Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner 05.12.2012

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.12.2012, 11:45   #1
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



Hallo TB-Team,

habe mir vor ca. 1h den GVU Trojaner eingehandelt !

Wie hier beschrieben http://www.trojaner-board.de/127821-...tml#post968067 habe ich einen Quickscan durchgeführt.

Bitte dringend um Hilfe!

Herzlichen Dank,
Tobi

Nachfolgend der Inhalt aus meinen OTL.txt und Extra.txt.

OTL.txt

OTL logfile created on: 05.12.2012 11:22:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tobi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 3,21 Gb Available Physical Memory | 83,14% Memory free
7,71 Gb Paging File | 7,10 Gb Available in Paging File | 92,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 275,42 Gb Free Space | 59,14% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 214,11 Gb Free Space | 91,94% Space Free | Partition Type: NTFS

Computer Name: TBMOBIL | User Name: tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.05 11:15:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tobi\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2010.02.26 18:13:20 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.22 09:35:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\_tb\misc\system\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.27 19:17:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus)
SRV - [2010.08.16 20:00:47 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010.07.03 12:38:07 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.05.21 12:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Programme\_tb\misc\system\teamviewer\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.11 06:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\_tb\misc\secure\nod32\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.09.11 06:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Stopped] -- C:\Programme\_tb\misc\secure\nod32\x86\ekrn.exe -- (ekrn)
SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.05.29 10:00:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\_tb\misc\system\pcanywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.17 16:44:46 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.24 12:01:22 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.03.19 12:25:26 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2010.02.26 18:13:54 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.02.26 10:36:04 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010.02.25 16:07:46 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.01.14 15:54:44 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.01.14 15:29:26 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.22 14:06:34 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.11.20 15:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.11 06:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.09.11 06:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.09.11 06:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.06.15 07:20:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2010.06.13 17:39:08 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.30 16:53:56 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/07/10 15:35:16] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\_tb\media\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2003.05.05 15:43:34 | 000,024,365 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003.04.21 13:08:44 | 000,010,901 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\AWLEGACY.sys -- (awlegacy)
DRV - [2003.04.21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\GERNUWA.sys -- (Gernuwa)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 45 20 A5 C1 F7 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {81452B8C-C0A8-4488-8F57-03ACA2790BD1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{81452B8C-C0A8-4488-8F57-03ACA2790BD1}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{8F7BE742-BE9D-4644-864B-5354FD784799}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\_tb\media\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\_tb\office\office7\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\_tb\office\sunbird\components [2011.01.01 12:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\_tb\office\sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\_tb\office\thunderbird\components [2012.11.22 09:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\_tb\office\thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\_tb\misc\secure\nod32\Mozilla Thunderbird [2010.06.13 15:50:15 | 000,000,000 | ---D | M]

[2010.06.13 20:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobi\AppData\Roaming\Mozilla\Extensions
[2010.06.13 20:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobi\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.13 20:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobi\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.12.05 09:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobi\AppData\Roaming\Mozilla\Sunbird\Profiles\xqngorzq.default\extensions
[2010.10.30 20:26:38 | 000,000,000 | ---D | M] (Provider for Google Calendar) -- C:\Users\tobi\AppData\Roaming\Mozilla\Sunbird\Profiles\xqngorzq.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}

========== Chrome ==========

CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tobi\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\_tb\misc\system\java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\_tb\misc\system\java\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\_tb\office\office7\Office14\NPAUTHZ.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\tobi\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tobi\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\_tb\media\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\tobi\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\_tb\misc\secure\nod32\egui.exe (ESET)
O4 - HKLM..\Run: [Dimension4] C:\Program Files (x86)\_tb\misc\system\clock\D4.exe (Thinking Man Software)
O4 - Startup: C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sunbird.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download with mediAvatar iPad Softwarepaket Pro - C:\Programme\_tb\media\iPad video\upod_link.HTM ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\_tb\office\office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files (x86)\_tb\office\office7\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download with mediAvatar iPad Softwarepaket Pro - C:\Programme\_tb\media\iPad video\upod_link.HTM ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\_tb\office\office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files (x86)\_tb\office\office7\Office12\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{839C5B78-FE57-49F1-B051-01617F011445}: DhcpNameServer = 192.168.2.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E06EF57-C0FD-4A9D-ADDA-DF3F17637092}: DhcpNameServer = 192.168.2.111
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012.12.05 10:39:22 | 000,405,376 | ---- | C] (Microsoft Corporation) -- C:\Users\tobi\wgsdgsdgdsgsd.exe
[2012.12.02 13:51:18 | 000,844,288 | ---- | C] (Genesis Financial Data Services) -- C:\Windows\SysWow64\G32_GD.dll
[2012.11.20 14:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.12 11:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase
[2012.11.08 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2012.11.08 22:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012.11.08 21:16:26 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Local\ZoneFiveSoftware
[2012.11.08 21:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoneFiveSoftware
[2012.11.08 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Roaming\Garmin
[2012.11.08 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ant
[2012.11.08 21:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.11.08 21:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012.11.07 19:05:08 | 000,000,000 | ---D | C] -- C:\Log
[2012.11.07 12:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012.11.07 11:43:03 | 000,331,776 | ---- | C] (AMYUNI Consultants
hxxp://www.amyuni.com) -- C:\Windows\SysWow64\cdintf.dll
[2012.11.07 11:42:40 | 000,069,632 | ---- | C] (Stingray Software Inc.) -- C:\Windows\SysWow64\LVC61as.dll
[2012.11.07 11:42:39 | 001,884,160 | ---- | C] (Stingray Software Inc.) -- C:\Windows\SysWow64\LTP602as.dll
[2012.11.07 11:42:39 | 000,404,480 | ---- | C] (Lexware GmbH & Co. KG, Freiburg) -- C:\Windows\SysWow64\mvter32.dll
[2012.11.07 11:42:39 | 000,249,856 | ---- | C] (RogueWave Software) -- C:\Windows\SysWow64\LE60as.dll
[2012.11.07 11:42:39 | 000,176,128 | ---- | C] (Stingray Software Inc.) -- C:\Windows\SysWow64\LSC61as.dll
[2012.11.07 11:42:39 | 000,155,706 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LxDBAL11.dll
[2012.11.07 11:42:39 | 000,077,824 | ---- | C] (Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\lxdao11.dll
[2012.11.07 11:42:38 | 000,569,402 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LXTool30.dll
[2012.11.07 11:42:38 | 000,491,578 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LXTool20.dll
[2012.11.07 11:42:38 | 000,328,704 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3sfm101.dll
[2012.11.07 11:42:38 | 000,278,528 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LxXtreme.dll
[2012.11.07 11:42:38 | 000,200,758 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LXBtr10.dll
[2012.11.07 11:42:38 | 000,163,898 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LxBasics.dll
[2012.11.07 11:42:38 | 000,135,168 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\Wdbuui32.dll
[2012.11.07 11:42:38 | 000,122,938 | ---- | C] (Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail20.dll
[2012.11.07 11:42:38 | 000,098,816 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3sif101.dll
[2012.11.07 11:42:38 | 000,086,016 | ---- | C] (Lexware GmbH & Co.KG) -- C:\Windows\SysWow64\LxDtv30.dll
[2012.11.07 11:42:38 | 000,068,096 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\WBTRV32.DLL
[2012.11.07 11:42:38 | 000,058,880 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3sqlv7.dll
[2012.11.07 11:42:38 | 000,049,152 | ---- | C] (Lexware GmbH & Co KG) -- C:\Windows\SysWow64\LXCurr12.dll
[2012.11.07 11:42:38 | 000,038,400 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3src101.dll
[2012.11.07 11:42:38 | 000,004,192 | ---- | C] (Btrieve Technologies, Inc.) -- C:\Windows\SysWow64\WBTRVRES.DLL
[2012.11.07 11:42:37 | 000,784,081 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3sce101.exe
[2012.11.07 11:42:37 | 000,382,464 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W32btint.dll
[2012.11.07 11:42:37 | 000,250,368 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3dif101.dll
[2012.11.07 11:42:37 | 000,125,440 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3mif103.dll
[2012.11.07 11:42:37 | 000,124,928 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3aif103.dll
[2012.11.07 11:42:37 | 000,110,592 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3nsl103.dll
[2012.11.07 11:42:37 | 000,073,216 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3crs101.dll
[2012.11.07 11:42:37 | 000,073,216 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3bif103.dll
[2012.11.07 11:42:37 | 000,067,584 | ---- | C] (Btrieve Technologies Inc.) -- C:\Windows\SysWow64\W32MKSET.DLL
[2012.11.07 11:42:37 | 000,044,544 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3dbnv7.dll
[2012.11.07 11:42:37 | 000,042,496 | ---- | C] (Pervasive Software Inc.) -- C:\Windows\SysWow64\W3scmv7.dll
[2012.11.07 11:41:41 | 000,000,000 | ---D | C] -- C:\lexware
[2012.11.07 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Roaming\Lexware
[2012.11.07 11:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2012.11.07 10:58:46 | 001,929,216 | ---- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Windows\SysWow64\cdintf250.dll
[2012.11.07 10:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.07 10:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012.11.07 10:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2012.11.07 10:51:20 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Local\Lexware
[2012.11.07 07:05:47 | 000,422,848 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\vsflex7L.ocx
[2012.11.07 07:05:46 | 000,335,872 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pepco32a.ocx
[2012.11.07 07:05:45 | 000,376,832 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pe3do32a.ocx
[2012.11.07 07:05:39 | 000,286,720 | ---- | C] (Genesis Financial Data Services) -- C:\Windows\SysWow64\G32_zip.dll
[2010.06.15 21:24:02 | 010,355,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\3.EXE

========== Files - Modified Within 30 Days ==========

[2012.12.05 11:09:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.05 11:09:16 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.05 11:07:55 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.05 10:59:05 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 10:59:05 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 10:39:24 | 000,001,049 | ---- | M] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.04 15:32:18 | 001,766,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.04 15:32:18 | 000,759,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.04 15:32:18 | 000,703,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.04 15:32:18 | 000,169,290 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.04 15:32:18 | 000,137,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.02 15:04:15 | 000,000,073 | ---- | M] () -- C:\Windows\NavWin.INI
[2012.11.23 16:16:28 | 003,032,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.22 18:13:15 | 000,060,304 | ---- | M] () -- C:\Users\tobi\g2mdlhlpx.exe
[2012.11.12 15:54:11 | 000,000,081 | ---- | M] () -- C:\Windows\loge.dat
[2012.11.12 11:55:26 | 000,000,525 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.11.08 06:50:20 | 000,000,060 | ---- | M] () -- C:\Windows\ib.ini
[2012.11.07 19:05:08 | 000,000,017 | ---- | M] () -- C:\Windows\spwdrpga.INI
[2012.11.07 11:42:59 | 000,000,198 | ---- | M] () -- C:\Windows\ODBCINST.ini

========== Files Created - No Company Name ==========

[2012.12.05 10:39:24 | 000,001,049 | ---- | C] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.05 10:39:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.23 15:38:14 | 000,002,092 | ---- | C] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sunbird.lnk
[2012.11.14 09:20:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 09:10:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 15:54:11 | 000,000,081 | ---- | C] () -- C:\Windows\loge.dat
[2012.11.07 19:05:08 | 000,000,017 | ---- | C] () -- C:\Windows\spwdrpga.INI
[2012.11.07 11:42:59 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2012.11.07 11:42:38 | 000,237,623 | ---- | C] () -- C:\Windows\SysWow64\dnt26.dll
[2012.11.07 11:42:38 | 000,229,431 | ---- | C] () -- C:\Windows\SysWow64\dnt23.dll
[2012.11.07 11:42:38 | 000,192,592 | ---- | C] () -- C:\Windows\SysWow64\LxImport30.dll
[2012.11.07 11:42:38 | 000,094,266 | ---- | C] () -- C:\Windows\SysWow64\LXDasi10.dll
[2012.11.07 11:42:38 | 000,077,882 | ---- | C] () -- C:\Windows\SysWow64\dntvmc26.dll
[2012.11.07 11:42:38 | 000,073,786 | ---- | C] () -- C:\Windows\SysWow64\dntvmc23.dll
[2012.11.07 11:42:38 | 000,073,785 | ---- | C] () -- C:\Windows\SysWow64\dntvm26.dll
[2012.11.07 11:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\PXTTool.dll
[2012.11.07 11:42:38 | 000,061,497 | ---- | C] () -- C:\Windows\SysWow64\dntvm23.dll
[2012.11.07 11:42:38 | 000,015,627 | ---- | C] () -- C:\Windows\SysWow64\WBROLLRS.DLL
[2012.11.07 11:42:37 | 000,320,512 | ---- | C] () -- C:\Windows\SysWow64\W32MKDE.EXE
[2012.11.07 11:42:37 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL
[2012.11.07 11:42:37 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll
[2012.11.07 11:42:37 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll
[2012.11.07 07:05:39 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\G32_rkey.dll
[2012.11.07 07:05:39 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\free_res.exe
[2012.09.22 09:07:21 | 001,808,004 | ---- | C] () -- C:\Users\tobi\Localizable.strings
[2012.08.31 17:03:19 | 000,006,144 | ---- | C] () -- C:\Users\tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.03 19:21:57 | 000,166,404 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.07 16:51:43 | 000,060,304 | ---- | C] () -- C:\Users\tobi\g2mdlhlpx.exe
[2010.06.16 19:30:50 | 000,000,008 | RH-- | C] () -- C:\Users\tobi\hwid
[2010.04.22 17:43:21 | 000,000,414 | ---- | C] () -- C:\Program Files (x86)\Secure Digital-Speichergerät (E) - Verknüpfung.lnk

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010.06.15 07:24:58 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\ACD Systems
[2010.07.03 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Autodesk
[2012.11.07 13:55:13 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\FileZilla
[2010.06.13 22:06:59 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Foxit
[2010.08.04 06:41:06 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Foxit Software
[2012.11.08 22:10:27 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Garmin
[2010.06.15 08:08:28 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\InterVideo
[2012.11.12 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Lexware
[2012.09.01 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\mediAvatar
[2010.06.13 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\PasswordSafe
[2012.11.11 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Synchronizer
[2012.08.27 09:30:33 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\TeamViewer
[2010.06.13 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Thunderbird
[2010.06.15 09:29:46 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\TippKönigin
[2010.07.24 11:46:33 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\Uniblue
[2010.06.13 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\tobi\AppData\Roaming\WinFAQ

