:26.0336 0536 ============================================================
21:20:26.0336 0536 Current date / time: 2012/12/06 21:20:26.0336
21:20:26.0336 0536 SystemInfo:
21:20:26.0336 0536
21:20:26.0336 0536 OS Version: 6.0.6002 ServicePack: 2.0
21:20:26.0336 0536 Product type: Workstation
21:20:26.0336 0536 ComputerName: ***
21:20:26.0336 0536 UserName: ***
21:20:26.0336 0536 Windows directory: C:\Windows
21:20:26.0336 0536 System windows directory: C:\Windows
21:20:26.0336 0536 Processor architecture: Intel x86
21:20:26.0336 0536 Number of processors: 8
21:20:26.0336 0536 Page size: 0x1000
21:20:26.0336 0536 Boot type: Normal boot
21:20:26.0336 0536 ============================================================
21:20:26.0726 0536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:20:26.0741 0536 Drive \Device\Harddisk1\DR1 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:20:26.0741 0536 ============================================================
21:20:26.0741 0536 \Device\Harddisk0\DR0:
21:20:26.0741 0536 MBR partitions:
21:20:26.0741 0536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B7F800
21:20:26.0772 0536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8030D, BlocksNum 0x2804934
21:20:26.0772 0536 \Device\Harddisk1\DR1:
21:20:26.0772 0536 MBR partitions:
21:20:26.0772 0536 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A0FC1
21:20:26.0772 0536 ============================================================
21:20:26.0835 0536 C: <-> \Device\Harddisk0\DR0\Partition1
21:20:26.0835 0536 D: <-> \Device\Harddisk0\DR0\Partition2
21:20:26.0835 0536 ============================================================
21:20:26.0835 0536 Initialize success
21:20:26.0835 0536 ============================================================
21:20:47.0380 4144 ============================================================
21:20:47.0380 4144 Scan started
21:20:47.0380 4144 Mode: Manual; SigCheck; TDLFS;
21:20:47.0380 4144 ============================================================
21:20:47.0692 4144 ================ Scan system memory ========================
21:20:47.0692 4144 System memory - ok
21:20:47.0692 4144 ================ Scan services =============================
21:20:48.0378 4144 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:20:48.0488 4144 ACPI - ok
21:20:48.0644 4144 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:20:48.0675 4144 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:20:48.0675 4144 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:20:48.0753 4144 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:20:48.0768 4144 AdobeFlashPlayerUpdateSvc - ok
21:20:48.0831 4144 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:20:48.0846 4144 adp94xx - ok
21:20:48.0893 4144 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:20:48.0909 4144 adpahci - ok
21:20:48.0924 4144 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:20:48.0940 4144 adpu160m - ok
21:20:48.0956 4144 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:20:48.0971 4144 adpu320 - ok
21:20:49.0002 4144 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:20:49.0034 4144 AeLookupSvc - ok
21:20:49.0080 4144 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:20:49.0096 4144 AFD - ok
21:20:49.0158 4144 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:20:49.0174 4144 agp440 - ok
21:20:49.0190 4144 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:20:49.0205 4144 aic78xx - ok
21:20:49.0205 4144 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:20:49.0252 4144 ALG - ok
21:20:49.0268 4144 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:20:49.0283 4144 aliide - ok
21:20:50.0438 4144 [ AAA1F9D4CF4C976C21BCA8AFA2BAE6A4 ] AllShare C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
21:20:50.0656 4144 AllShare ( UnsignedFile.Multi.Generic ) - warning
21:20:50.0656 4144 AllShare - detected UnsignedFile.Multi.Generic (1)
21:20:50.0703 4144 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:20:50.0703 4144 amdagp - ok
21:20:50.0718 4144 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:20:50.0734 4144 amdide - ok
21:20:50.0781 4144 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:20:50.0812 4144 AmdK7 - ok
21:20:50.0828 4144 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:20:50.0843 4144 AmdK8 - ok
21:20:50.0890 4144 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:20:50.0921 4144 Appinfo - ok
21:20:50.0984 4144 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:20:50.0984 4144 Apple Mobile Device - ok
21:20:51.0015 4144 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:20:51.0030 4144 arc - ok
21:20:51.0046 4144 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:20:51.0062 4144 arcsas - ok
21:20:51.0093 4144 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:20:51.0108 4144 aswFsBlk - ok
21:20:51.0155 4144 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:20:51.0155 4144 aswMonFlt - ok
21:20:51.0186 4144 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
21:20:51.0202 4144 aswRdr - ok
21:20:51.0249 4144 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:20:51.0280 4144 aswSnx - ok
21:20:51.0296 4144 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:20:51.0311 4144 aswSP - ok
21:20:51.0374 4144 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:20:51.0389 4144 aswTdi - ok
21:20:51.0420 4144 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:51.0452 4144 AsyncMac - ok
21:20:51.0498 4144 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:20:51.0498 4144 atapi - ok
21:20:51.0561 4144 [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
21:20:51.0608 4144 athrusb - ok
21:20:51.0639 4144 atikmdag - ok
21:20:51.0686 4144 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:20:51.0701 4144 AudioEndpointBuilder - ok
21:20:51.0701 4144 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:20:51.0717 4144 Audiosrv - ok
21:20:51.0779 4144 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
21:20:51.0779 4144 avast! Antivirus - ok
21:20:51.0857 4144 [ BA8494FE6EE119AAD2505A57058B282E ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
21:20:51.0904 4144 BCMH43XX - ok
21:20:51.0966 4144 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:20:52.0044 4144 Beep - ok
21:20:52.0060 4144 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:20:52.0107 4144 BFE - ok
21:20:52.0263 4144 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
21:20:52.0310 4144 BITS - ok
21:20:52.0356 4144 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:20:52.0372 4144 blbdrive - ok
21:20:52.0466 4144 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:20:52.0481 4144 Bonjour Service - ok
21:20:52.0528 4144 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:20:52.0544 4144 bowser - ok
21:20:52.0575 4144 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:20:52.0606 4144 BrFiltLo - ok
21:20:52.0606 4144 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:20:52.0668 4144 BrFiltUp - ok
21:20:52.0684 4144 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:20:52.0731 4144 Browser - ok