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.11.20 15:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.11.22 18:13:15 | 000,060,304 | ---- | M] () -- C:\Users\tobi\g2mdlhlpx.exe
[2010.06.16 19:30:50 | 000,000,008 | RH-- | M] () -- C:\Users\tobi\hwid
[2012.06.07 18:51:10 | 001,808,004 | ---- | M] () -- C:\Users\tobi\Localizable.strings
[2012.12.05 11:20:09 | 002,883,584 | -HS- | M] () -- C:\Users\tobi\NTUSER.DAT
[2012.12.05 11:20:09 | 000,262,144 | -HS- | M] () -- C:\Users\tobi\ntuser.dat.LOG1
[2010.03.14 12:31:20 | 000,000,000 | -HS- | M] () -- C:\Users\tobi\ntuser.dat.LOG2
[2010.03.14 12:44:00 | 000,065,536 | -HS- | M] () -- C:\Users\tobi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.14 12:44:00 | 000,524,288 | -HS- | M] () -- C:\Users\tobi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.14 12:44:00 | 000,524,288 | -HS- | M] () -- C:\Users\tobi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.14 12:31:20 | 000,000,020 | -HS- | M] () -- C:\Users\tobi\ntuser.ini
[2012.12.05 10:39:22 | 000,405,376 | ---- | M] (Microsoft Corporation) -- C:\Users\tobi\wgsdgsdgdsgsd.exe

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp5FBE8F9

< End of report >


Extra.txt

OTL Extras logfile created on: 05.12.2012 11:22:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tobi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 3,21 Gb Available Physical Memory | 83,14% Memory free
7,71 Gb Paging File | 7,10 Gb Available in Paging File | 92,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 275,42 Gb Free Space | 59,14% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 214,11 Gb Free Space | 91,94% Space Free | Partition Type: NTFS

Computer Name: TBMOBIL | User Name: tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\_tb\office\office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\_tb\office\office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\_tb\office\office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\_tb\office\office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013A84BF-AEB7-47BB-B8EA-160F7B8FBF34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0350A275-0F4F-4E7C-8C32-1976B8F947E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{062CBF89-598C-4706-8D0B-2BEED3E84A77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16C6C8E3-E949-45DB-AC3E-7064E436578F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C16043F-BEA9-4D26-B9E2-E8E3A7ADC1F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27A09F88-0B28-45BD-9003-3E281E7ACEF1}" = lport=138 | protocol=17 | dir=in | app=system |
"{29916C05-EA36-47CF-9ECA-BF1DC48D2507}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3344F4EA-EE66-4D8A-AF89-7BE8B784E533}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38D78C73-36DE-4EE3-A9D6-A648CA29AD30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BECE28A-F134-4E15-8C67-39D017315886}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DE13810-36F1-4452-9F2A-0126A4F3E388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E0BD8BA-27B2-4833-A3A0-468205BF6D85}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EE3356C-8B8D-4100-B127-489E73C0864F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4DF6CAFC-4EEB-40AF-9EAA-BDAB6C9D8581}" = lport=10243 | protocol=6 | dir=in | app=system |
"{505C1571-6D1B-42C4-B727-1CF9BE52F3AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56E4BB73-FC58-41E6-B96D-C1F8D84C6AF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6012EFBE-7EA2-4FAF-9D2C-DFF9ED699A47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C89C8FA-C0CF-43D2-B706-F3A11EB3BBD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89922039-E24A-43A6-8FA2-F45A270CD55D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A9C1E42-A501-4065-8058-CB0E5393AE43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FC7326F-1913-4785-B6CB-03C7207F5FF5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90C79499-8BF9-47BC-95D6-BF4990B78F54}" = lport=445 | protocol=6 | dir=in | app=system |
"{92C3BF25-1E56-49A2-946E-3C5947AD16F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A12F585F-F591-40FD-AA83-1CD3DC581F7C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A297E042-7EE5-4A1A-8305-57BDA0F4889B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A328566D-CCF4-44E0-9705-A4A5DD4A45E5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B51D5343-619E-4529-8ABD-4C89D1517D18}" = lport=139 | protocol=6 | dir=in | app=system |
"{C9BA17D3-5D0B-4CF0-9182-5B520F03E716}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1F94FE3-C992-479C-A52E-F463506B72C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED84134F-B7C7-4F6B-B9E0-97AE53D4D6FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC8D76BE-53C1-4F48-9FA9-9E75F7380FBC}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011C76D7-92D0-44C6-8B9C-6A8839CEE5F3}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{066DA65E-1F48-4BBD-BFD0-9CE13FEFD83E}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{0AA40442-E843-483C-9E5C-D85008DCE1F3}" = dir=in | app=c:\program files (x86)\_tb\media\powerdvd9\powerdvd9.exe |
"{14AC7421-D859-47F6-96D1-57C70D1DADA9}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{17CF3CB0-60AA-4CF4-A174-B10BFE367854}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{185C6A16-CC69-4834-8EA6-4A41B3D55FFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18A8B056-6AF7-4072-B456-8AEF9706920B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B02063E-69AA-4324-9DFE-72591ADF71DA}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{1C484190-097F-489C-884C-414AF567114D}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{2015FDED-2710-4DA5-A9D9-C055FA943BF7}" = dir=in | app=c:\program files\_tb\media\itunes\itunes.exe |
"{20BD3EB4-2B91-4116-9443-ECF5112AAA87}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{22BC68BC-BFEB-4E9C-9B76-47BCD72F673B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D3232A-E1FE-4545-B691-D29050CDCC57}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{27BFEDD4-E694-40A4-A35E-518117C81AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2980F2AA-6966-4D72-B9B2-247AFA3C4E80}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{30578215-43BC-443C-9BEF-40D18375D808}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{3331C575-E36A-4238-887D-59FD8EF8B8CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{340580B4-3A15-45F2-ADA9-9C426DAC3560}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{38F4A4AA-115B-4510-B8AA-5210C074202C}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{3A5A0F79-9916-488E-BE29-96F3CE7C0EAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BF86B00-C2BF-4685-A0F6-60368542B23D}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{3C6672BB-AFB7-4B9F-B03F-D40F197F70A0}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{43D3FAB8-47FD-4F8B-B394-FECB57DD83B6}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{4C0BE20E-4E16-4249-A8CB-B4BBB95F1903}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{5A319575-231B-4143-BC54-9C24D2DB7D6B}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{60316BB4-9C92-44D1-BF13-D05B1B102C5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63414FE9-858C-4C1A-AA34-4D3993E2CB9C}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{64BA1FCB-C9A2-4A7D-9F42-E7540F8ACCB3}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{6623576E-6C53-4AD1-8C7A-8CFC11266199}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67D9719E-5325-497A-B9A4-8200DEFF8C3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C7F548C-E11E-42C7-B332-1FEC76143960}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{7252ECE5-972F-43AE-A7B6-277610E715C7}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{72A2F6CF-6D6F-4DF6-8457-F5BF2B855B1E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{767BD636-FF4F-4A9B-929B-D7E5FD68665B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{778EC9F3-567E-42D7-B08B-C876AA838F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7F5C68C6-312E-4F54-84CE-35F95523DA05}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8282067C-FCBF-4FE0-9789-174306193059}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{90D412F3-000F-43C7-9D20-EE7F9CC98C28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94DEFAAB-FC02-4014-8EC2-FFE52C751FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95C93F37-74CA-4D10-AA15-9F5F8408D7A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{981EF7E7-AF75-4A37-BCE3-B2882000CE94}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{992923C3-1AD0-4698-B23D-6A1910F82E55}" = protocol=17 | dir=in | app=c:\program files\_tb\misc\system\teamviewer\teamviewer.exe |
"{9B976E27-92C2-40A0-9230-8802EE9B10B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BBBE70D-C04A-4EA0-AAED-C1EBA6A3E75D}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{9BF24571-067F-4E65-A873-9F057699BD41}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{9C51044E-E726-45D1-93C0-3048412461C3}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{9E428D33-9BBB-4358-8F3A-8F817AC5523C}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{9F67040E-943E-49D0-B8B1-4D55D5F90692}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{9F9DAAB5-6F55-4467-855C-DD024EE17E10}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{A283DCD7-3FCC-4966-A816-5D3884D88EA2}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{A507059E-8BAE-4779-B98F-A9401338A5DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA189EE4-86B6-4B88-99DB-CD293FFAAEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{AD1EA84F-CA64-47ED-9F9D-C5EA33CF3DD1}" = dir=in | app=c:\program files (x86)\_tb\media\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{B00CD833-B33A-4285-AD9C-CE32E406309D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B41A3870-394F-4B38-B995-195501F47369}" = protocol=6 | dir=in | app=c:\program files\_tb\misc\system\teamviewer\teamviewer.exe |
"{BF3EC6C9-D3F0-425C-866C-EFB3CC8A2ED9}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{C0E734DB-0BFC-4D67-966D-CA1CEC9D4CAF}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{C3596BC9-6B8A-4D2F-BDB1-2C6C84CB471D}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{C5EE68DA-DECC-4EE3-A027-AF959FFAC8DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF522527-81AD-4131-879B-6D3EA1514B51}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{D0F4C469-C807-4151-885B-29D76FA28EA0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{D583D9A3-85F2-46DD-8658-A50934E9CA58}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{D664EBFC-9FA4-4E2C-B299-467F7B87106E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6C445FF-2737-441D-9743-5FAF93A6E090}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{DAE36C81-256F-4CA0-8A27-C4D25ADA0838}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCF90490-AB23-4AF5-B4EF-0071C0CE9AE0}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{DF416E77-E5DB-4D9F-8FC0-E4CA56F4CEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E15E1226-49E0-4A20-B0F2-DE98EDAD38E6}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{E4C507E7-B795-4E7B-9738-F9F35EEB6608}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{E5BA06CA-1401-4094-9B59-DA6076819425}" = protocol=6 | dir=out | app=system |
"{EBC05FB5-256F-49D7-BDA1-82A20EF50DD5}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{F06D4FA2-699E-4A16-9B48-2B98CADACCA0}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{F0B53296-DD26-45F3-9F8A-0F9966FDE87C}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{F5B7B40F-4891-4AF1-9FB8-A0C49EA0E478}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB92A20E-C280-433D-9A0B-39BFF295C862}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{FB92FACD-852B-4067-8B63-716B39A3978C}" = dir=in | app=c:\program files (x86)\_tb\misc\system\skype\phone\skype.exe |
"{FE70EB90-7327-4614-9F4F-31B704BACDDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFEF511F-73A6-4BD4-B1B3-2A6C5A95ADDA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{001A555C-EB6F-4BD9-97BE-5DC68602806D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{3BACF071-C60C-44C5-97A4-4FF00F2BA36A}C:\program files (x86)\_tb\misc\system\clock\d4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\_tb\misc\system\clock\d4.exe |
"TCP Query User{D2D4CE70-D02E-49E7-8DC5-29CF6C2BBACA}C:\program files\_tb\trade\tn\navigator suite\navsuite.exe" = protocol=6 | dir=in | app=c:\program files\_tb\trade\tn\navigator suite\navsuite.exe |
"UDP Query User{8DC113FF-4738-47FD-891D-4E8CF0FD714F}C:\program files (x86)\_tb\misc\system\clock\d4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\_tb\misc\system\clock\d4.exe |
"UDP Query User{B2A8CB85-A0DB-4EBA-9A05-8E75B5F94E6B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{C22992D4-2452-4CA3-BD51-60EF02E04CB5}C:\program files\_tb\trade\tn\navigator suite\navsuite.exe" = protocol=17 | dir=in | app=c:\program files\_tb\trade\tn\navigator suite\navsuite.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{110ED870-1DF3-4574-A679-E2C4A8163211}_is1" = Registry System Wizard.NET
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70C9548E-F28F-4BA1-A17F-B4B6B7360783}" = Foxit PDF IFilter
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D2012A37-E263-4B94-BAF7-BD290CE4D697}" = ESET NOD32 Antivirus
"{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}" = Garmin Communicator Plugin x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{37BC8FCE-15B1-456E-A62C-EEB175B71340}" = Lexware reisekosten plus 2011
"{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}" = Trade Navigator
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B48A8D9-D1AD-4424-BD4D-E462737099DF}" = SportTracks 3.0
"{5d6e4e47-fa21-444f-ac5e-7fd4dde3f8ca}" = Nero 9
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757469A9-396B-45E7-B069-67297D08470E}" = Lexware financial office 2011
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87102B45-8762-4A34-BED3-8D1C21F9F1A6}" = Hoadley Options Strategy Evaluation Tool
"{8AEF92D2-4E2C-44CD-ABDC-800E0BB8EDEE}" = Password Safe and Repository 5.5.0.1802
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{98420797-89A5-4387-833F-E306F38E4E35}" = Foxit PDF IFilter
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-09-09
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2011
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAF15921-FA90-4427-82A2-1852A9BAC99A}" = Lexware Datenbank plus 2011
"{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{E2AD695E-B537-41FD-9652-B9138EEAAC3C}" = Lexware anlagenverwaltung 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E883466C-77EC-44AC-8EC8-417A4A16AB3F}" = Garmin Communicator Plugin
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalyzerXL Package_is1" = AnalyzerXL Package 6.1.39
"eChat" = eChat
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"IBXL_is1" = IBXL 1.0.8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"MacroX" = MacroX 3.1
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Synchronizer_is1" = Synchronizer
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"The Rosetta Stone" = The Rosetta Stone
"TippKönigin_is1" = TippKönigin 5.5
"Trader Workstation 4.0" = Trader Workstation 4.0
"TWS Interoperability Components" = TWS Interoperability Components
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.3.0.978
"mediAvatar iPad Softwarepaket Pro" = mediAvatar iPad Softwarepaket Pro
"Trader Workstation" = Trader Workstation

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.12.2012 10:46:15 | Computer Name = tbmobil | Source = ESENT | ID = 455
Description = Windows (3048) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00246.log.

Error - 01.12.2012 10:46:16 | Computer Name = tbmobil | Source = Windows Search Service | ID = 9000
Description =

Error - 01.12.2012 10:46:16 | Computer Name = tbmobil | Source = Windows Search Service | ID = 7040
Description =

Error - 01.12.2012 10:46:16 | Computer Name = tbmobil | Source = Windows Search Service | ID = 7042
Description =

Error - 01.12.2012 10:46:16 | Computer Name = tbmobil | Source = Windows Search Service | ID = 9002
Description =

Error - 01.12.2012 10:46:16 | Computer Name = tbmobil | Source = Windows Search Service | ID = 3029
Description =

Error - 01.12.2012 10:46:17 | Computer Name = tbmobil | Source = Windows Search Service | ID = 3029
Description =

Error - 01.12.2012 10:46:17 | Computer Name = tbmobil | Source = Windows Search Service | ID = 3028
Description =

Error - 01.12.2012 10:46:17 | Computer Name = tbmobil | Source = Windows Search Service | ID = 3058
Description =

Error - 01.12.2012 10:46:17 | Computer Name = tbmobil | Source = Windows Search Service | ID = 7010
Description =

[ OSession Events ]
Error - 16.06.2011 01:54:33 | Computer Name = tbmobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 282
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05.12.2012 06:09:48 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:48 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:48 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:48 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:49 | Computer Name = tbmobil | Source = DCOM | ID = 10005
Description =

Error - 05.12.2012 06:09:49 | Computer Name = tbmobil | Source = DCOM | ID = 10005
Description =

Error - 05.12.2012 06:09:50 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:50 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:50 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 05.12.2012 06:09:50 | Computer Name = tbmobil | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >

Alt 05.12.2012, 12:50   #2
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.12.05 10:39:22 | 000,405,376 | ---- | C] (Microsoft Corporation) -- C:\Users\tobi\wgsdgsdgdsgsd.exe
[2012.12.05 11:07:55 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.05 10:39:24 | 000,001,049 | ---- | M] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 05.12.2012, 14:40   #3
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hi,

unten der Inhalt des Textdokuments.
MovedFiles.zip habe ich via Uploadchannel hochgeladen.

Ist damit alles bereinigt oder gibt's noch weitere Schritte zu tun?
Kann ich den Ordner _OTL löschen?

Herzlichen Dank für die schnelle Hilfe,
Tobi


Textdokument:

All processes killed
========== OTL ==========
C:\Users\tobi\wgsdgsdgdsgsd.exe moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: tobi
->Flash cache emptied: 11071 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Public

User: tobi
->Temp folder emptied: 82808 bytes
->Temporary Internet Files folder emptied: 17918851 bytes
->Java cache emptied: 192413 bytes
->Google Chrome cache emptied: 183184435 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8056 bytes
Session Manager Temp folder emptied: 947128 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50166 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 193,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12052012_130835

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________

Alt 05.12.2012, 20:32   #4
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



Danke fürs hochladen.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 08:00   #5
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hallo, hier der log vom tdss killer scan:

07:54:52.0002 3720 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:54:52.0595 3720 ============================================================
07:54:52.0595 3720 Current date / time: 2012/12/06 07:54:52.0595
07:54:52.0595 3720 SystemInfo:
07:54:52.0595 3720
07:54:52.0595 3720 OS Version: 6.1.7601 ServicePack: 1.0
07:54:52.0595 3720 Product type: Workstation
07:54:52.0595 3720 ComputerName: TBMOBIL
07:54:52.0595 3720 UserName: tobi
07:54:52.0595 3720 Windows directory: C:\Windows
07:54:52.0595 3720 System windows directory: C:\Windows
07:54:52.0595 3720 Running under WOW64
07:54:52.0595 3720 Processor architecture: Intel x64
07:54:52.0595 3720 Number of processors: 4
07:54:52.0595 3720 Page size: 0x1000
07:54:52.0595 3720 Boot type: Normal boot
07:54:52.0595 3720 ============================================================
07:54:53.0593 3720 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:54:53.0609 3720 ============================================================
07:54:53.0609 3720 \Device\Harddisk0\DR0:
07:54:53.0609 3720 MBR partitions:
07:54:53.0609 3720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:54:53.0609 3720 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
07:54:53.0609 3720 ============================================================
07:54:53.0640 3720 C: <-> \Device\Harddisk0\DR0\Partition2
07:54:53.0640 3720 ============================================================
07:54:53.0640 3720 Initialize success
07:54:53.0640 3720 ============================================================
07:55:09.0864 3048 ============================================================
07:55:09.0864 3048 Scan started
07:55:09.0864 3048 Mode: Manual; SigCheck; TDLFS;
07:55:09.0864 3048 ============================================================
07:55:10.0129 3048 ================ Scan system memory ========================
07:55:10.0129 3048 System memory - ok
07:55:10.0129 3048 ================ Scan services =============================
07:55:10.0301 3048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:55:10.0363 3048 1394ohci - ok
07:55:10.0410 3048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:55:10.0441 3048 ACPI - ok
07:55:10.0488 3048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:55:10.0519 3048 AcpiPmi - ok
07:55:10.0582 3048 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
07:55:10.0613 3048 adfs - ok
07:55:10.0707 3048 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
07:55:10.0707 3048 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
07:55:10.0707 3048 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
07:55:10.0769 3048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:55:10.0800 3048 adp94xx - ok
07:55:10.0831 3048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:55:10.0847 3048 adpahci - ok
07:55:10.0894 3048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:55:10.0925 3048 adpu320 - ok
07:55:10.0956 3048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:55:11.0003 3048 AeLookupSvc - ok
07:55:11.0065 3048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:55:11.0081 3048 AFD - ok
07:55:11.0128 3048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:55:11.0143 3048 agp440 - ok
07:55:11.0175 3048 Agsacgtnrea - ok
07:55:11.0206 3048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:55:11.0237 3048 ALG - ok
07:55:11.0284 3048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:55:11.0299 3048 aliide - ok
07:55:11.0331 3048 [ 3260756E234083BD2BD1709C60B6E6D7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:55:11.0346 3048 AMD External Events Utility - ok
07:55:11.0409 3048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:55:11.0424 3048 amdide - ok
07:55:11.0455 3048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:55:11.0471 3048 AmdK8 - ok
07:55:11.0471 3048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:55:11.0487 3048 AmdPPM - ok
07:55:11.0549 3048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:55:11.0565 3048 amdsata - ok
07:55:11.0596 3048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:55:11.0596 3048 amdsbs - ok
07:55:11.0611 3048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:55:11.0627 3048 amdxata - ok
07:55:11.0721 3048 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
07:55:11.0736 3048 AppHostSvc - ok
07:55:11.0799 3048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:55:11.0845 3048 AppID - ok
07:55:11.0877 3048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:55:11.0923 3048 AppIDSvc - ok
07:55:11.0986 3048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:55:12.0048 3048 Appinfo - ok
07:55:12.0251 3048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:55:12.0267 3048 Apple Mobile Device - ok
07:55:12.0298 3048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
07:55:12.0313 3048 arc - ok
07:55:12.0329 3048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:55:12.0360 3048 arcsas - ok
07:55:12.0391 3048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:55:12.0454 3048 AsyncMac - ok
07:55:12.0501 3048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:55:12.0516 3048 atapi - ok
07:55:12.0579 3048 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
07:55:12.0610 3048 athr - ok
07:55:12.0781 3048 [ F3A362B683B6158CC47D7E8E58B7DDC9 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:55:12.0859 3048 atikmdag - ok
07:55:12.0937 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:55:12.0984 3048 AudioEndpointBuilder - ok
07:55:13.0000 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:55:13.0047 3048 AudioSrv - ok
07:55:13.0125 3048 Autodesk - ok
07:55:13.0218 3048 [ 958038B812E2B6AB998E115194B8D2B7 ] awhost32 C:\Program Files (x86)\_tb\misc\system\pcanywhere\awhost32.exe
07:55:13.0234 3048 awhost32 ( UnsignedFile.Multi.Generic ) - warning
07:55:13.0234 3048 awhost32 - detected UnsignedFile.Multi.Generic (1)
07:55:13.0234 3048 awlegacy - ok
07:55:13.0249 3048 AW_HOST - ok
07:55:13.0296 3048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:55:13.0343 3048 AxInstSV - ok
07:55:13.0390 3048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:55:13.0405 3048 b06bdrv - ok
07:55:13.0452 3048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:55:13.0468 3048 b57nd60a - ok
07:55:13.0499 3048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:55:13.0515 3048 BDESVC - ok
07:55:13.0546 3048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:55:13.0577 3048 Beep - ok
07:55:13.0655 3048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:55:13.0702 3048 BFE - ok
07:55:13.0749 3048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
07:55:13.0795 3048 BITS - ok
07:55:13.0827 3048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:55:13.0842 3048 blbdrive - ok
07:55:13.0920 3048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:55:13.0951 3048 Bonjour Service - ok
07:55:13.0998 3048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:55:14.0014 3048 bowser - ok
07:55:14.0045 3048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:55:14.0061 3048 BrFiltLo - ok
07:55:14.0061 3048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:55:14.0092 3048 BrFiltUp - ok
07:55:14.0139 3048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:55:14.0170 3048 Browser - ok
07:55:14.0201 3048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:55:14.0217 3048 Brserid - ok
07:55:14.0232 3048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:55:14.0248 3048 BrSerWdm - ok
07:55:14.0248 3048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:55:14.0263 3048 BrUsbMdm - ok
07:55:14.0279 3048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:55:14.0279 3048 BrUsbSer - ok
07:55:14.0326 3048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:55:14.0357 3048 BthEnum - ok
07:55:14.0373 3048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:55:14.0388 3048 BTHMODEM - ok
07:55:14.0419 3048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:55:14.0435 3048 BthPan - ok
07:55:14.0497 3048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:55:14.0529 3048 BTHPORT - ok
07:55:14.0560 3048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:55:14.0622 3048 bthserv - ok
07:55:14.0669 3048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:55:14.0685 3048 BTHUSB - ok
07:55:14.0716 3048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:55:14.0778 3048 cdfs - ok
07:55:14.0841 3048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
07:55:14.0872 3048 cdrom - ok
07:55:14.0919 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:55:14.0965 3048 CertPropSvc - ok
07:55:15.0012 3048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:55:15.0043 3048 circlass - ok
07:55:15.0075 3048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:55:15.0106 3048 CLFS - ok
07:55:15.0184 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:55:15.0199 3048 clr_optimization_v2.0.50727_32 - ok
07:55:15.0262 3048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:55:15.0293 3048 clr_optimization_v2.0.50727_64 - ok
07:55:15.0402 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:55:15.0418 3048 clr_optimization_v4.0.30319_32 - ok
07:55:15.0496 3048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:55:15.0511 3048 clr_optimization_v4.0.30319_64 - ok
07:55:15.0558 3048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:55:15.0574 3048 CmBatt - ok
07:55:15.0605 3048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:55:15.0621 3048 cmdide - ok
07:55:15.0667 3048 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
07:55:15.0714 3048 CNG - ok
07:55:15.0745 3048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:55:15.0745 3048 Compbatt - ok
07:55:15.0792 3048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:55:15.0808 3048 CompositeBus - ok
07:55:15.0823 3048 COMSysApp - ok
07:55:15.0855 3048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:55:15.0870 3048 crcdisk - ok
07:55:15.0933 3048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:55:15.0948 3048 CryptSvc - ok
07:55:16.0011 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:55:16.0073 3048 DcomLaunch - ok
07:55:16.0104 3048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:55:16.0151 3048 defragsvc - ok
07:55:16.0213 3048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:55:16.0276 3048 DfsC - ok
07:55:16.0323 3048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:55:16.0354 3048 Dhcp - ok
07:55:16.0401 3048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:55:16.0447 3048 discache - ok
07:55:16.0479 3048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:55:16.0494 3048 Disk - ok
07:55:16.0525 3048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:55:16.0557 3048 Dnscache - ok
07:55:16.0603 3048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:55:16.0666 3048 dot3svc - ok
07:55:16.0697 3048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:55:16.0759 3048 DPS - ok
07:55:16.0791 3048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:55:16.0806 3048 drmkaud - ok
07:55:16.0822 3048 DS1410D - ok
07:55:16.0884 3048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:55:16.0915 3048 DXGKrnl - ok
07:55:16.0947 3048 [ A2D551A61EC9E8A4BC5DF17BC1FEFEAD ] eamon C:\Windows\system32\DRIVERS\eamon.sys
07:55:16.0962 3048 eamon - ok
07:55:16.0993 3048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:55:17.0040 3048 EapHost - ok
07:55:17.0134 3048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:55:17.0196 3048 ebdrv - ok
07:55:17.0227 3048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:55:17.0243 3048 EFS - ok
07:55:17.0274 3048 [ F3448EE861344636DA8ED1B3F5E8E1A8 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
07:55:17.0290 3048 ehdrv - ok
07:55:17.0399 3048 [ D881E29C2973427406A1B506F636C971 ] EhttpSrv C:\Program Files\_tb\misc\secure\nod32\EHttpSrv.exe
07:55:17.0415 3048 EhttpSrv - ok
07:55:17.0477 3048 [ FDDAD27E9A20D0DAC04FACBF67AFBFC1 ] ekrn C:\Program Files\_tb\misc\secure\nod32\x86\ekrn.exe
07:55:17.0508 3048 ekrn - ok
07:55:17.0571 3048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:55:17.0602 3048 elxstor - ok
07:55:17.0633 3048 [ 9B7E8CF67DE13F71AE8951D0874AF447 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
07:55:17.0649 3048 epfwwfpr - ok
07:55:17.0680 3048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:55:17.0695 3048 ErrDev - ok
07:55:17.0742 3048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:55:17.0805 3048 EventSystem - ok
07:55:17.0836 3048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:55:17.0898 3048 exfat - ok
07:55:17.0914 3048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:55:17.0945 3048 fastfat - ok
07:55:17.0961 3048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:55:17.0961 3048 fdc - ok
07:55:18.0007 3048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:55:18.0039 3048 fdPHost - ok
07:55:18.0054 3048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:55:18.0085 3048 FDResPub - ok
07:55:18.0101 3048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:55:18.0117 3048 FileInfo - ok
07:55:18.0132 3048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:55:18.0163 3048 Filetrace - ok
07:55:18.0257 3048 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:55:18.0288 3048 FLEXnet Licensing Service - ok
07:55:18.0382 3048 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:55:18.0429 3048 FLEXnet Licensing Service 64 - ok
07:55:18.0444 3048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:55:18.0460 3048 flpydisk - ok
07:55:18.0491 3048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:55:18.0522 3048 FltMgr - ok
07:55:18.0585 3048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
07:55:18.0631 3048 FontCache - ok
07:55:18.0694 3048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:55:18.0694 3048 FontCache3.0.0.0 - ok
07:55:18.0725 3048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:55:18.0741 3048 FsDepends - ok
07:55:18.0787 3048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:55:18.0803 3048 Fs_Rec - ok
07:55:18.0865 3048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:55:18.0897 3048 fvevol - ok
07:55:18.0943 3048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:55:18.0943 3048 gagp30kx - ok
07:55:18.0990 3048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:55:19.0006 3048 GEARAspiWDM - ok
07:55:19.0021 3048 Gernuwa - ok
07:55:19.0068 3048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:55:19.0146 3048 gpsvc - ok
07:55:19.0177 3048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:55:19.0177 3048 hcw85cir - ok
07:55:19.0240 3048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:55:19.0271 3048 HdAudAddService - ok
07:55:19.0287 3048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:55:19.0302 3048 HDAudBus - ok
07:55:19.0349 3048 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:55:19.0365 3048 HECIx64 - ok
07:55:19.0396 3048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:55:19.0411 3048 HidBatt - ok
07:55:19.0427 3048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:55:19.0443 3048 HidBth - ok
07:55:19.0458 3048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:55:19.0474 3048 HidIr - ok
07:55:19.0489 3048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
07:55:19.0521 3048 hidserv - ok
07:55:19.0567 3048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:55:19.0583 3048 HidUsb - ok
07:55:19.0645 3048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:55:19.0692 3048 hkmsvc - ok
07:55:19.0739 3048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:55:19.0770 3048 HomeGroupListener - ok
07:55:19.0817 3048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:55:19.0833 3048 HomeGroupProvider - ok
07:55:19.0879 3048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:55:19.0895 3048 HpSAMD - ok
07:55:19.0957 3048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:55:20.0020 3048 HTTP - ok
07:55:20.0051 3048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:55:20.0067 3048 hwpolicy - ok
07:55:20.0113 3048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:55:20.0145 3048 i8042prt - ok
07:55:20.0207 3048 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:55:20.0223 3048 iaStor - ok
07:55:20.0285 3048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:55:20.0316 3048 iaStorV - ok
07:55:20.0379 3048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:55:20.0425 3048 idsvc - ok
07:55:20.0457 3048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:55:20.0457 3048 iirsp - ok
07:55:20.0519 3048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:55:20.0581 3048 IKEEXT - ok
07:55:20.0691 3048 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
07:55:20.0706 3048 Impcd - ok
07:55:20.0800 3048 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:55:20.0847 3048 IntcAzAudAddService - ok
07:55:20.0878 3048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:55:20.0893 3048 intelide - ok
07:55:20.0925 3048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:55:20.0940 3048 intelppm - ok
07:55:20.0971 3048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:55:21.0018 3048 IPBusEnum - ok
07:55:21.0065 3048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:55:21.0096 3048 IpFilterDriver - ok
07:55:21.0143 3048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:55:21.0174 3048 iphlpsvc - ok
07:55:21.0221 3048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:55:21.0221 3048 IPMIDRV - ok
07:55:21.0268 3048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:55:21.0299 3048 IPNAT - ok
07:55:21.0408 3048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:55:21.0439 3048 iPod Service - ok
07:55:21.0471 3048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:55:21.0502 3048 IRENUM - ok
07:55:21.0517 3048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:55:21.0533 3048 isapnp - ok
07:55:21.0580 3048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:55:21.0611 3048 iScsiPrt - ok
07:55:21.0627 3048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:55:21.0642 3048 kbdclass - ok
07:55:21.0705 3048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:55:21.0720 3048 kbdhid - ok
07:55:21.0751 3048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:55:21.0767 3048 KeyIso - ok
07:55:21.0798 3048 KMService - ok
07:55:21.0845 3048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:55:21.0861 3048 KSecDD - ok
07:55:21.0892 3048 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:55:21.0907 3048 KSecPkg - ok
07:55:21.0954 3048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:55:21.0985 3048 ksthunk - ok
07:55:22.0017 3048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:55:22.0063 3048 KtmRm - ok
07:55:22.0095 3048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:55:22.0157 3048 LanmanServer - ok
07:55:22.0204 3048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:55:22.0251 3048 LanmanWorkstation - ok
07:55:22.0329 3048 Lexware_Datenbank_Plus - ok
07:55:22.0375 3048 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
07:55:22.0391 3048 libusb0 - ok
07:55:22.0438 3048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:55:22.0485 3048 lltdio - ok
07:55:22.0516 3048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:55:22.0578 3048 lltdsvc - ok
07:55:22.0594 3048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:55:22.0625 3048 lmhosts - ok
07:55:22.0656 3048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:55:22.0672 3048 LSI_FC - ok
07:55:22.0687 3048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:55:22.0703 3048 LSI_SAS - ok
07:55:22.0719 3048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:55:22.0734 3048 LSI_SAS2 - ok
07:55:22.0765 3048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:55:22.0781 3048 LSI_SCSI - ok
07:55:22.0812 3048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:55:22.0843 3048 luafv - ok
07:55:22.0937 3048 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:55:22.0937 3048 MDM ( UnsignedFile.Multi.Generic ) - warning
07:55:22.0937 3048 MDM - detected UnsignedFile.Multi.Generic (1)
07:55:22.0984 3048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:55:22.0999 3048 megasas - ok
07:55:23.0046 3048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:55:23.0077 3048 MegaSR - ok
07:55:23.0109 3048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:55:23.0140 3048 MMCSS - ok
07:55:23.0171 3048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:55:23.0202 3048 Modem - ok
07:55:23.0218 3048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:55:23.0233 3048 monitor - ok
07:55:23.0280 3048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
07:55:23.0311 3048 mouclass - ok
07:55:23.0343 3048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:55:23.0374 3048 mouhid - ok
07:55:23.0405 3048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:55:23.0421 3048 mountmgr - ok
07:55:23.0545 3048 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:55:23.0577 3048 MozillaMaintenance - ok
07:55:23.0623 3048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:55:23.0639 3048 mpio - ok
07:55:23.0670 3048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:55:23.0717 3048 mpsdrv - ok
07:55:23.0764 3048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:55:23.0826 3048 MpsSvc - ok
07:55:23.0857 3048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:55:23.0873 3048 MRxDAV - ok
07:55:23.0920 3048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:55:23.0935 3048 mrxsmb - ok
07:55:23.0982 3048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:55:23.0998 3048 mrxsmb10 - ok
07:55:23.0998 3048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:55:24.0013 3048 mrxsmb20 - ok
07:55:24.0060 3048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:55:24.0076 3048 msahci - ok
07:55:24.0091 3048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:55:24.0107 3048 msdsm - ok
07:55:24.0138 3048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:55:24.0154 3048 MSDTC - ok
07:55:24.0201 3048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:55:24.0232 3048 Msfs - ok
07:55:24.0263 3048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:55:24.0310 3048 mshidkmdf - ok
07:55:24.0357 3048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:55:24.0372 3048 msisadrv - ok
07:55:24.0388 3048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:55:24.0435 3048 MSiSCSI - ok
07:55:24.0450 3048 msiserver - ok
07:55:24.0481 3048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:55:24.0528 3048 MSKSSRV - ok
07:55:24.0528 3048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:55:24.0559 3048 MSPCLOCK - ok
07:55:24.0575 3048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:55:24.0622 3048 MSPQM - ok
07:55:24.0669 3048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:55:24.0684 3048 MsRPC - ok
07:55:24.0731 3048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:55:24.0747 3048 mssmbios - ok
07:55:24.0809 3048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:55:24.0856 3048 MSTEE - ok
07:55:24.0856 3048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:55:24.0871 3048 MTConfig - ok
07:55:24.0903 3048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:55:24.0903 3048 Mup - ok
07:55:24.0949 3048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:55:24.0996 3048 napagent - ok