21:20:52.0731 4144 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:20:52.0824 4144 Brserid - ok
21:20:52.0840 4144 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:20:52.0887 4144 BrSerWdm - ok
21:20:52.0887 4144 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:20:52.0949 4144 BrUsbMdm - ok
21:20:52.0965 4144 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:20:53.0012 4144 BrUsbSer - ok
21:20:53.0027 4144 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:20:53.0058 4144 BTHMODEM - ok
21:20:53.0074 4144 catchme - ok
21:20:53.0105 4144 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:20:53.0136 4144 cdfs - ok
21:20:53.0152 4144 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:20:53.0183 4144 cdrom - ok
21:20:53.0230 4144 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:20:53.0246 4144 CertPropSvc - ok
21:20:53.0261 4144 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:20:53.0292 4144 circlass - ok
21:20:53.0308 4144 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:20:53.0324 4144 CLFS - ok
21:20:53.0386 4144 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:53.0386 4144 clr_optimization_v2.0.50727_32 - ok
21:20:53.0464 4144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:53.0464 4144 clr_optimization_v4.0.30319_32 - ok
21:20:53.0495 4144 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:20:53.0495 4144 cmdide - ok
21:20:53.0511 4144 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:20:53.0526 4144 Compbatt - ok
21:20:53.0526 4144 COMSysApp - ok
21:20:53.0526 4144 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:20:53.0542 4144 crcdisk - ok
21:20:53.0542 4144 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:20:53.0573 4144 Crusoe - ok
21:20:53.0620 4144 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:20:53.0651 4144 CryptSvc - ok
21:20:53.0698 4144 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:20:53.0729 4144 DcomLaunch - ok
21:20:53.0760 4144 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:20:53.0807 4144 DfsC - ok
21:20:53.0885 4144 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:20:54.0057 4144 DFSR - ok
21:20:54.0166 4144 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:20:54.0182 4144 Dhcp - ok
21:20:54.0228 4144 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:20:54.0228 4144 disk - ok
21:20:54.0275 4144 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:20:54.0306 4144 Dnscache - ok
21:20:54.0338 4144 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:20:54.0353 4144 dot3svc - ok
21:20:54.0384 4144 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:20:54.0400 4144 DPS - ok
21:20:54.0447 4144 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:20:54.0478 4144 drmkaud - ok
21:20:54.0525 4144 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:20:54.0540 4144 DXGKrnl - ok
21:20:54.0618 4144 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:20:54.0650 4144 E1G60 - ok
21:20:54.0696 4144 [ 64A6CF14DE229B0EDCD21FDB923E0B03 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
21:20:54.0712 4144 e1yexpress - ok
21:20:54.0759 4144 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:20:54.0790 4144 EapHost - ok
21:20:54.0852 4144 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:20:54.0868 4144 Ecache - ok
21:20:54.0899 4144 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:20:54.0915 4144 ehRecvr - ok
21:20:54.0930 4144 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:20:54.0946 4144 ehSched - ok
21:20:54.0962 4144 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:20:54.0977 4144 ehstart - ok
21:20:55.0024 4144 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:20:55.0055 4144 elxstor - ok
21:20:55.0118 4144 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:20:55.0164 4144 EMDMgmt - ok
21:20:55.0180 4144 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:20:55.0211 4144 ErrDev - ok
21:20:55.0258 4144 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:20:55.0289 4144 EventSystem - ok
21:20:55.0336 4144 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:20:55.0352 4144 exfat - ok
21:20:55.0383 4144 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:20:55.0398 4144 fastfat - ok
21:20:55.0445 4144 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:20:55.0461 4144 fdc - ok
21:20:55.0492 4144 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:20:55.0508 4144 fdPHost - ok
21:20:55.0523 4144 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:20:55.0554 4144 FDResPub - ok
21:20:55.0586 4144 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:20:55.0601 4144 FileInfo - ok
21:20:55.0617 4144 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:20:55.0648 4144 Filetrace - ok
21:20:55.0726 4144 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:20:55.0757 4144 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:20:55.0757 4144 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:20:55.0788 4144 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:55.0820 4144 flpydisk - ok
21:20:55.0835 4144 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:20:55.0851 4144 FltMgr - ok
21:20:55.0929 4144 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:20:55.0960 4144 FontCache - ok
21:20:56.0022 4144 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:20:56.0038 4144 FontCache3.0.0.0 - ok
21:20:56.0085 4144 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:20:56.0132 4144 Fs_Rec - ok
21:20:56.0147 4144 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:20:56.0163 4144 gagp30kx - ok
21:20:56.0178 4144 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:20:56.0194 4144 GEARAspiWDM - ok
21:20:56.0210 4144 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:20:56.0241 4144 gpsvc - ok
21:20:56.0303 4144 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
21:20:56.0303 4144 grmnusb - ok
21:20:56.0428 4144 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca1bd5bdf912d C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:56.0444 4144 gupdate1ca1bd5bdf912d - ok
21:20:56.0459 4144 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:56.0475 4144 gupdatem - ok
21:20:56.0506 4144 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:20:56.0522 4144 gusvc - ok
21:20:56.0568 4144 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:20:56.0600 4144 HdAudAddService - ok
21:20:56.0631 4144 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:20:56.0693 4144 HDAudBus - ok
21:20:56.0724 4144 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:20:56.0756 4144 HidBth - ok
21:20:56.0802 4144 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:20:56.0880 4144 HidIr - ok
21:20:56.0943 4144 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
21:20:57.0005 4144 hidserv - ok
21:20:57.0021 4144 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:20:57.0052 4144 HidUsb - ok
21:20:57.0083 4144 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:20:57.0114 4144 hkmsvc - ok
21:20:57.0146 4144 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:20:57.0161 4144 HpCISSs - ok