07:55:25.0059 3048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:55:25.0090 3048 NativeWifiP - ok
07:55:25.0152 3048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:55:25.0199 3048 NDIS - ok
07:55:25.0215 3048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:55:25.0261 3048 NdisCap - ok
07:55:25.0277 3048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:55:25.0308 3048 NdisTapi - ok
07:55:25.0355 3048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:55:25.0417 3048 Ndisuio - ok
07:55:25.0464 3048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:55:25.0527 3048 NdisWan - ok
07:55:25.0573 3048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:55:25.0636 3048 NDProxy - ok
07:55:25.0729 3048 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:55:25.0745 3048 Nero BackItUp Scheduler 4.0 - ok
07:55:25.0823 3048 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:55:25.0823 3048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:55:25.0823 3048 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:55:25.0854 3048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:55:25.0917 3048 NetBIOS - ok
07:55:25.0963 3048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:55:26.0010 3048 NetBT - ok
07:55:26.0010 3048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:55:26.0026 3048 Netlogon - ok
07:55:26.0057 3048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:55:26.0104 3048 Netman - ok
07:55:26.0135 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:55:26.0135 3048 NetMsmqActivator - ok
07:55:26.0151 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:55:26.0151 3048 NetPipeActivator - ok
07:55:26.0166 3048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:55:26.0213 3048 netprofm - ok
07:55:26.0213 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:55:26.0229 3048 NetTcpActivator - ok
07:55:26.0229 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:55:26.0229 3048 NetTcpPortSharing - ok
07:55:26.0275 3048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:55:26.0275 3048 nfrd960 - ok
07:55:26.0338 3048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:55:26.0353 3048 NlaSvc - ok
07:55:26.0385 3048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:55:26.0416 3048 Npfs - ok
07:55:26.0447 3048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:55:26.0525 3048 nsi - ok
07:55:26.0541 3048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:55:26.0587 3048 nsiproxy - ok
07:55:26.0665 3048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:55:26.0712 3048 Ntfs - ok
07:55:26.0728 3048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:55:26.0775 3048 Null - ok
07:55:26.0821 3048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:55:26.0837 3048 nvraid - ok
07:55:26.0853 3048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:55:26.0868 3048 nvstor - ok
07:55:26.0931 3048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:55:26.0946 3048 nv_agp - ok
07:55:27.0040 3048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:55:27.0071 3048 odserv - ok
07:55:27.0102 3048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:55:27.0133 3048 ohci1394 - ok
07:55:27.0196 3048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:55:27.0211 3048 ose - ok
07:55:27.0461 3048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:55:27.0539 3048 osppsvc - ok
07:55:27.0570 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:55:27.0586 3048 p2pimsvc - ok
07:55:27.0601 3048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:55:27.0633 3048 p2psvc - ok
07:55:27.0648 3048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:55:27.0664 3048 Parport - ok
07:55:27.0695 3048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:55:27.0711 3048 partmgr - ok
07:55:27.0742 3048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:55:27.0757 3048 PcaSvc - ok
07:55:27.0773 3048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:55:27.0773 3048 pci - ok
07:55:27.0820 3048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:55:27.0835 3048 pciide - ok
07:55:27.0882 3048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:55:27.0898 3048 pcmcia - ok
07:55:27.0913 3048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:55:27.0929 3048 pcw - ok
07:55:27.0960 3048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:55:28.0007 3048 PEAUTH - ok
07:55:28.0085 3048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:55:28.0116 3048 PerfHost - ok
07:55:28.0116 3048 pfc - ok
07:55:28.0179 3048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:55:28.0241 3048 pla - ok
07:55:28.0303 3048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:55:28.0335 3048 PlugPlay - ok
07:55:28.0397 3048 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:55:28.0397 3048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:55:28.0397 3048 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:55:28.0428 3048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:55:28.0444 3048 PNRPAutoReg - ok
07:55:28.0459 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:55:28.0491 3048 PNRPsvc - ok
07:55:28.0537 3048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:55:28.0600 3048 PolicyAgent - ok
07:55:28.0631 3048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:55:28.0662 3048 Power - ok
07:55:28.0709 3048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:55:28.0756 3048 PptpMiniport - ok
07:55:28.0787 3048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:55:28.0803 3048 Processor - ok
07:55:28.0834 3048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:55:28.0849 3048 ProfSvc - ok
07:55:28.0865 3048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:55:28.0881 3048 ProtectedStorage - ok
07:55:28.0943 3048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:55:28.0990 3048 Psched - ok
07:55:29.0052 3048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:55:29.0099 3048 ql2300 - ok
07:55:29.0099 3048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:55:29.0115 3048 ql40xx - ok
07:55:29.0146 3048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:55:29.0161 3048 QWAVE - ok
07:55:29.0193 3048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:55:29.0208 3048 QWAVEdrv - ok
07:55:29.0208 3048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:55:29.0255 3048 RasAcd - ok
07:55:29.0286 3048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:55:29.0317 3048 RasAgileVpn - ok
07:55:29.0349 3048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:55:29.0395 3048 RasAuto - ok
07:55:29.0427 3048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:55:29.0458 3048 Rasl2tp - ok
07:55:29.0520 3048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:55:29.0567 3048 RasMan - ok
07:55:29.0614 3048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:55:29.0661 3048 RasPppoe - ok
07:55:29.0676 3048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:55:29.0707 3048 RasSstp - ok
07:55:29.0770 3048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:55:29.0817 3048 rdbss - ok
07:55:29.0848 3048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:55:29.0863 3048 rdpbus - ok
07:55:29.0879 3048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:55:29.0910 3048 RDPCDD - ok
07:55:29.0941 3048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:55:29.0973 3048 RDPENCDD - ok
07:55:29.0988 3048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:55:30.0019 3048 RDPREFMP - ok
07:55:30.0066 3048 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:55:30.0097 3048 RdpVideoMiniport - ok
07:55:30.0129 3048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:55:30.0144 3048 RDPWD - ok
07:55:30.0207 3048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:55:30.0222 3048 rdyboost - ok
07:55:30.0253 3048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:55:30.0285 3048 RemoteAccess - ok
07:55:30.0331 3048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:55:30.0363 3048 RemoteRegistry - ok
07:55:30.0409 3048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:55:30.0425 3048 RFCOMM - ok
07:55:30.0472 3048 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\DRIVERS\rimssne64.sys
07:55:30.0472 3048 rimspci - ok
07:55:30.0503 3048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:55:30.0550 3048 RpcEptMapper - ok
07:55:30.0581 3048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:55:30.0597 3048 RpcLocator - ok
07:55:30.0643 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:55:30.0706 3048 RpcSs - ok
07:55:30.0737 3048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:55:30.0799 3048 rspndr - ok
07:55:30.0799 3048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:55:30.0815 3048 SamSs - ok
07:55:30.0846 3048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:55:30.0862 3048 sbp2port - ok
07:55:30.0893 3048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:55:30.0955 3048 SCardSvr - ok
07:55:31.0002 3048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:55:31.0033 3048 scfilter - ok
07:55:31.0111 3048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:55:31.0174 3048 Schedule - ok
07:55:31.0205 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:55:31.0267 3048 SCPolicySvc - ok
07:55:31.0314 3048 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
07:55:31.0345 3048 sdbus - ok
07:55:31.0361 3048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:55:31.0377 3048 SDRSVC - ok
07:55:31.0423 3048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:55:31.0470 3048 secdrv - ok
07:55:31.0501 3048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:55:31.0533 3048 seclogon - ok
07:55:31.0579 3048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
07:55:31.0611 3048 SENS - ok
07:55:31.0626 3048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:55:31.0642 3048 SensrSvc - ok
07:55:31.0657 3048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:55:31.0673 3048 Serenum - ok
07:55:31.0704 3048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:55:31.0720 3048 Serial - ok
07:55:31.0751 3048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:55:31.0782 3048 sermouse - ok
07:55:31.0813 3048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:55:31.0876 3048 SessionEnv - ok
07:55:31.0907 3048 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
07:55:31.0923 3048 SFEP - ok
07:55:31.0954 3048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
07:55:31.0969 3048 sffdisk - ok
07:55:31.0985 3048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:55:32.0001 3048 sffp_mmc - ok
07:55:32.0016 3048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
07:55:32.0032 3048 sffp_sd - ok
07:55:32.0063 3048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:55:32.0079 3048 sfloppy - ok
07:55:32.0110 3048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:55:32.0172 3048 SharedAccess - ok
07:55:32.0219 3048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:55:32.0266 3048 ShellHWDetection - ok
07:55:32.0297 3048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:55:32.0313 3048 SiSRaid2 - ok
07:55:32.0328 3048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:55:32.0328 3048 SiSRaid4 - ok
07:55:32.0484 3048 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\_tb\misc\system\skype\Updater\Updater.exe
07:55:32.0500 3048 SkypeUpdate - ok
07:55:32.0547 3048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:55:32.0593 3048 Smb - ok
07:55:32.0656 3048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:55:32.0671 3048 SNMPTRAP - ok
07:55:32.0671 3048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:55:32.0687 3048 spldr - ok
07:55:32.0734 3048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:55:32.0765 3048 Spooler - ok
07:55:32.0874 3048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:55:32.0952 3048 sppsvc - ok
07:55:32.0983 3048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:55:33.0046 3048 sppuinotify - ok
07:55:33.0108 3048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:55:33.0124 3048 srv - ok
07:55:33.0139 3048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:55:33.0155 3048 srv2 - ok
07:55:33.0202 3048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:55:33.0217 3048 srvnet - ok
07:55:33.0264 3048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:55:33.0327 3048 SSDPSRV - ok
07:55:33.0342 3048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:55:33.0389 3048 SstpSvc - ok
07:55:33.0420 3048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:55:33.0436 3048 stexstor - ok
07:55:33.0498 3048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:55:33.0529 3048 stisvc - ok
07:55:33.0561 3048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:55:33.0576 3048 swenum - ok
07:55:33.0607 3048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:55:33.0670 3048 swprv - ok
07:55:33.0763 3048 [ 083FE6483DC16A02AF2434D04B7D7AEA ] SymEvent C:\Program Files (x86)\Symantec\SYMEVENT.SYS
07:55:33.0779 3048 SymEvent - ok
07:55:33.0857 3048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:55:33.0888 3048 SysMain - ok
07:55:33.0935 3048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:55:33.0966 3048 TabletInputService - ok
07:55:33.0982 3048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:55:34.0013 3048 TapiSrv - ok
07:55:34.0044 3048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:55:34.0075 3048 TBS - ok
07:55:34.0185 3048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:55:34.0216 3048 Tcpip - ok
07:55:34.0278 3048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:55:34.0325 3048 TCPIP6 - ok
07:55:34.0356 3048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:55:34.0372 3048 tcpipreg - ok
07:55:34.0403 3048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:55:34.0419 3048 TDPIPE - ok
07:55:34.0465 3048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:55:34.0481 3048 TDTCP - ok
07:55:34.0528 3048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:55:34.0575 3048 tdx - ok
07:55:34.0668 3048 [ 2A96C8FA665C02E6AD596C321B583112 ] TeamViewer5 C:\Program Files\_tb\misc\system\teamviewer\TeamViewer_Service.exe
07:55:34.0699 3048 TeamViewer5 - ok
07:55:34.0871 3048 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
07:55:34.0933 3048 TeamViewer6 - ok
07:55:35.0121 3048 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
07:55:35.0167 3048 TeamViewer7 - ok
07:55:35.0199 3048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:55:35.0214 3048 TermDD - ok
07:55:35.0261 3048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:55:35.0308 3048 TermService - ok
07:55:35.0339 3048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:55:35.0355 3048 Themes - ok
07:55:35.0386 3048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:55:35.0417 3048 THREADORDER - ok
07:55:35.0448 3048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:55:35.0479 3048 TrkWks - ok
07:55:35.0557 3048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:55:35.0589 3048 TrustedInstaller - ok
07:55:35.0635 3048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:55:35.0682 3048 tssecsrv - ok
07:55:35.0729 3048 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:55:35.0760 3048 TsUsbFlt - ok
07:55:35.0807 3048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:55:35.0885 3048 tunnel - ok
07:55:35.0916 3048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:55:35.0932 3048 uagp35 - ok
07:55:35.0979 3048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:55:36.0025 3048 udfs - ok
07:55:36.0057 3048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:55:36.0072 3048 UI0Detect - ok
07:55:36.0103 3048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:55:36.0135 3048 uliagpkx - ok
07:55:36.0181 3048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
07:55:36.0197 3048 umbus - ok
07:55:36.0228 3048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:55:36.0228 3048 UmPass - ok
07:55:36.0259 3048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:55:36.0306 3048 upnphost - ok
07:55:36.0369 3048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
07:55:36.0384 3048 USBAAPL64 - ok
07:55:36.0431 3048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:55:36.0447 3048 usbccgp - ok
07:55:36.0478 3048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:55:36.0509 3048 usbcir - ok
07:55:36.0540 3048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:55:36.0556 3048 usbehci - ok
07:55:36.0603 3048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:55:36.0618 3048 usbhub - ok
07:55:36.0649 3048 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:55:36.0665 3048 usbohci - ok
07:55:36.0665 3048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:55:36.0681 3048 usbprint - ok
07:55:36.0712 3048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:55:36.0743 3048 USBSTOR - ok
07:55:36.0743 3048 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:55:36.0759 3048 usbuhci - ok
07:55:36.0821 3048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:55:36.0852 3048 usbvideo - ok
07:55:36.0883 3048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:55:36.0915 3048 UxSms - ok
07:55:36.0930 3048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:55:36.0946 3048 VaultSvc - ok
07:55:36.0977 3048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:55:36.0977 3048 vdrvroot - ok
07:55:37.0039 3048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:55:37.0102 3048 vds - ok
07:55:37.0133 3048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:55:37.0149 3048 vga - ok
07:55:37.0180 3048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:55:37.0211 3048 VgaSave - ok
07:55:37.0258 3048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:55:37.0273 3048 vhdmp - ok
07:55:37.0289 3048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:55:37.0305 3048 viaide - ok
07:55:37.0320 3048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:55:37.0336 3048 volmgr - ok
07:55:37.0367 3048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:55:37.0398 3048 volmgrx - ok
07:55:37.0414 3048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:55:37.0429 3048 volsnap - ok
07:55:37.0476 3048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:55:37.0492 3048 vsmraid - ok
07:55:37.0585 3048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:55:37.0648 3048 VSS - ok
07:55:37.0663 3048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:55:37.0679 3048 vwifibus - ok
07:55:37.0679 3048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:55:37.0695 3048 vwififlt - ok
07:55:37.0726 3048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:55:37.0773 3048 W32Time - ok
07:55:37.0866 3048 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
07:55:37.0897 3048 W3SVC - ok
07:55:37.0929 3048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:55:37.0944 3048 WacomPen - ok
07:55:37.0991 3048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:55:38.0038 3048 WANARP - ok
07:55:38.0053 3048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:55:38.0085 3048 Wanarpv6 - ok
07:55:38.0147 3048 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
07:55:38.0163 3048 WAS - ok
07:55:38.0241 3048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:55:38.0287 3048 wbengine - ok
07:55:38.0334 3048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:55:38.0365 3048 WbioSrvc - ok
07:55:38.0397 3048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:55:38.0428 3048 wcncsvc - ok
07:55:38.0443 3048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:55:38.0459 3048 WcsPlugInService - ok
07:55:38.0475 3048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:55:38.0506 3048 Wd - ok
07:55:38.0568 3048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:55:38.0599 3048 Wdf01000 - ok
07:55:38.0599 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:55:38.0631 3048 WdiServiceHost - ok
07:55:38.0631 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:55:38.0646 3048 WdiSystemHost - ok
07:55:38.0693 3048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:55:38.0724 3048 WebClient - ok
07:55:38.0755 3048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:55:38.0802 3048 Wecsvc - ok
07:55:38.0802 3048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:55:38.0849 3048 wercplsupport - ok
07:55:38.0880 3048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:55:38.0927 3048 WerSvc - ok
07:55:38.0958 3048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:55:39.0021 3048 WfpLwf - ok
07:55:39.0036 3048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:55:39.0036 3048 WIMMount - ok
07:55:39.0067 3048 WinDefend - ok
07:55:39.0067 3048 WinHttpAutoProxySvc - ok
07:55:39.0114 3048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:55:39.0161 3048 Winmgmt - ok
07:55:39.0239 3048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:55:39.0317 3048 WinRM - ok
07:55:39.0395 3048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:55:39.0426 3048 WinUsb - ok
07:55:39.0473 3048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:55:39.0489 3048 Wlansvc - ok
07:55:39.0535 3048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:55:39.0551 3048 WmiAcpi - ok
07:55:39.0582 3048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:55:39.0613 3048 wmiApSrv - ok
07:55:39.0645 3048 WMPNetworkSvc - ok
07:55:39.0660 3048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:55:39.0691 3048 WPCSvc - ok
07:55:39.0723 3048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:55:39.0754 3048 WPDBusEnum - ok
07:55:39.0785 3048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:55:39.0847 3048 ws2ifsl - ok
07:55:39.0879 3048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
07:55:39.0894 3048 wscsvc - ok
07:55:39.0894 3048 WSearch - ok
07:55:40.0003 3048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:55:40.0050 3048 wuauserv - ok
07:55:40.0097 3048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:55:40.0113 3048 WudfPf - ok
07:55:40.0159 3048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:55:40.0175 3048 WUDFRd - ok
07:55:40.0222 3048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:55:40.0237 3048 wudfsvc - ok
07:55:40.0269 3048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:55:40.0284 3048 WwanSvc - ok
07:55:40.0347 3048 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
07:55:40.0378 3048 yukonw7 - ok
07:55:40.0503 3048 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\_tb\media\PowerDVD9\000.fcl
07:55:40.0518 3048 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
07:55:40.0518 3048 ================ Scan global ===============================
07:55:40.0549 3048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:55:40.0581 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
07:55:40.0596 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
07:55:40.0627 3048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:55:40.0659 3048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:55:40.0674 3048 [Global] - ok
07:55:40.0674 3048 ================ Scan MBR ==================================
07:55:40.0690 3048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:55:41.0782 3048 \Device\Harddisk0\DR0 - ok
07:55:41.0782 3048 ================ Scan VBR ==================================
07:55:41.0813 3048 [ 7BB863997BEFC019D356187B8CA7CFBE ] \Device\Harddisk0\DR0\Partition1
07:55:41.0813 3048 \Device\Harddisk0\DR0\Partition1 - ok
07:55:41.0813 3048 [ B30D5C14C35072EB030FBC92E74D3D67 ] \Device\Harddisk0\DR0\Partition2
07:55:41.0813 3048 \Device\Harddisk0\DR0\Partition2 - ok
07:55:41.0813 3048 ============================================================
07:55:41.0813 3048 Scan finished
07:55:41.0813 3048 ============================================================
07:55:41.0829 1392 Detected object count: 5
07:55:41.0829 1392 Actual detected object count: 5
07:56:43.0121 1392 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:56:43.0121 1392 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:56:43.0121 1392 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user
07:56:43.0121 1392 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:56:43.0121 1392 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
07:56:43.0121 1392 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:56:43.0121 1392 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:56:43.0121 1392 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:56:43.0121 1392 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:56:43.0121 1392 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alt 06.12.2012, 16:36   #6
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> GVU Trojaner 05.12.2012

Alt 06.12.2012, 18:27   #7
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hallo, hier die

combofix.txt

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-04.01 - tobi 06.12.2012  18:13:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.2600 [GMT 1:00]
ausgeführt von:: c:\users\tobi\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\ssv.dll
c:\users\tobi\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-06 bis 2012-12-06  ))))))))))))))))))))))))))))))
.
.
2012-12-06 17:18 . 2012-12-06 17:18	--------	d-----w-	c:\users\tobi\AppData\Local\temp
2012-12-06 17:18 . 2012-12-06 17:18	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2012-12-06 17:18 . 2012-12-06 17:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-05 12:08 . 2012-12-05 12:12	--------	d-----w-	C:\_OTL
2012-12-04 08:30 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{654A20BC-EA6B-4AE0-AC95-01EAAD4AF23B}\mpengine.dll
2012-12-02 12:51 . 2012-08-22 15:37	844288	----a-w-	c:\windows\SysWow64\G32_GD.dll
2012-11-20 13:27 . 2012-11-20 13:27	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-11-14 08:20 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-14 08:20 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 08:20 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 08:20 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 08:12 . 2012-10-08 12:19	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 08:12 . 2012-10-08 11:42	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 08:10 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 08:10 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-14 08:10 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 08:10 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 08:10 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 08:10 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-14 08:10 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-12 10:51 . 2012-11-12 10:51	--------	d-----w-	c:\program files (x86)\Sybase
2012-11-08 21:10 . 2012-11-08 21:10	--------	d-----w-	c:\program files (x86)\Garmin GPS Plugin
2012-11-08 21:10 . 2012-11-08 21:10	--------	d-----w-	c:\program files\Garmin GPS Plugin
2012-11-08 20:16 . 2012-11-08 21:24	--------	d-----w-	c:\users\tobi\AppData\Local\ZoneFiveSoftware
2012-11-08 20:15 . 2012-11-08 20:15	--------	d-----w-	c:\programdata\ZoneFiveSoftware
2012-11-08 20:11 . 2012-11-08 21:10	--------	d-----w-	c:\users\tobi\AppData\Roaming\Garmin
2012-11-08 20:08 . 2012-11-08 20:09	--------	d-----w-	c:\programdata\Ant
2012-11-08 20:06 . 2012-11-08 20:06	--------	d-----w-	c:\program files\DIFX
2012-11-08 20:06 . 2012-11-08 21:10	--------	d-----w-	c:\program files (x86)\Garmin
2012-11-07 18:05 . 2012-11-07 18:05	--------	d-----w-	C:\Log
2012-11-07 11:06 . 2012-11-07 11:06	--------	d-----w-	c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-07 10:43 . 2002-08-22 13:07	331776	----a-w-	c:\windows\SysWow64\cdintf.dll
2012-11-07 10:05 . 2012-11-12 13:58	--------	d-----w-	c:\users\tobi\AppData\Roaming\Lexware
2012-11-07 10:00 . 2012-11-13 13:56	--------	d-----w-	c:\programdata\Lexware
2012-11-07 09:58 . 2006-06-26 12:58	1929216	----a-w-	c:\windows\SysWow64\cdintf250.dll
2012-11-07 09:58 . 2012-11-07 09:58	455680	----a-w-	c:\windows\system32\deploytk.dll
2012-11-07 09:58 . 2012-11-07 09:58	181760	----a-w-	c:\windows\system32\javaws.exe
2012-11-07 09:58 . 2012-11-07 09:58	165888	----a-w-	c:\windows\system32\javaw.exe
2012-11-07 09:58 . 2012-11-07 09:58	165888	----a-w-	c:\windows\system32\java.exe
2012-11-07 09:58 . 2012-11-07 09:58	--------	d-----w-	c:\program files\Java
2012-11-07 09:58 . 2012-11-07 09:58	--------	d-----w-	c:\program files (x86)\Microsoft WSE
2012-11-07 09:51 . 2012-11-12 10:55	--------	d-----w-	c:\program files (x86)\Common Files\Lexware
2012-11-07 09:51 . 2012-11-12 10:56	--------	d-----w-	c:\users\tobi\AppData\Local\Lexware
2012-11-07 06:05 . 2002-10-14 15:46	422848	----a-w-	c:\windows\SysWow64\vsflex7L.ocx
2012-11-07 06:05 . 2001-04-20 10:41	335872	----a-w-	c:\windows\SysWow64\Pepco32a.ocx
2012-11-07 06:05 . 2001-04-20 09:42	376832	----a-w-	c:\windows\SysWow64\Pe3do32a.ocx
2012-11-07 06:05 . 2004-03-09 00:00	132880	----a-w-	c:\windows\SysWow64\MSINET.OCX
2012-11-07 06:05 . 1998-06-24 01:00	103744	----a-w-	c:\windows\SysWow64\MSCOMM32.OCX
2012-11-07 06:05 . 2011-08-29 13:44	286720	----a-w-	c:\windows\SysWow64\G32_zip.dll
2012-11-07 06:05 . 2002-03-15 18:28	7680	----a-w-	c:\windows\SysWow64\free_res.exe
2012-11-07 06:05 . 2002-02-11 17:20	81920	----a-w-	c:\windows\SysWow64\G32_rkey.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 08:10 . 2010-03-14 13:10	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-10-24 17:53 . 2012-10-24 17:53	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-24 17:53 . 2012-05-16 19:23	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-10-24 17:53 . 2010-06-13 06:50	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 06:36	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:36	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:36	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-08 16:24 . 2010-06-16 18:39	258048	----a-w-	c:\windows\ddedll.dll
2012-10-08 16:24 . 2010-06-16 07:27	122880	----a-w-	c:\windows\SysWow64\TwsSocketClient.dll
2012-09-14 19:19 . 2012-10-10 07:30	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 07:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2010-04-16 22:26 . 2010-06-15 20:24	10355024	----a-w-	c:\program files\3.EXE
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dimension4"="c:\program files (x86)\_tb\misc\system\clock\D4.exe" [2004-02-04 200704]
.
c:\users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sunbird.lnk - c:\program files\_tb\office\sunbird\sunbird.exe [2010-10-30 8829440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 09:00	8704	----a-w-	c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\_tb\misc\system\skype\Updater\Updater.exe [2012-11-09 160944]
R3 Agsacgtnrea;Agsacgtnrea; [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-03 1436424]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-17 44480]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TeamViewer5;TeamViewer 5;c:\program files\_tb\misc\system\teamviewer\TeamViewer_Service.exe [2010-05-21 173352]
R3 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 Autodesk;Autodesk;c:\program files (x86)\_tb\office\autocad\licencemanager\lmgrd.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 136584]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/10 15:35];c:\program files (x86)\_tb\media\PowerDVD9\000.fcl [2009-03-30 15:53 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-26 202752]
S2 ekrn;ESET Service;c:\program files\_tb\misc\secure\nod32\x86\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 123200]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 Lexware_Datenbank_Plus;Lexware Datenbank Plus;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2010-11-05 83248]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-01-14 93696]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-02-26 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-07-24 151936]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-12-22 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-02-25 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67312263
*NewlyCreated* - 86204960
*Deregistered* - 67312263
*Deregistered* - 86204960
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\_tb\misc\secure\nod32\egui.exe" [2009-09-11 2716216]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with mediAvatar iPad Softwarepaket Pro - c:\program files\_tb\media\iPad video\upod_link.HTM
IE: Nach Microsoft &Excel exportieren - c:\progra~2\_tb\office\office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\_tb\office\office7\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.111
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\_tb\media\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-06  18:20:52
ComboFix-quarantined-files.txt  2012-12-06 17:20
.
Vor Suchlauf: 7 Verzeichnis(se), 295.642.656.768 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 295.507.513.344 Bytes frei
.
- - End Of File - - FB625A471682EB846FB6C68C3A3B80CC
         