21:20:57.0192 4144 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:20:57.0224 4144 HTTP - ok
21:20:57.0317 4144 hwdatacard - ok
21:20:57.0348 4144 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:20:57.0364 4144 i2omp - ok
21:20:57.0411 4144 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:20:57.0426 4144 i8042prt - ok
21:20:57.0598 4144 [ 0D16E362B66A0C1D01B015F517129D13 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:20:57.0707 4144 IAANTMON - ok
21:20:57.0879 4144 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:20:57.0894 4144 iaStor - ok
21:20:58.0082 4144 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:20:58.0160 4144 iaStorV - ok
21:20:58.0394 4144 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:58.0472 4144 idsvc - ok
21:20:58.0503 4144 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:20:58.0518 4144 iirsp - ok
21:20:58.0534 4144 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:20:58.0581 4144 IKEEXT - ok
21:20:58.0674 4144 [ 8832E6BE80EDFD3AFCF9241AA982AD3C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:20:58.0877 4144 IntcAzAudAddService - ok
21:20:58.0940 4144 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:20:58.0955 4144 intelide - ok
21:20:59.0018 4144 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:20:59.0080 4144 intelppm - ok
21:20:59.0142 4144 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:20:59.0205 4144 IPBusEnum - ok
21:20:59.0220 4144 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:20:59.0252 4144 IpFilterDriver - ok
21:20:59.0283 4144 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:20:59.0314 4144 iphlpsvc - ok
21:20:59.0314 4144 IpInIp - ok
21:20:59.0345 4144 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:20:59.0376 4144 IPMIDRV - ok
21:20:59.0376 4144 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:20:59.0423 4144 IPNAT - ok
21:20:59.0439 4144 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:20:59.0470 4144 iPod Service - ok
21:20:59.0486 4144 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
21:20:59.0501 4144 irda - ok
21:20:59.0517 4144 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:20:59.0548 4144 IRENUM - ok
21:20:59.0564 4144 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
21:20:59.0626 4144 Irmon - ok
21:20:59.0657 4144 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:20:59.0673 4144 isapnp - ok
21:20:59.0704 4144 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:20:59.0720 4144 iScsiPrt - ok
21:20:59.0735 4144 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:20:59.0735 4144 iteatapi - ok
21:20:59.0751 4144 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:20:59.0766 4144 iteraid - ok
21:20:59.0782 4144 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:20:59.0782 4144 kbdclass - ok
21:20:59.0813 4144 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:20:59.0844 4144 kbdhid - ok
21:20:59.0876 4144 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:20:59.0922 4144 KeyIso - ok
21:20:59.0954 4144 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:20:59.0969 4144 KSecDD - ok
21:21:00.0032 4144 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:21:00.0094 4144 KtmRm - ok
21:21:00.0125 4144 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
21:21:00.0172 4144 LanmanServer - ok
21:21:00.0234 4144 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:00.0266 4144 LanmanWorkstation - ok
21:21:00.0312 4144 [ CB5D13966F74D7F000724A907F614193 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
21:21:00.0328 4144 libusb0 - ok
21:21:00.0344 4144 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:21:00.0390 4144 lltdio - ok
21:21:00.0437 4144 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:21:00.0484 4144 lltdsvc - ok
21:21:00.0500 4144 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:21:00.0531 4144 lmhosts - ok
21:21:00.0546 4144 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:21:00.0562 4144 LSI_FC - ok
21:21:00.0578 4144 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:21:00.0578 4144 LSI_SAS - ok
21:21:00.0609 4144 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:21:00.0624 4144 LSI_SCSI - ok
21:21:00.0640 4144 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:21:00.0671 4144 luafv - ok
21:21:00.0687 4144 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:21:00.0718 4144 Mcx2Svc - ok
21:21:00.0734 4144 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:21:00.0749 4144 megasas - ok
21:21:00.0812 4144 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:21:00.0827 4144 MegaSR - ok
21:21:00.0827 4144 MEMSWEEP2 - ok
21:21:01.0217 4144 Microsoft SharePoint Workspace Audit Service - ok
21:21:01.0233 4144 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:21:01.0248 4144 MMCSS - ok
21:21:01.0264 4144 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:21:01.0295 4144 Modem - ok
21:21:01.0342 4144 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:21:01.0373 4144 monitor - ok
21:21:01.0420 4144 [ 9DA04F53C26E75190E394D7C3B4A7456 ] MosIrUsb C:\Windows\system32\DRIVERS\MosIrUsb.sys
21:21:01.0436 4144 MosIrUsb - ok
21:21:01.0451 4144 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:21:01.0467 4144 mouclass - ok
21:21:01.0482 4144 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:21:01.0498 4144 mouhid - ok
21:21:01.0514 4144 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:21:01.0514 4144 MountMgr - ok
21:21:01.0545 4144 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:21:01.0560 4144 MozillaMaintenance - ok
21:21:01.0592 4144 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:21:01.0607 4144 mpio - ok
21:21:01.0623 4144 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:21:01.0654 4144 mpsdrv - ok
21:21:01.0685 4144 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:21:01.0779 4144 MpsSvc - ok
21:21:01.0841 4144 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:21:01.0857 4144 Mraid35x - ok
21:21:01.0888 4144 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:21:01.0935 4144 MRxDAV - ok
21:21:01.0966 4144 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:01.0997 4144 mrxsmb - ok
21:21:02.0013 4144 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:02.0044 4144 mrxsmb10 - ok
21:21:02.0044 4144 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:02.0075 4144 mrxsmb20 - ok
21:21:02.0122 4144 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
21:21:02.0138 4144 msahci - ok
21:21:02.0153 4144 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:21:02.0169 4144 msdsm - ok
21:21:02.0184 4144 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:21:02.0216 4144 MSDTC - ok
21:21:02.0231 4144 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:21:02.0262 4144 Msfs - ok
21:21:02.0278 4144 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:21:02.0294 4144 msisadrv - ok
21:21:02.0325 4144 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:21:02.0340 4144 MSiSCSI - ok
21:21:02.0356 4144 msiserver - ok
21:21:02.0372 4144 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:21:02.0403 4144 MSKSSRV - ok