--- --- ---

Alt 06.12.2012, 21:34   #8
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



Hi
Anmerkung, von Morgen, bis Mittwoch im Urlaub.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 22:14   #9
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hier der log von tdss killer. ergebnis wie beim letzten tdss scan.
schönen urlaub :-)

22:11:28.0877 1020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:11:29.0533 1020 ============================================================
22:11:29.0533 1020 Current date / time: 2012/12/06 22:11:29.0533
22:11:29.0533 1020 SystemInfo:
22:11:29.0533 1020
22:11:29.0533 1020 OS Version: 6.1.7601 ServicePack: 1.0
22:11:29.0533 1020 Product type: Workstation
22:11:29.0533 1020 ComputerName: TBMOBIL
22:11:29.0533 1020 UserName: tobi
22:11:29.0533 1020 Windows directory: C:\Windows
22:11:29.0533 1020 System windows directory: C:\Windows
22:11:29.0533 1020 Running under WOW64
22:11:29.0533 1020 Processor architecture: Intel x64
22:11:29.0533 1020 Number of processors: 4
22:11:29.0533 1020 Page size: 0x1000
22:11:29.0533 1020 Boot type: Normal boot
22:11:29.0533 1020 ============================================================
22:11:30.0469 1020 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:11:30.0469 1020 ============================================================
22:11:30.0469 1020 \Device\Harddisk0\DR0:
22:11:30.0469 1020 MBR partitions:
22:11:30.0469 1020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:11:30.0469 1020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:11:30.0469 1020 ============================================================
22:11:30.0500 1020 C: <-> \Device\Harddisk0\DR0\Partition2
22:11:30.0500 1020 ============================================================
22:11:30.0500 1020 Initialize success
22:11:30.0500 1020 ============================================================
22:11:38.0128 2736 ============================================================
22:11:38.0128 2736 Scan started
22:11:38.0128 2736 Mode: Manual; SigCheck; TDLFS;
22:11:38.0128 2736 ============================================================
22:11:38.0768 2736 ================ Scan system memory ========================
22:11:38.0768 2736 System memory - ok
22:11:38.0768 2736 ================ Scan services =============================
22:11:38.0939 2736 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:11:39.0049 2736 1394ohci - ok
22:11:39.0111 2736 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:11:39.0142 2736 ACPI - ok
22:11:39.0189 2736 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:11:39.0267 2736 AcpiPmi - ok
22:11:39.0361 2736 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
22:11:39.0376 2736 adfs - ok
22:11:39.0470 2736 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
22:11:39.0501 2736 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
22:11:39.0501 2736 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
22:11:39.0563 2736 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:11:39.0595 2736 adp94xx - ok
22:11:39.0626 2736 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:11:39.0641 2736 adpahci - ok
22:11:39.0657 2736 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:11:39.0673 2736 adpu320 - ok
22:11:39.0688 2736 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:11:39.0844 2736 AeLookupSvc - ok
22:11:39.0907 2736 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:11:39.0985 2736 AFD - ok
22:11:40.0047 2736 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:11:40.0063 2736 agp440 - ok
22:11:40.0094 2736 Agsacgtnrea - ok
22:11:40.0125 2736 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:11:40.0187 2736 ALG - ok
22:11:40.0250 2736 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:11:40.0265 2736 aliide - ok
22:11:40.0297 2736 [ 3260756E234083BD2BD1709C60B6E6D7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:11:40.0359 2736 AMD External Events Utility - ok
22:11:40.0421 2736 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:11:40.0437 2736 amdide - ok
22:11:40.0484 2736 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:11:40.0546 2736 AmdK8 - ok
22:11:40.0577 2736 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:11:40.0640 2736 AmdPPM - ok
22:11:40.0702 2736 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:11:40.0718 2736 amdsata - ok
22:11:40.0749 2736 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:11:40.0765 2736 amdsbs - ok
22:11:40.0827 2736 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:11:40.0843 2736 amdxata - ok
22:11:40.0952 2736 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
22:11:40.0983 2736 AppHostSvc - ok
22:11:41.0030 2736 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:11:41.0217 2736 AppID - ok
22:11:41.0248 2736 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:11:41.0326 2736 AppIDSvc - ok
22:11:41.0389 2736 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:11:41.0435 2736 Appinfo - ok
22:11:41.0529 2736 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:11:41.0545 2736 Apple Mobile Device - ok
22:11:41.0607 2736 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:11:41.0623 2736 arc - ok
22:11:41.0638 2736 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:11:41.0654 2736 arcsas - ok
22:11:41.0701 2736 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:41.0747 2736 AsyncMac - ok
22:11:41.0794 2736 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:11:41.0825 2736 atapi - ok
22:11:41.0888 2736 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:11:41.0997 2736 athr - ok
22:11:42.0169 2736 [ F3A362B683B6158CC47D7E8E58B7DDC9 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:11:42.0371 2736 atikmdag - ok
22:11:42.0434 2736 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:42.0543 2736 AudioEndpointBuilder - ok
22:11:42.0543 2736 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:11:42.0590 2736 AudioSrv - ok
22:11:42.0668 2736 Autodesk - ok
22:11:42.0761 2736 [ 958038B812E2B6AB998E115194B8D2B7 ] awhost32 C:\Program Files (x86)\_tb\misc\system\pcanywhere\awhost32.exe
22:11:42.0777 2736 awhost32 ( UnsignedFile.Multi.Generic ) - warning
22:11:42.0777 2736 awhost32 - detected UnsignedFile.Multi.Generic (1)
22:11:42.0777 2736 awlegacy - ok
22:11:42.0777 2736 AW_HOST - ok
22:11:42.0839 2736 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:11:42.0886 2736 AxInstSV - ok
22:11:42.0933 2736 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:11:42.0980 2736 b06bdrv - ok
22:11:43.0027 2736 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:11:43.0073 2736 b57nd60a - ok
22:11:43.0136 2736 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:11:43.0151 2736 BDESVC - ok
22:11:43.0198 2736 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:11:43.0276 2736 Beep - ok
22:11:43.0354 2736 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:11:43.0432 2736 BFE - ok
22:11:43.0479 2736 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:11:43.0573 2736 BITS - ok
22:11:43.0604 2736 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:43.0635 2736 blbdrive - ok
22:11:43.0713 2736 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:11:43.0744 2736 Bonjour Service - ok
22:11:43.0791 2736 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:11:43.0838 2736 bowser - ok
22:11:43.0869 2736 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:43.0963 2736 BrFiltLo - ok
22:11:43.0978 2736 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:43.0994 2736 BrFiltUp - ok
22:11:44.0041 2736 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:11:44.0119 2736 BridgeMP - ok
22:11:44.0181 2736 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:11:44.0212 2736 Browser - ok
22:11:44.0228 2736 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:11:44.0275 2736 Brserid - ok
22:11:44.0321 2736 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:44.0353 2736 BrSerWdm - ok
22:11:44.0368 2736 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:44.0399 2736 BrUsbMdm - ok
22:11:44.0431 2736 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:44.0462 2736 BrUsbSer - ok
22:11:44.0524 2736 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:11:44.0602 2736 BthEnum - ok
22:11:44.0618 2736 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:44.0665 2736 BTHMODEM - ok
22:11:44.0711 2736 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:11:44.0743 2736 BthPan - ok
22:11:44.0805 2736 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:11:44.0883 2736 BTHPORT - ok
22:11:44.0914 2736 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:11:44.0992 2736 bthserv - ok
22:11:45.0055 2736 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:11:45.0086 2736 BTHUSB - ok
22:11:45.0101 2736 catchme - ok
22:11:45.0117 2736 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:11:45.0179 2736 cdfs - ok
22:11:45.0242 2736 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:11:45.0289 2736 cdrom - ok
22:11:45.0335 2736 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:11:45.0398 2736 CertPropSvc - ok
22:11:45.0445 2736 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:11:45.0491 2736 circlass - ok
22:11:45.0554 2736 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:11:45.0585 2736 CLFS - ok
22:11:45.0647 2736 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:45.0679 2736 clr_optimization_v2.0.50727_32 - ok
22:11:45.0741 2736 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:11:45.0757 2736 clr_optimization_v2.0.50727_64 - ok
22:11:45.0881 2736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:45.0897 2736 clr_optimization_v4.0.30319_32 - ok
22:11:45.0975 2736 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:11:45.0991 2736 clr_optimization_v4.0.30319_64 - ok
22:11:46.0037 2736 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:46.0084 2736 CmBatt - ok
22:11:46.0100 2736 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:11:46.0115 2736 cmdide - ok
22:11:46.0162 2736 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
22:11:46.0209 2736 CNG - ok
22:11:46.0256 2736 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:11:46.0271 2736 Compbatt - ok
22:11:46.0303 2736 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:11:46.0365 2736 CompositeBus - ok
22:11:46.0381 2736 COMSysApp - ok
22:11:46.0412 2736 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:46.0412 2736 crcdisk - ok
22:11:46.0474 2736 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:11:46.0521 2736 CryptSvc - ok
22:11:46.0599 2736 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:11:46.0661 2736 DcomLaunch - ok
22:11:46.0693 2736 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:11:46.0755 2736 defragsvc - ok
22:11:46.0802 2736 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:11:46.0864 2736 DfsC - ok
22:11:46.0927 2736 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:11:46.0973 2736 Dhcp - ok
22:11:47.0036 2736 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:11:47.0098 2736 discache - ok
22:11:47.0129 2736 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:11:47.0145 2736 Disk - ok
22:11:47.0192 2736 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:11:47.0207 2736 Dnscache - ok
22:11:47.0270 2736 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:11:47.0348 2736 dot3svc - ok
22:11:47.0363 2736 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:11:47.0410 2736 DPS - ok
22:11:47.0457 2736 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:11:47.0473 2736 drmkaud - ok
22:11:47.0504 2736 DS1410D - ok
22:11:47.0566 2736 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:11:47.0597 2736 DXGKrnl - ok
22:11:47.0629 2736 [ A2D551A61EC9E8A4BC5DF17BC1FEFEAD ] eamon C:\Windows\system32\DRIVERS\eamon.sys
22:11:47.0629 2736 eamon - ok
22:11:47.0660 2736 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:11:47.0707 2736 EapHost - ok
22:11:47.0816 2736 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:11:47.0909 2736 ebdrv - ok
22:11:47.0956 2736 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:11:47.0987 2736 EFS - ok
22:11:48.0050 2736 [ F3448EE861344636DA8ED1B3F5E8E1A8 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
22:11:48.0065 2736 ehdrv - ok
22:11:48.0159 2736 [ D881E29C2973427406A1B506F636C971 ] EhttpSrv C:\Program Files\_tb\misc\secure\nod32\EHttpSrv.exe
22:11:48.0175 2736 EhttpSrv - ok
22:11:48.0268 2736 [ FDDAD27E9A20D0DAC04FACBF67AFBFC1 ] ekrn C:\Program Files\_tb\misc\secure\nod32\x86\ekrn.exe
22:11:48.0299 2736 ekrn - ok
22:11:48.0362 2736 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:11:48.0377 2736 elxstor - ok
22:11:48.0409 2736 [ 9B7E8CF67DE13F71AE8951D0874AF447 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
22:11:48.0424 2736 epfwwfpr - ok
22:11:48.0455 2736 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:11:48.0487 2736 ErrDev - ok
22:11:48.0533 2736 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:11:48.0596 2736 EventSystem - ok
22:11:48.0658 2736 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:11:48.0721 2736 exfat - ok
22:11:48.0752 2736 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:11:48.0799 2736 fastfat - ok
22:11:48.0830 2736 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:11:48.0845 2736 fdc - ok
22:11:48.0861 2736 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:11:48.0908 2736 fdPHost - ok
22:11:48.0923 2736 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:11:48.0970 2736 FDResPub - ok
22:11:49.0001 2736 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:11:49.0017 2736 FileInfo - ok
22:11:49.0033 2736 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:11:49.0126 2736 Filetrace - ok
22:11:49.0220 2736 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:11:49.0251 2736 FLEXnet Licensing Service - ok
22:11:49.0345 2736 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:11:49.0391 2736 FLEXnet Licensing Service 64 - ok
22:11:49.0407 2736 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:49.0423 2736 flpydisk - ok
22:11:49.0485 2736 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:11:49.0501 2736 FltMgr - ok
22:11:49.0563 2736 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:11:49.0610 2736 FontCache - ok
22:11:49.0688 2736 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:11:49.0703 2736 FontCache3.0.0.0 - ok
22:11:49.0719 2736 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:11:49.0735 2736 FsDepends - ok
22:11:49.0797 2736 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:11:49.0813 2736 Fs_Rec - ok
22:11:49.0859 2736 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:11:49.0891 2736 fvevol - ok
22:11:49.0937 2736 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:49.0953 2736 gagp30kx - ok
22:11:50.0000 2736 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:11:50.0015 2736 GEARAspiWDM - ok
22:11:50.0031 2736 Gernuwa - ok
22:11:50.0093 2736 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:11:50.0156 2736 gpsvc - ok
22:11:50.0187 2736 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:11:50.0218 2736 hcw85cir - ok
22:11:50.0281 2736 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:11:50.0296 2736 HdAudAddService - ok
22:11:50.0359 2736 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:11:50.0390 2736 HDAudBus - ok
22:11:50.0421 2736 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:11:50.0437 2736 HECIx64 - ok
22:11:50.0468 2736 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:50.0499 2736 HidBatt - ok
22:11:50.0515 2736 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:11:50.0561 2736 HidBth - ok
22:11:50.0593 2736 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:11:50.0624 2736 HidIr - ok
22:11:50.0639 2736 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:11:50.0702 2736 hidserv - ok
22:11:50.0780 2736 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:11:50.0795 2736 HidUsb - ok
22:11:50.0827 2736 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:11:50.0920 2736 hkmsvc - ok
22:11:50.0967 2736 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:11:50.0998 2736 HomeGroupListener - ok
22:11:51.0045 2736 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:11:51.0061 2736 HomeGroupProvider - ok
22:11:51.0123 2736 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:11:51.0139 2736 HpSAMD - ok
22:11:51.0217 2736 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:11:51.0279 2736 HTTP - ok
22:11:51.0326 2736 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:11:51.0341 2736 hwpolicy - ok
22:11:51.0404 2736 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:11:51.0419 2736 i8042prt - ok