21:21:02.0434 4144 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:02.0481 4144 MSPCLOCK - ok
21:21:02.0496 4144 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:21:02.0512 4144 MSPQM - ok
21:21:02.0528 4144 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:21:02.0543 4144 MsRPC - ok
21:21:02.0559 4144 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:02.0559 4144 mssmbios - ok
21:21:02.0574 4144 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:21:02.0590 4144 MSTEE - ok
21:21:02.0606 4144 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:21:02.0652 4144 Mup - ok
21:21:02.0668 4144 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:21:02.0715 4144 napagent - ok
21:21:02.0777 4144 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:21:02.0808 4144 NativeWifiP - ok
21:21:02.0855 4144 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:21:02.0902 4144 NDIS - ok
21:21:02.0933 4144 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:02.0980 4144 NdisTapi - ok
21:21:03.0027 4144 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:03.0042 4144 Ndisuio - ok
21:21:03.0058 4144 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:03.0089 4144 NdisWan - ok
21:21:03.0105 4144 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:21:03.0120 4144 NDProxy - ok
21:21:03.0214 4144 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:21:03.0245 4144 Nero BackItUp Scheduler 3 - ok
21:21:03.0245 4144 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:21:03.0308 4144 NetBIOS - ok
21:21:03.0323 4144 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:21:03.0354 4144 netbt - ok
21:21:03.0370 4144 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:21:03.0386 4144 Netlogon - ok
21:21:03.0401 4144 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:21:03.0432 4144 Netman - ok
21:21:03.0448 4144 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:21:03.0495 4144 netprofm - ok
21:21:03.0510 4144 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:03.0526 4144 NetTcpPortSharing - ok
21:21:03.0542 4144 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:21:03.0557 4144 nfrd960 - ok
21:21:03.0573 4144 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:21:03.0588 4144 NlaSvc - ok
21:21:03.0651 4144 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:21:03.0713 4144 NMIndexingService - ok
21:21:03.0744 4144 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:21:03.0822 4144 Npfs - ok
21:21:03.0838 4144 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:21:03.0885 4144 nsi - ok
21:21:03.0900 4144 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:21:03.0932 4144 nsiproxy - ok
21:21:03.0963 4144 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:21:03.0994 4144 Ntfs - ok
21:21:04.0041 4144 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:21:04.0088 4144 ntrigdigi - ok
21:21:04.0088 4144 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:21:04.0119 4144 Null - ok
21:21:04.0181 4144 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:21:04.0197 4144 NVHDA - ok
21:21:04.0368 4144 [ C8CB6135884CBC2A10225C4C3CEF0F95 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:04.0727 4144 nvlddmkm - ok
21:21:04.0743 4144 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:21:04.0774 4144 nvraid - ok
21:21:04.0805 4144 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:21:04.0821 4144 nvstor - ok
21:21:04.0836 4144 [ C1303870D5F9EAD4BEB68559AAB7A87B ] nvsvc C:\Windows\system32\nvvsvc.exe
21:21:04.0852 4144 nvsvc - ok
21:21:04.0868 4144 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:21:04.0883 4144 nv_agp - ok
21:21:04.0883 4144 NwlnkFlt - ok
21:21:04.0883 4144 NwlnkFwd - ok
21:21:04.0930 4144 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:21:04.0961 4144 ohci1394 - ok
21:21:05.0055 4144 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:05.0070 4144 ose - ok
21:21:05.0492 4144 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:05.0648 4144 osppsvc - ok
21:21:05.0726 4144 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:21:05.0804 4144 p2pimsvc - ok
21:21:05.0819 4144 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:21:05.0866 4144 p2psvc - ok
21:21:05.0944 4144 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:21:05.0975 4144 Parport - ok
21:21:06.0006 4144 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:21:06.0022 4144 partmgr - ok
21:21:06.0038 4144 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:21:06.0084 4144 Parvdm - ok
21:21:06.0100 4144 [ DD74552152055A8493872930A64E70DC ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys
21:21:06.0116 4144 PcaSp60 - ok
21:21:06.0131 4144 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:21:06.0162 4144 PcaSvc - ok
21:21:06.0194 4144 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:21:06.0194 4144 pci - ok
21:21:06.0225 4144 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:21:06.0225 4144 pciide - ok
21:21:06.0240 4144 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:21:06.0256 4144 pcmcia - ok
21:21:06.0303 4144 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:21:06.0350 4144 PEAUTH - ok
21:21:06.0662 4144 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:21:06.0802 4144 pla - ok
21:21:06.0849 4144 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:21:06.0864 4144 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:21:06.0864 4144 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:21:06.0911 4144 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:21:06.0974 4144 PlugPlay - ok
21:21:06.0989 4144 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:21:07.0052 4144 PNRPAutoReg - ok
21:21:07.0067 4144 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:21:07.0083 4144 PNRPsvc - ok
21:21:07.0161 4144 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:21:07.0254 4144 PolicyAgent - ok
21:21:07.0286 4144 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:21:07.0317 4144 PptpMiniport - ok
21:21:07.0332 4144 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:21:07.0364 4144 Processor - ok
21:21:07.0395 4144 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:21:07.0410 4144 ProfSvc - ok
21:21:07.0457 4144 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:07.0457 4144 ProtectedStorage - ok
21:21:07.0598 4144 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:21:07.0707 4144 PSched - ok
21:21:07.0738 4144 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:21:07.0738 4144 PxHelp20 - ok
21:21:07.0956 4144 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:21:08.0003 4144 ql2300 - ok
21:21:08.0034 4144 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:21:08.0050 4144 ql40xx - ok
21:21:08.0081 4144 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:21:08.0097 4144 QWAVE - ok
21:21:08.0097 4144 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:21:08.0112 4144 QWAVEdrv - ok
21:21:08.0128 4144 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:21:08.0159 4144 RasAcd - ok
21:21:08.0175 4144 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:21:08.0206 4144 RasAuto - ok