22:11:51.0482 2736 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:11:51.0513 2736 iaStor - ok
22:11:51.0575 2736 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:11:51.0607 2736 iaStorV - ok
22:11:51.0685 2736 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:11:51.0716 2736 idsvc - ok
22:11:51.0731 2736 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:11:51.0747 2736 iirsp - ok
22:11:51.0794 2736 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:11:51.0887 2736 IKEEXT - ok
22:11:51.0965 2736 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:11:52.0012 2736 Impcd - ok
22:11:52.0106 2736 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:11:52.0153 2736 IntcAzAudAddService - ok
22:11:52.0199 2736 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:11:52.0215 2736 intelide - ok
22:11:52.0246 2736 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:11:52.0277 2736 intelppm - ok
22:11:52.0309 2736 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:11:52.0355 2736 IPBusEnum - ok
22:11:52.0387 2736 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:52.0465 2736 IpFilterDriver - ok
22:11:52.0527 2736 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:11:52.0574 2736 iphlpsvc - ok
22:11:52.0605 2736 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:11:52.0636 2736 IPMIDRV - ok
22:11:52.0667 2736 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:11:52.0745 2736 IPNAT - ok
22:11:52.0855 2736 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:11:52.0886 2736 iPod Service - ok
22:11:52.0917 2736 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:11:52.0964 2736 IRENUM - ok
22:11:52.0979 2736 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:11:52.0995 2736 isapnp - ok
22:11:53.0042 2736 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:11:53.0057 2736 iScsiPrt - ok
22:11:53.0089 2736 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:11:53.0120 2736 kbdclass - ok
22:11:53.0167 2736 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:11:53.0213 2736 kbdhid - ok
22:11:53.0229 2736 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:11:53.0245 2736 KeyIso - ok
22:11:53.0276 2736 KMService - ok
22:11:53.0323 2736 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:11:53.0338 2736 KSecDD - ok
22:11:53.0385 2736 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:11:53.0401 2736 KSecPkg - ok
22:11:53.0432 2736 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:11:53.0510 2736 ksthunk - ok
22:11:53.0541 2736 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:11:53.0588 2736 KtmRm - ok
22:11:53.0635 2736 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:11:53.0697 2736 LanmanServer - ok
22:11:53.0759 2736 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:11:53.0822 2736 LanmanWorkstation - ok
22:11:53.0900 2736 Lexware_Datenbank_Plus - ok
22:11:53.0947 2736 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
22:11:53.0962 2736 libusb0 - ok
22:11:54.0009 2736 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:11:54.0071 2736 lltdio - ok
22:11:54.0103 2736 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:11:54.0181 2736 lltdsvc - ok
22:11:54.0196 2736 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:11:54.0243 2736 lmhosts - ok
22:11:54.0274 2736 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:54.0274 2736 LSI_FC - ok
22:11:54.0305 2736 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:54.0305 2736 LSI_SAS - ok
22:11:54.0321 2736 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:54.0337 2736 LSI_SAS2 - ok
22:11:54.0368 2736 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:54.0399 2736 LSI_SCSI - ok
22:11:54.0430 2736 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:11:54.0477 2736 luafv - ok
22:11:54.0586 2736 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:11:54.0617 2736 MDM ( UnsignedFile.Multi.Generic ) - warning
22:11:54.0617 2736 MDM - detected UnsignedFile.Multi.Generic (1)
22:11:54.0649 2736 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:11:54.0664 2736 megasas - ok
22:11:54.0695 2736 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:54.0727 2736 MegaSR - ok
22:11:54.0758 2736 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:11:54.0836 2736 MMCSS - ok
22:11:54.0883 2736 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:11:54.0945 2736 Modem - ok
22:11:54.0976 2736 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:11:55.0007 2736 monitor - ok
22:11:55.0070 2736 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:11:55.0085 2736 mouclass - ok
22:11:55.0117 2736 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:11:55.0148 2736 mouhid - ok
22:11:55.0210 2736 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:11:55.0226 2736 mountmgr - ok
22:11:55.0319 2736 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:11:55.0335 2736 MozillaMaintenance - ok
22:11:55.0397 2736 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:11:55.0413 2736 mpio - ok
22:11:55.0444 2736 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:11:55.0475 2736 mpsdrv - ok
22:11:55.0538 2736 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:11:55.0600 2736 MpsSvc - ok
22:11:55.0647 2736 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:11:55.0678 2736 MRxDAV - ok
22:11:55.0725 2736 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:55.0787 2736 mrxsmb - ok
22:11:55.0834 2736 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:55.0865 2736 mrxsmb10 - ok
22:11:55.0912 2736 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:55.0943 2736 mrxsmb20 - ok
22:11:55.0990 2736 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:11:56.0006 2736 msahci - ok
22:11:56.0021 2736 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:11:56.0037 2736 msdsm - ok
22:11:56.0068 2736 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:11:56.0099 2736 MSDTC - ok
22:11:56.0131 2736 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:11:56.0177 2736 Msfs - ok
22:11:56.0209 2736 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:11:56.0255 2736 mshidkmdf - ok
22:11:56.0302 2736 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:11:56.0318 2736 msisadrv - ok
22:11:56.0349 2736 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:11:56.0411 2736 MSiSCSI - ok
22:11:56.0411 2736 msiserver - ok
22:11:56.0458 2736 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:11:56.0505 2736 MSKSSRV - ok
22:11:56.0505 2736 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:56.0583 2736 MSPCLOCK - ok
22:11:56.0614 2736 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:11:56.0692 2736 MSPQM - ok
22:11:56.0739 2736 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:11:56.0755 2736 MsRPC - ok
22:11:56.0786 2736 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:11:56.0801 2736 mssmbios - ok
22:11:56.0833 2736 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:11:56.0911 2736 MSTEE - ok
22:11:56.0926 2736 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:56.0942 2736 MTConfig - ok
22:11:56.0957 2736 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:11:56.0973 2736 Mup - ok
22:11:57.0004 2736 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:11:57.0082 2736 napagent - ok
22:11:57.0145 2736 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:11:57.0191 2736 NativeWifiP - ok
22:11:57.0254 2736 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:11:57.0301 2736 NDIS - ok
22:11:57.0332 2736 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:57.0379 2736 NdisCap - ok
22:11:57.0410 2736 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:57.0457 2736 NdisTapi - ok
22:11:57.0503 2736 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:57.0566 2736 Ndisuio - ok
22:11:57.0613 2736 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:57.0659 2736 NdisWan - ok
22:11:57.0691 2736 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:11:57.0737 2736 NDProxy - ok
22:11:57.0847 2736 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:11:57.0893 2736 Nero BackItUp Scheduler 4.0 - ok
22:11:57.0940 2736 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:11:57.0956 2736 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:11:57.0956 2736 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:11:57.0987 2736 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:11:58.0065 2736 NetBIOS - ok
22:11:58.0112 2736 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:11:58.0159 2736 NetBT - ok
22:11:58.0190 2736 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:11:58.0190 2736 Netlogon - ok
22:11:58.0237 2736 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:11:58.0283 2736 Netman - ok
22:11:58.0315 2736 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:58.0330 2736 NetMsmqActivator - ok
22:11:58.0330 2736 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:58.0330 2736 NetPipeActivator - ok
22:11:58.0377 2736 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:11:58.0471 2736 netprofm - ok
22:11:58.0486 2736 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:58.0486 2736 NetTcpActivator - ok
22:11:58.0486 2736 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:58.0502 2736 NetTcpPortSharing - ok
22:11:58.0549 2736 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:58.0564 2736 nfrd960 - ok
22:11:58.0611 2736 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:11:58.0658 2736 NlaSvc - ok
22:11:58.0673 2736 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:11:58.0736 2736 Npfs - ok
22:11:58.0767 2736 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:11:58.0814 2736 nsi - ok
22:11:58.0845 2736 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:11:58.0907 2736 nsiproxy - ok
22:11:58.0985 2736 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:11:59.0048 2736 Ntfs - ok
22:11:59.0079 2736 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:11:59.0157 2736 Null - ok
22:11:59.0219 2736 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:11:59.0235 2736 nvraid - ok
22:11:59.0251 2736 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:11:59.0266 2736 nvstor - ok
22:11:59.0329 2736 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:11:59.0344 2736 nv_agp - ok
22:11:59.0453 2736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:11:59.0485 2736 odserv - ok
22:11:59.0531 2736 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:11:59.0547 2736 ohci1394 - ok
22:11:59.0609 2736 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:59.0625 2736 ose - ok
22:11:59.0812 2736 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:11:59.0890 2736 osppsvc - ok
22:11:59.0921 2736 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:11:59.0968 2736 p2pimsvc - ok
22:11:59.0999 2736 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:12:00.0031 2736 p2psvc - ok
22:12:00.0062 2736 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:12:00.0062 2736 Parport - ok
22:12:00.0109 2736 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:12:00.0124 2736 partmgr - ok
22:12:00.0155 2736 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:12:00.0187 2736 PcaSvc - ok
22:12:00.0202 2736 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:12:00.0218 2736 pci - ok
22:12:00.0249 2736 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:12:00.0265 2736 pciide - ok
22:12:00.0311 2736 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:12:00.0327 2736 pcmcia - ok
22:12:00.0343 2736 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:12:00.0358 2736 pcw - ok
22:12:00.0389 2736 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:12:00.0452 2736 PEAUTH - ok
22:12:00.0530 2736 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:12:00.0561 2736 PerfHost - ok
22:12:00.0577 2736 pfc - ok
22:12:00.0655 2736 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:12:00.0733 2736 pla - ok
22:12:00.0795 2736 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:12:00.0826 2736 PlugPlay - ok
22:12:00.0889 2736 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:12:00.0904 2736 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:12:00.0904 2736 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:12:00.0935 2736 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:12:00.0967 2736 PNRPAutoReg - ok
22:12:00.0998 2736 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:12:01.0029 2736 PNRPsvc - ok
22:12:01.0076 2736 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:12:01.0154 2736 PolicyAgent - ok
22:12:01.0185 2736 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:12:01.0232 2736 Power - ok
22:12:01.0294 2736 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:12:01.0372 2736 PptpMiniport - ok
22:12:01.0403 2736 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:12:01.0419 2736 Processor - ok
22:12:01.0466 2736 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:12:01.0497 2736 ProfSvc - ok
22:12:01.0513 2736 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:12:01.0528 2736 ProtectedStorage - ok
22:12:01.0575 2736 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:12:01.0622 2736 Psched - ok
22:12:01.0684 2736 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:12:01.0731 2736 ql2300 - ok
22:12:01.0762 2736 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:12:01.0762 2736 ql40xx - ok
22:12:01.0793 2736 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:12:01.0825 2736 QWAVE - ok
22:12:01.0840 2736 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:12:01.0871 2736 QWAVEdrv - ok
22:12:01.0903 2736 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:12:01.0965 2736 RasAcd - ok
22:12:01.0996 2736 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:12:02.0043 2736 RasAgileVpn - ok
22:12:02.0074 2736 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:12:02.0121 2736 RasAuto - ok
22:12:02.0183 2736 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:12:02.0246 2736 Rasl2tp - ok
22:12:02.0293 2736 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:12:02.0339 2736 RasMan - ok
22:12:02.0386 2736 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:12:02.0433 2736 RasPppoe - ok
22:12:02.0449 2736 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:12:02.0495 2736 RasSstp - ok
22:12:02.0542 2736 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:12:02.0605 2736 rdbss - ok
22:12:02.0636 2736 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:12:02.0667 2736 rdpbus - ok
22:12:02.0683 2736 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:12:02.0729 2736 RDPCDD - ok
22:12:02.0776 2736 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:12:02.0839 2736 RDPENCDD - ok
22:12:02.0870 2736 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:12:02.0901 2736 RDPREFMP - ok
22:12:02.0963 2736 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:12:02.0995 2736 RdpVideoMiniport - ok
22:12:03.0041 2736 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:12:03.0088 2736 RDPWD - ok
22:12:03.0151 2736 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:12:03.0166 2736 rdyboost - ok
22:12:03.0197 2736 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:12:03.0260 2736 RemoteAccess - ok
22:12:03.0291 2736 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:12:03.0353 2736 RemoteRegistry - ok
22:12:03.0400 2736 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:12:03.0431 2736 RFCOMM - ok
22:12:03.0478 2736 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\DRIVERS\rimssne64.sys
22:12:03.0509 2736 rimspci - ok
22:12:03.0541 2736 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:12:03.0603 2736 RpcEptMapper - ok
22:12:03.0634 2736 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:12:03.0665 2736 RpcLocator - ok
22:12:03.0712 2736 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:12:03.0775 2736 RpcSs - ok
22:12:03.0806 2736 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:12:03.0884 2736 rspndr - ok
22:12:03.0899 2736 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:12:03.0899 2736 SamSs - ok
22:12:03.0946 2736 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:12:03.0962 2736 sbp2port - ok
22:12:03.0993 2736 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:12:04.0071 2736 SCardSvr - ok
22:12:04.0118 2736 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:12:04.0165 2736 scfilter - ok
22:12:04.0227 2736 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:12:04.0305 2736 Schedule - ok
22:12:04.0336 2736 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:12:04.0383 2736 SCPolicySvc - ok
22:12:04.0445 2736 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:12:04.0492 2736 sdbus - ok