21:21:08.0222 4144 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:08.0253 4144 Rasl2tp - ok
21:21:08.0300 4144 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:21:08.0346 4144 RasMan - ok
21:21:08.0362 4144 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:08.0378 4144 RasPppoe - ok
21:21:08.0393 4144 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:21:08.0409 4144 RasSstp - ok
21:21:08.0440 4144 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:21:08.0456 4144 rdbss - ok
21:21:08.0471 4144 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:08.0518 4144 RDPCDD - ok
21:21:08.0534 4144 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:21:08.0549 4144 rdpdr - ok
21:21:08.0565 4144 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:21:08.0580 4144 RDPENCDD - ok
21:21:08.0612 4144 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:21:08.0643 4144 RDPWD - ok
21:21:08.0690 4144 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:21:08.0705 4144 RemoteAccess - ok
21:21:08.0736 4144 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:21:08.0768 4144 RemoteRegistry - ok
21:21:08.0846 4144 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
21:21:08.0877 4144 RimUsb - ok
21:21:08.0908 4144 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:21:08.0924 4144 RpcLocator - ok
21:21:08.0939 4144 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:21:08.0955 4144 RpcSs - ok
21:21:09.0002 4144 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:21:09.0033 4144 rspndr - ok
21:21:09.0064 4144 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:21:09.0080 4144 SamSs - ok
21:21:09.0095 4144 [ 68DE5B1E82D3DD10F5F6169522C7C88A ] SAVRKBootTasks C:\Windows\system32\SAVRKBootTasks.sys
21:21:09.0095 4144 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - warning
21:21:09.0095 4144 SAVRKBootTasks - detected UnsignedFile.Multi.Generic (1)
21:21:09.0126 4144 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:21:09.0142 4144 sbp2port - ok
21:21:09.0189 4144 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:21:09.0204 4144 SCardSvr - ok
21:21:09.0236 4144 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:21:09.0282 4144 Schedule - ok
21:21:09.0329 4144 [ 3B68015683C27CB00C7A6B60A37CBCFD ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
21:21:09.0329 4144 SCMNdisP - ok
21:21:09.0376 4144 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:21:09.0392 4144 SCPolicySvc - ok
21:21:09.0407 4144 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:21:09.0423 4144 SDRSVC - ok
21:21:09.0438 4144 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:21:09.0485 4144 secdrv - ok
21:21:09.0501 4144 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:21:09.0532 4144 seclogon - ok
21:21:09.0532 4144 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:21:09.0563 4144 SENS - ok
21:21:09.0579 4144 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:21:09.0626 4144 Serenum - ok
21:21:09.0641 4144 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:21:09.0688 4144 Serial - ok
21:21:09.0688 4144 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:21:09.0719 4144 sermouse - ok
21:21:09.0735 4144 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:21:09.0750 4144 SessionEnv - ok
21:21:09.0766 4144 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:21:09.0782 4144 sffdisk - ok
21:21:09.0797 4144 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:21:09.0860 4144 sffp_mmc - ok
21:21:09.0875 4144 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:21:09.0922 4144 sffp_sd - ok
21:21:09.0953 4144 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:21:09.0984 4144 sfloppy - ok
21:21:10.0000 4144 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:21:10.0047 4144 SharedAccess - ok
21:21:10.0062 4144 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:10.0078 4144 ShellHWDetection - ok
21:21:10.0094 4144 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:21:10.0109 4144 sisagp - ok
21:21:10.0125 4144 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:21:10.0140 4144 SiSRaid2 - ok
21:21:10.0156 4144 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:21:10.0172 4144 SiSRaid4 - ok
21:21:10.0234 4144 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:21:10.0343 4144 slsvc - ok
21:21:10.0406 4144 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:21:10.0421 4144 SLUINotify - ok
21:21:10.0437 4144 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:21:10.0452 4144 Smb - ok
21:21:10.0484 4144 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:21:10.0499 4144 SNMPTRAP - ok
21:21:10.0515 4144 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:21:10.0530 4144 spldr - ok
21:21:10.0562 4144 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:21:10.0593 4144 Spooler - ok
21:21:10.0624 4144 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:21:10.0640 4144 srv - ok
21:21:10.0655 4144 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:21:10.0671 4144 srv2 - ok
21:21:10.0686 4144 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:21:10.0702 4144 srvnet - ok
21:21:10.0733 4144 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:21:10.0749 4144 SSDPSRV - ok
21:21:10.0796 4144 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:21:10.0811 4144 SstpSvc - ok
21:21:10.0889 4144 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:21:10.0920 4144 stisvc - ok
21:21:10.0936 4144 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:21:10.0936 4144 swenum - ok
21:21:10.0998 4144 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:21:11.0061 4144 swprv - ok
21:21:11.0076 4144 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:21:11.0076 4144 Symc8xx - ok
21:21:11.0092 4144 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:21:11.0108 4144 Sym_hi - ok
21:21:11.0123 4144 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:21:11.0123 4144 Sym_u3 - ok
21:21:11.0154 4144 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:21:11.0201 4144 SysMain - ok
21:21:11.0264 4144 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:11.0295 4144 TabletInputService - ok
21:21:11.0326 4144 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:21:11.0342 4144 TapiSrv - ok
21:21:11.0388 4144 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:21:11.0451 4144 TBS - ok
21:21:11.0498 4144 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:21:11.0513 4144 Tcpip - ok
21:21:11.0529 4144 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:21:11.0591 4144 Tcpip6 - ok
21:21:11.0638 4144 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:21:11.0716 4144 tcpipreg - ok
21:21:11.0794 4144 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:21:11.0841 4144 TDPIPE - ok
21:21:11.0888 4144 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:21:11.0903 4144 TDTCP - ok
21:21:11.0934 4144 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:21:11.0966 4144 tdx - ok
21:21:11.0997 4144 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:21:11.0997 4144 TermDD - ok
21:21:12.0028 4144 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:21:12.0075 4144 TermService - ok
21:21:12.0122 4144 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:21:12.0137 4144 Themes - ok
21:21:12.0153 4144 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:21:12.0168 4144 THREADORDER - ok
21:21:12.0278 4144 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:21:12.0356 4144 TrkWks - ok
21:21:12.0449 4144 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:12.0512 4144 TrustedInstaller - ok
21:21:12.0543 4144 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:12.0558 4144 tssecsrv - ok
21:21:12.0574 4144 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:21:12.0605 4144 tunmp - ok
21:21:12.0621 4144 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:21:12.0636 4144 tunnel - ok
21:21:12.0652 4144 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:21:12.0668 4144 uagp35 - ok
21:21:12.0683 4144 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:21:12.0699 4144 udfs - ok
21:21:12.0730 4144 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:21:12.0761 4144 UI0Detect - ok
21:21:12.0777 4144 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:21:12.0792 4144 uliagpkx - ok
21:21:12.0808 4144 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:21:12.0824 4144 uliahci - ok
21:21:12.0839 4144 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:21:12.0855 4144 UlSata - ok
21:21:12.0886 4144 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:21:12.0902 4144 ulsata2 - ok
21:21:12.0933 4144 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:21:12.0948 4144 umbus - ok
21:21:12.0964 4144 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:21:12.0980 4144 upnphost - ok
21:21:13.0026 4144 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:21:13.0058 4144 USBAAPL - ok
21:21:13.0073 4144 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:13.0104 4144 usbccgp - ok
21:21:13.0136 4144 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:21:13.0182 4144 usbcir - ok
21:21:13.0229 4144 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:21:13.0245 4144 usbehci - ok
21:21:13.0260 4144 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:21:13.0292 4144 usbhub - ok
21:21:13.0307 4144 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:21:13.0338 4144 usbohci - ok
21:21:13.0370 4144 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:21:13.0401 4144 usbprint - ok
21:21:13.0432 4144 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:21:13.0448 4144 usbscan - ok
21:21:13.0448 4144 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:13.0463 4144 USBSTOR - ok
21:21:13.0479 4144 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:13.0526 4144 usbuhci - ok
21:21:13.0557 4144 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:21:13.0588 4144 UxSms - ok
21:21:13.0604 4144 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:21:13.0635 4144 vds - ok
21:21:13.0713 4144 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:13.0744 4144 vga - ok
21:21:13.0775 4144 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:21:13.0791 4144 VgaSave - ok
21:21:13.0806 4144 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:21:13.0822 4144 viaagp - ok
21:21:13.0838 4144 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:21:13.0853 4144 ViaC7 - ok
21:21:13.0900 4144 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:21:13.0916 4144 viaide - ok
21:21:13.0931 4144 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:21:13.0947 4144 volmgr - ok
21:21:13.0962 4144 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:21:13.0978 4144 volmgrx - ok
21:21:13.0978 4144 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:21:13.0994 4144 volsnap - ok
21:21:14.0040 4144 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:21:14.0056 4144 vsmraid - ok
21:21:14.0072 4144 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:21:14.0118 4144 VSS - ok
21:21:14.0165 4144 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:21:14.0181 4144 W32Time - ok
21:21:14.0196 4144 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:21:14.0228 4144 WacomPen - ok
21:21:14.0243 4144 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:21:14.0274 4144 Wanarp - ok
21:21:14.0274 4144 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:21:14.0290 4144 Wanarpv6 - ok
21:21:14.0306 4144 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:21:14.0352 4144 wcncsvc - ok
21:21:14.0384 4144 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:14.0446 4144 WcsPlugInService - ok
21:21:14.0493 4144 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:21:14.0524 4144 Wd - ok
21:21:14.0555 4144 [ 6D77FF2224D2D3984760ACBDF4024A7B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:21:14.0586 4144 Wdf01000 - ok
21:21:14.0618 4144 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:21:14.0649 4144 WdiServiceHost - ok
21:21:14.0649 4144 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:21:14.0664 4144 WdiSystemHost - ok
21:21:14.0711 4144 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:21:14.0742 4144 WebClient - ok
21:21:14.0758 4144 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:21:14.0774 4144 Wecsvc - ok
21:21:14.0789 4144 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:21:14.0820 4144 wercplsupport - ok
21:21:14.0852 4144 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:21:14.0883 4144 WerSvc - ok
21:21:14.0945 4144 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:21:14.0961 4144 WinDefend - ok
21:21:14.0961 4144 WinHttpAutoProxySvc - ok
21:21:14.0992 4144 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:21:15.0023 4144 Winmgmt - ok
21:21:15.0054 4144 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:21:15.0086 4144 WinRM - ok
21:21:15.0148 4144 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:21:15.0195 4144 Wlansvc - ok
21:21:15.0335 4144 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:15.0382 4144 wlidsvc - ok
21:21:15.0429 4144 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:21:15.0444 4144 WmiAcpi - ok
21:21:15.0476 4144 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:21:15.0491 4144 wmiApSrv - ok
21:21:15.0538 4144 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:21:15.0616 4144 WMPNetworkSvc - ok
21:21:15.0632 4144 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:21:15.0647 4144 WPCSvc - ok
21:21:15.0694 4144 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:21:15.0725 4144 WPDBusEnum - ok
21:21:15.0803 4144 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:21:15.0819 4144 WpdUsb - ok
21:21:15.0944 4144 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:21:15.0975 4144 WPFFontCache_v0400 - ok
21:21:15.0990 4144 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:21:16.0037 4144 ws2ifsl - ok
21:21:16.0053 4144 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
21:21:16.0084 4144 wscsvc - ok
21:21:16.0115 4144 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:21:16.0131 4144 WSDPrintDevice - ok
21:21:16.0162 4144 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:21:16.0193 4144 WSDScan - ok
21:21:16.0193 4144 WSearch - ok
21:21:16.0240 4144 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
21:21:16.0256 4144 WSWNDA3100 ( UnsignedFile.Multi.Generic ) - warning
21:21:16.0256 4144 WSWNDA3100 - detected UnsignedFile.Multi.Generic (1)
21:21:16.0318 4144 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:21:16.0380 4144 wuauserv - ok
21:21:16.0443 4144 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:16.0474 4144 WUDFRd - ok
21:21:16.0505 4144 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:21:16.0536 4144 wudfsvc - ok
21:21:16.0568 4144 ================ Scan global ===============================
21:21:16.0599 4144 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:21:16.0630 4144 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:21:16.0646 4144 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:21:16.0677 4144 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:21:16.0677 4144 [Global] - ok
21:21:16.0677 4144 ================ Scan MBR ==================================
21:21:16.0677 4144 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
21:21:20.0982 4144 \Device\Harddisk0\DR0 - ok
21:21:20.0982 4144 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:21:21.0092 4144 \Device\Harddisk1\DR1 - ok
21:21:21.0092 4144 ================ Scan VBR ==================================
21:21:21.0138 4144 [ 0B695A41D49D8B5A30171D2D7FCEB72B ] \Device\Harddisk0\DR0\Partition1
21:21:21.0138 4144 \Device\Harddisk0\DR0\Partition1 - ok
21:21:21.0185 4144 [ 0554D65EA8284662E168D145B98BC792 ] \Device\Harddisk0\DR0\Partition2
21:21:21.0185 4144 \Device\Harddisk0\DR0\Partition2 - ok
21:21:21.0185 4144 [ 1BE18EAB5FDED4D70D79692FEE8D05E9 ] \Device\Harddisk1\DR1\Partition1
21:21:21.0201 4144 \Device\Harddisk1\DR1\Partition1 - ok
21:21:21.0201 4144 ============================================================
21:21:21.0201 4144 Scan finished
21:21:21.0201 4144 ============================================================
21:21:21.0201 4496 Detected object count: 6
21:21:21.0201 4496 Actual detected object count: 6
21:24:33.0408 4496 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:24:33.0408 4496 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:24:33.0408 4496 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:24:33.0408 4496 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0408 4496 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:24:33.0424 4496 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0424 4496 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:24:33.0424 4496 WSWNDA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
21:24:33.0424 4496 WSWNDA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.12.2012, 21:32
| #10 |
| /// Malware-holic | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Sehr schön. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 21:50
| #11 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Here we go: Code:
ATTFilter AC-3 ACM Codec 18.12.2010 unbekannt Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 12.08.2009 14,0MB unbekannt Adobe Acrobat 7.1.0 Professional Adobe Systems 04.02.2010 632MB 7.1.0 notwendig Adobe AIR Adobe Systems Incorporated 05.12.2011 37,5MB 3.1.0.4880 unnötig Adobe Color Common Settings Adobe Systems Incorporated 16.08.2009 1.0.1 unnötig Adobe ExtendScript Toolkit 2 Adobe Systems Incorporated 16.08.2009 2.0.2 unnötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.10.2012 11.4.402.287 notwendig Adobe InDesign CS3 Adobe Systems Incorporated 28.09.2009 5.0 unnötig Adobe Photoshop CS3 Adobe Systems Incorporated 16.08.2009 10.0 notwendig Adobe Photoshop Lightroom 2.6 Adobe 08.01.2010 101MB 2.6.1 notwendig Adobe Reader 9.4.7 - Deutsch Adobe Systems Incorporated 10.01.2012 167MB 9.4.7 notwendig AMap Fly 5.0 EADS Deutschland GmbH 28.06.2010 41,4MB 6.6.0.0000 notwendig Apple Application Support Apple Inc. 08.11.2012 65,0MB 2.3 unbekannt Apple Mobile Device Support Apple Inc. 13.09.2012 23,1MB 6.0.0.59 notwendig Apple Software Update Apple Inc. 21.10.2011 2,38MB 2.1.3.127 notwendig ASUS RT-N66U Wireless Router Utilities ASUS 15.09.2012 12,2MB 4.2.3.9 notwendig avast! Free Antivirus AVAST Software 13.11.2012 162MB 7.0.1474.0 notwendig ??? Belkin Wireless USB Utility Belkin 08.10.2010 1,19MB 6.3.2.16 unnötig Bonjour Apple Inc. 21.10.2011 1,02MB 3.0.0.10 notwendig Canon Easy-PhotoPrint EX 22.05.2012 265MB notwendig Canon Easy-PhotoPrint Pro 22.05.2012 37,0MB notwendig Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data 22.05.2012 37,0MB notwendig Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data 22.05.2012 11,7MB notwendig Canon Easy-WebPrint EX 22.05.2012 6,81MB notwendig Canon IJ Network Scanner Selector EX 22.05.2012 8,20MB notwendig Canon IJ Network Tool 22.05.2012 2,07MB notwendig CANON IMAGE GATEWAY Registrierungsanleitung Canon Inc. 17.06.2012 1,50MB 1.0.0.2 notwendig Canon MG6200 series Benutzerregistrierung 22.05.2012 2,30MB notwendig Canon MG6200 series MP Drivers 22.05.2012 452MB notwendig Canon MG6200 series On-screen Manual 22.05.2012 26,3MB notwendig Canon MP Navigator EX 5.0 22.05.2012 76,0MB notwendig Canon My Printer 22.05.2012 5,60MB notwendig Canon Solution Menu EX 22.05.2012 16,5MB notwendig CCleaner Piriform 24.09.2012 2,71MB 3.23 notwendig Cobian Backup 10 21.10.2010 28,4MB unnötig Compatibility Pack für 2007 Office System Microsoft Corporation 16.11.2012 70,5MB 12.0.6612.1000 notwendig Content Manager 2 NNG Llc. 26.12.2011 32,8MB 3.2.0.15965 unbekannt cyberlabDESIGNER Transeo Media Ltd 25.08.2012 44,9MB cyberlabDESIGNER 2.5.8 unnötig Debugging Tools for Windows (x86) Microsoft Corporation 20.08.2009 38,5MB 6.11.1.404 unnötig Evernote v. 4.5.10 Evernote Corp. 19.11.2012 131MB 4.5.10.7472 notwendig ffdshow v1.1.3562 [2010-09-07] 18.12.2010 17,0MB 1.1.3562.0 unnötig FileZilla Client 3.2.7.1 25.09.2009 15,7MB 3.2.7.1 notwendig Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 04.12.2010 3,03MB Free Download Manager 3.0 FreeDownloadManager.ORG 13.08.2009 18,5MB notwendig Garmin ANT Agent Garmin Ltd or its subsidiaries 26.10.2012 16,9MB 2.3.3 notwendig Garmin BaseCamp Garmin Ltd or its subsidiaries 11.11.2012 100MB 4.0.4 notwendig Garmin Communicator Plugin Garmin Ltd or its subsidiaries 16.01.2011 11,6MB 2.9.3 notwendig Garmin MapInstall Garmin Ltd or its subsidiaries 04.11.2012 29,4MB 4.0.3 notwendig Garmin MapSource Garmin Ltd or its subsidiaries 09.01.2012 58,0MB 6.16.3 notwendig Garmin Training Center Garmin Ltd or its subsidiaries 26.10.2012 86,8MB 3.6.5 notwendig Garmin USB Drivers Garmin Ltd or its subsidiaries 26.10.2012 580KB 2.3.1.0 notwendig Garmin WebUpdater Garmin Ltd or its subsidiaries 16.06.2012 15,6MB 2.5.6 notwendig Google Earth Google 20.11.2011 92,7MB 6.1.0.5001 unbekannt Google Toolbar for Internet Explorer Google Inc. 19.09.2012 24,3MB 7.4.3230.2052 unnötig Google Updater Google Inc. 28.09.2011 4,56MB 2.4.2432.1652 unbekannt iCloud Apple Inc. 20.09.2012 47,5MB 2.0.2.187 notwendig Intel(R) Network Connections 13.5.32.0 Intel 02.06.2009 53,3MB 13.5.32.0 unbekannt Intel® Matrix Storage Manager Intel Corporation 12.08.2009 46,8MB unbekannt iTunes Apple Inc. 13.09.2012 180MB 10.7.0.21 notwendig Japanese Fonts Support For Adobe Reader 9 Adobe Systems Incorporated 06.12.2010 16,4MB 9.0.0 unnötig Java 7 Update 7 Oracle 14.10.2012 128MB 7.0.70 notwendig Java(TM) 6 Update 31 Oracle 15.04.2012 95,1MB 6.0.310 unnötig JOSM OpenStreetMap 18.06.2012 notwendig Logitech Desktop Messenger Logitech, Inc. 15.08.2010 9,75MB 2.54.11 notwendig Logitech Harmony Remote Software 7 Logitech 15.08.2010 88,2MB 7.7.0.0 notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 03.12.2012 4,00MB 1.65.1.1000 notwendig ??? Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 02.06.2009 37,3MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 02.06.2009 37,3MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 24,5MB 4.0.30319 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 19.09.2011 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Language Pack 2010 - German/Deutsch Microsoft Corporation 28.06.2012 0,97GB 14.0.6029.1000 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 26.05.2010 506KB 2.0.4024.1 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.11.2012 100MB 12.0.6612.1000 notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 27.06.2012 0,97GB 14.0.6029.1000 unbekannt Microsoft Silverlight Microsoft Corporation 16.05.2012 25,9MB 5.1.10411.0 unbekannt Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 02.06.2009 332KB 3.1.0000 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 02.06.2009 1,74MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.10.2009 251KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 13.10.2009 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 21.04.2011 592KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13.08.2009 590KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.01.2011 589KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 594KB 9.0.30729.6161 unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 06.12.2012 42,7MB 17.0.1 notwendig Mozilla Firefox 4.0.1 (x86 de) Mozilla 16.06.2011 40,6MB 4.0.1 unnötig Mozilla Maintenance Service Mozilla 06.12.2012 216KB 17.0.1 unbekannt Mp3tag v2.47b Florian Heidenreich 04.12.2010 6,91MB v2.47b notwendig MSXML 4.0 SP2 (KB936181) Microsoft Corporation 02.06.2009 1,27MB 4.20.9848.0 unbekannt MSXML 4.0 SP2 (KB941833) Microsoft Corporation 02.06.2009 1,27MB 4.20.9849.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.06.2009 1,29MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 unbekannt Naviextras Toolbox Prerequesities NNG Llc. 26.12.2011 4,05MB 1.0.0 unbekannt Nero 8 Essentials Nero AG 05.10.2009 1,91GB 8.3.465 notwendig NETGEAR WNDA3100v2 wireless USB 2.0 adapter NETGEAR 09.10.2010 23,1MB 1.0.0.133 unnötig NVIDIA Display Control Panel NVIDIA Corporation 19.04.2010 19,7MB 6.14.11.9745 notwendig NVIDIA Drivers NVIDIA Corporation 19.04.2010 2,88GB 1.10.59.37 notwendig NVIDIA PhysX NVIDIA Corporation 13.07.2009 119MB 9.09.0428 notwendig Open XML Editor Dieter Köhler 12.05.2011 3,47MB unbekannt OpenStreetMap Plugin V2 Old Man Biking 24.05.2010 2,18MB 1.0.3788.41447 as of 2010-05-16 notwendig Picasa 3 Google, Inc. 02.01.2011 74,3MB 3.8 notwendig Polar ProTrainer 29.09.2009 27,5MB 5.10.120 notwendig QNAP Finder QNAP Systems, Inc. 23.11.2011 43,0MB 3.4.2.0303 notwendig QNAP NetBak Replicator 24.11.2011 notwendig QuickTime Apple Inc. 08.11.2012 73,1MB 7.73.80.64 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.06.2009 10,0MB 6.0.1.5804 unbekannt Remote Control USB Driver 15.08.2010 3,61MB 2.3.2.317 notwendig SAMSUNG PC Share Manager SAMSUNG 24.06.2011 24,4MB 4.0 unnötig Saturn Picture Center 26.09.2009 128MB unnötig Sophos Anti-Rootkit 1.5.0 Sophos Plc 27.09.2009 2,66MB 1.5.0 unnötig SportTracks 2.1 Zone Five Software 21.08.2009 6,32MB 2.1.3478 unnötig SportTracks 3.1 Zone Five Software 09.06.2012 8,46MB 3.1.4518 notwendig Uninstall 1.0.0.1 04.12.2010 31,3MB unbekannt VideoBrowser PIXELA 17.06.2012 164MB 1.01.100 notwendig VLC media player 2.0.4 VideoLAN 03.11.2012 72,6MB 2.0.4 notwendig Winamp Nullsoft, Inc 02.08.2010 37,7MB 5.581 unnötig Winamp Erkennungs-Plug-in Nullsoft, Inc 02.08.2010 132KB 1.0.0.1 unnötig Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) Dynastream Innovations 26.10.2012 07/07/2009 1.12.2 unbekannt Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Garmin 26.10.2012 04/19/2012 2.3.1.0 notwendig Windows Live Essentials Microsoft Corporation 02.06.2009 136MB 14.0.8050.1202 unnötig Windows Live ID-Anmelde-Assistent Microsoft Corporation 26.05.2010 4,68MB 6.500.3165.0 unnötig Windows Live Sync Microsoft Corporation 02.06.2009 2,79MB 14.0.8050.1202 unnötig Windows Live-Uploadtool Microsoft Corporation 02.06.2009 225KB 14.0.8014.1029 unnötig Windows Media Player Firefox Plugin Microsoft Corp 11.09.2011 296KB 1.0.0.8 notwendig WinRAR 12.08.2009 3,72MB notwendig Xirrus Wi-Fi Inspector Xirrus 08.10.2010 43,6MB 1.2.0000 unnötig |
|
06.12.2012, 21:55
| #12 |
| /// Malware-holic | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Adobe Acrobat 7.1.0 Komplett veraltet, ein Upgrade auf Version 11 ist nötig, schon aus sicherheitstechnischen Gründen! Deinstaliere: Adobe : alle für dich unnötigen. Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Cobian cyberlabDESIGNER Debugging ffdshow Google : alle Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Naviextras NETGEAR SAMSUNG Saturn Sophos Windows Live : alle für dich unnötigen Xirrus Öffne ccleaner, analysieren starten, pc neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 23:33
| #13 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... puuuh. danke. also: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 06/12/2012 um 23:30:33 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : \\NAS\Download\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [990 octets] - [06/12/2012 23:30:33]
########## EOF - C:\AdwCleaner[R1].txt - [1049 octets] ##########
|
|
06.12.2012, 23:34
| #14 |
| /// Malware-holic | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...
neustarten, testen wie PC und Browser laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 23:52
| #15 |
| | Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... Thx! Hier ist der Log: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 06/12/2012 um 23:43:02 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - *** -PC
# Bootmodus : Normal
# Ausgeführt unter : \\NAS\Download\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebbh77ux.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1118 octets] - [06/12/2012 23:30:33]
AdwCleaner[S1].txt - [1052 octets] - [06/12/2012 23:43:02]
########## EOF - C:\AdwCleaner[S1].txt - [1112 octets] ##########
|
|
| Themen zu Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt... |
| administrator, anti-malware, antivirus, appdata, automatisch, autostart, avast, beim starten, code, computer, dateien, erste mal, explorer, gelöscht, gen, lsass.exe, malwarebytes, microsoft, neustart, quarantäne, roaming, service pack 2, speicher, starten, vista |
Linear-Darstellung