22:12:04.0539 2736 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:12:04.0570 2736 SDRSVC - ok
22:12:04.0601 2736 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:12:04.0664 2736 secdrv - ok
22:12:04.0695 2736 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:12:04.0773 2736 seclogon - ok
22:12:04.0804 2736 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:12:04.0867 2736 SENS - ok
22:12:04.0867 2736 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:12:04.0898 2736 SensrSvc - ok
22:12:04.0913 2736 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:12:04.0913 2736 Serenum - ok
22:12:04.0960 2736 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:12:04.0991 2736 Serial - ok
22:12:05.0023 2736 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:12:05.0054 2736 sermouse - ok
22:12:05.0101 2736 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:12:05.0179 2736 SessionEnv - ok
22:12:05.0210 2736 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
22:12:05.0225 2736 SFEP - ok
22:12:05.0272 2736 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:12:05.0303 2736 sffdisk - ok
22:12:05.0319 2736 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:12:05.0335 2736 sffp_mmc - ok
22:12:05.0350 2736 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:12:05.0381 2736 sffp_sd - ok
22:12:05.0413 2736 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:12:05.0444 2736 sfloppy - ok
22:12:05.0506 2736 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:12:05.0584 2736 SharedAccess - ok
22:12:05.0631 2736 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:12:05.0709 2736 ShellHWDetection - ok
22:12:05.0740 2736 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:12:05.0756 2736 SiSRaid2 - ok
22:12:05.0756 2736 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:12:05.0771 2736 SiSRaid4 - ok
22:12:05.0927 2736 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\_tb\misc\system\skype\Updater\Updater.exe
22:12:05.0943 2736 SkypeUpdate - ok
22:12:05.0990 2736 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:12:06.0052 2736 Smb - ok
22:12:06.0115 2736 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:12:06.0130 2736 SNMPTRAP - ok
22:12:06.0146 2736 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:12:06.0161 2736 spldr - ok
22:12:06.0208 2736 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:12:06.0255 2736 Spooler - ok
22:12:06.0380 2736 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:12:06.0536 2736 sppsvc - ok
22:12:06.0583 2736 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:12:06.0645 2736 sppuinotify - ok
22:12:06.0692 2736 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:12:06.0739 2736 srv - ok
22:12:06.0770 2736 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:12:06.0801 2736 srv2 - ok
22:12:06.0848 2736 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:12:06.0879 2736 srvnet - ok
22:12:06.0926 2736 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:12:06.0988 2736 SSDPSRV - ok
22:12:07.0004 2736 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:12:07.0066 2736 SstpSvc - ok
22:12:07.0097 2736 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:12:07.0113 2736 stexstor - ok
22:12:07.0175 2736 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:12:07.0222 2736 stisvc - ok
22:12:07.0253 2736 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:12:07.0269 2736 swenum - ok
22:12:07.0316 2736 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:12:07.0394 2736 swprv - ok
22:12:07.0472 2736 [ 083FE6483DC16A02AF2434D04B7D7AEA ] SymEvent C:\Program Files (x86)\Symantec\SYMEVENT.SYS
22:12:07.0487 2736 SymEvent - ok
22:12:07.0597 2736 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:12:07.0690 2736 SysMain - ok
22:12:07.0721 2736 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:12:07.0737 2736 TabletInputService - ok
22:12:07.0768 2736 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:12:07.0815 2736 TapiSrv - ok
22:12:07.0846 2736 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:12:07.0893 2736 TBS - ok
22:12:08.0002 2736 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:12:08.0065 2736 Tcpip - ok
22:12:08.0127 2736 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:12:08.0158 2736 TCPIP6 - ok
22:12:08.0205 2736 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:12:08.0236 2736 tcpipreg - ok
22:12:08.0267 2736 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:12:08.0299 2736 TDPIPE - ok
22:12:08.0330 2736 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:12:08.0361 2736 TDTCP - ok
22:12:08.0408 2736 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:12:08.0470 2736 tdx - ok
22:12:08.0579 2736 [ 2A96C8FA665C02E6AD596C321B583112 ] TeamViewer5 C:\Program Files\_tb\misc\system\teamviewer\TeamViewer_Service.exe
22:12:08.0595 2736 TeamViewer5 - ok
22:12:08.0767 2736 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
22:12:08.0891 2736 TeamViewer6 - ok
22:12:09.0032 2736 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:12:09.0157 2736 TeamViewer7 - ok
22:12:09.0203 2736 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:12:09.0219 2736 TermDD - ok
22:12:09.0281 2736 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:12:09.0375 2736 TermService - ok
22:12:09.0406 2736 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:12:09.0437 2736 Themes - ok
22:12:09.0484 2736 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:12:09.0547 2736 THREADORDER - ok
22:12:09.0562 2736 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:12:09.0609 2736 TrkWks - ok
22:12:09.0687 2736 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:12:09.0734 2736 TrustedInstaller - ok
22:12:09.0765 2736 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:12:09.0812 2736 tssecsrv - ok
22:12:09.0874 2736 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:12:09.0905 2736 TsUsbFlt - ok
22:12:09.0968 2736 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:12:10.0030 2736 tunnel - ok
22:12:10.0061 2736 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:12:10.0077 2736 uagp35 - ok
22:12:10.0124 2736 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:12:10.0186 2736 udfs - ok
22:12:10.0217 2736 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:12:10.0249 2736 UI0Detect - ok
22:12:10.0280 2736 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:12:10.0295 2736 uliagpkx - ok
22:12:10.0342 2736 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:12:10.0373 2736 umbus - ok
22:12:10.0405 2736 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:12:10.0420 2736 UmPass - ok
22:12:10.0451 2736 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:12:10.0529 2736 upnphost - ok
22:12:10.0592 2736 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:12:10.0623 2736 USBAAPL64 - ok
22:12:10.0670 2736 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:12:10.0701 2736 usbccgp - ok
22:12:10.0763 2736 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:12:10.0795 2736 usbcir - ok
22:12:10.0810 2736 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:12:10.0841 2736 usbehci - ok
22:12:10.0888 2736 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:12:10.0919 2736 usbhub - ok
22:12:10.0951 2736 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:12:10.0982 2736 usbohci - ok
22:12:10.0982 2736 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:12:11.0013 2736 usbprint - ok
22:12:11.0060 2736 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:12:11.0091 2736 USBSTOR - ok
22:12:11.0107 2736 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:12:11.0122 2736 usbuhci - ok
22:12:11.0216 2736 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:12:11.0247 2736 usbvideo - ok
22:12:11.0263 2736 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:12:11.0309 2736 UxSms - ok
22:12:11.0325 2736 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:12:11.0325 2736 VaultSvc - ok
22:12:11.0356 2736 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:12:11.0372 2736 vdrvroot - ok
22:12:11.0434 2736 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:12:11.0512 2736 vds - ok
22:12:11.0543 2736 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:12:11.0559 2736 vga - ok
22:12:11.0575 2736 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:12:11.0621 2736 VgaSave - ok
22:12:11.0668 2736 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:12:11.0699 2736 vhdmp - ok
22:12:11.0715 2736 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:12:11.0731 2736 viaide - ok
22:12:11.0746 2736 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:12:11.0746 2736 volmgr - ok
22:12:11.0809 2736 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:12:11.0840 2736 volmgrx - ok
22:12:11.0855 2736 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:12:11.0871 2736 volsnap - ok
22:12:11.0902 2736 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:12:11.0918 2736 vsmraid - ok
22:12:11.0996 2736 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:12:12.0074 2736 VSS - ok
22:12:12.0105 2736 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:12:12.0136 2736 vwifibus - ok
22:12:12.0152 2736 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:12:12.0167 2736 vwififlt - ok
22:12:12.0214 2736 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:12:12.0277 2736 W32Time - ok
22:12:12.0386 2736 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
22:12:12.0433 2736 W3SVC - ok
22:12:12.0464 2736 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:12:12.0495 2736 WacomPen - ok
22:12:12.0573 2736 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:12:12.0635 2736 WANARP - ok
22:12:12.0635 2736 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:12:12.0682 2736 Wanarpv6 - ok
22:12:12.0729 2736 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
22:12:12.0760 2736 WAS - ok
22:12:12.0838 2736 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:12:12.0885 2736 wbengine - ok
22:12:12.0901 2736 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:12:12.0916 2736 WbioSrvc - ok
22:12:12.0963 2736 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:12:12.0994 2736 wcncsvc - ok
22:12:13.0025 2736 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:12:13.0057 2736 WcsPlugInService - ok
22:12:13.0088 2736 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:12:13.0103 2736 Wd - ok
22:12:13.0150 2736 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:12:13.0197 2736 Wdf01000 - ok
22:12:13.0228 2736 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:12:13.0259 2736 WdiServiceHost - ok
22:12:13.0275 2736 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:12:13.0291 2736 WdiSystemHost - ok
22:12:13.0322 2736 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:12:13.0369 2736 WebClient - ok
22:12:13.0384 2736 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:12:13.0462 2736 Wecsvc - ok
22:12:13.0478 2736 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:12:13.0525 2736 wercplsupport - ok
22:12:13.0571 2736 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:12:13.0634 2736 WerSvc - ok
22:12:13.0665 2736 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:12:13.0712 2736 WfpLwf - ok
22:12:13.0743 2736 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:12:13.0743 2736 WIMMount - ok
22:12:13.0774 2736 WinDefend - ok
22:12:13.0774 2736 WinHttpAutoProxySvc - ok
22:12:13.0821 2736 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:12:13.0899 2736 Winmgmt - ok
22:12:13.0977 2736 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:12:14.0086 2736 WinRM - ok
22:12:14.0149 2736 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:12:14.0195 2736 WinUsb - ok
22:12:14.0242 2736 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:12:14.0305 2736 Wlansvc - ok
22:12:14.0336 2736 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:12:14.0351 2736 WmiAcpi - ok
22:12:14.0383 2736 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:12:14.0414 2736 wmiApSrv - ok
22:12:14.0445 2736 WMPNetworkSvc - ok
22:12:14.0476 2736 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:12:14.0492 2736 WPCSvc - ok
22:12:14.0539 2736 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:12:14.0554 2736 WPDBusEnum - ok
22:12:14.0601 2736 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:12:14.0663 2736 ws2ifsl - ok
22:12:14.0695 2736 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:12:14.0726 2736 wscsvc - ok
22:12:14.0726 2736 WSearch - ok
22:12:14.0835 2736 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:12:14.0897 2736 wuauserv - ok
22:12:14.0944 2736 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:12:14.0975 2736 WudfPf - ok
22:12:15.0022 2736 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:15.0069 2736 WUDFRd - ok
22:12:15.0100 2736 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:12:15.0131 2736 wudfsvc - ok
22:12:15.0163 2736 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:12:15.0209 2736 WwanSvc - ok
22:12:15.0241 2736 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:12:15.0303 2736 yukonw7 - ok
22:12:15.0443 2736 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\_tb\media\PowerDVD9\000.fcl
22:12:15.0459 2736 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
22:12:15.0459 2736 ================ Scan global ===============================
22:12:15.0490 2736 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:12:15.0521 2736 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:12:15.0537 2736 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:12:15.0568 2736 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:12:15.0599 2736 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:12:15.0615 2736 [Global] - ok
22:12:15.0615 2736 ================ Scan MBR ==================================
22:12:15.0615 2736 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:12:16.0723 2736 \Device\Harddisk0\DR0 - ok
22:12:16.0723 2736 ================ Scan VBR ==================================
22:12:16.0738 2736 [ 7BB863997BEFC019D356187B8CA7CFBE ] \Device\Harddisk0\DR0\Partition1
22:12:16.0754 2736 \Device\Harddisk0\DR0\Partition1 - ok
22:12:16.0754 2736 [ B30D5C14C35072EB030FBC92E74D3D67 ] \Device\Harddisk0\DR0\Partition2
22:12:16.0754 2736 \Device\Harddisk0\DR0\Partition2 - ok
22:12:16.0754 2736 ============================================================
22:12:16.0754 2736 Scan finished
22:12:16.0754 2736 ============================================================
22:12:16.0769 2984 Detected object count: 5
22:12:16.0769 2984 Actual detected object count: 5
22:12:25.0646 2984 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0646 2984 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0646 2984 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0646 2984 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0646 2984 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0646 2984 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0661 2984 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0661 2984 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0661 2984 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0661 2984 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 06.12.2012, 22:16   #10
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.12.2012, 10:33   #11
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hallo, hier der log vom Malwarebytes-Scan:

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tobi :: TBMOBIL [Administrator]

07.12.2012 07:18:34
mbam-log-2012-12-07 (07-18-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 771562
Laufzeit: 2 Stunde(n), 59 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1612 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
C:\_OTL\MovedFiles\12052012_130835\C_Users\tobi\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 13.12.2012, 15:44   #12
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.12.2012, 22:06   #13
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



hier die CCleaner liste

Alt 14.12.2012, 16:21   #14
markusg
/// Malware-holic
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden

ESET : aktuell ist version 5
Upgrade instalieren, alte AV-Software ist nutzlos
ESET - Antivirus Software mit Spyware- und Malware-Schutz

Deinstaliere:
FileZilla
IBXL
Java(TM: alle
MacroX
Registry System Wizard: Finger weg von der Registry, einmal was falsches gelöscht, schon kann es Probleme geben.
SIW
Symantec pcAnywhere
TeamViewer
Wieso ist so viel fernsteuerungssoftware nötig, ihc würd mir sowas nur bei bedarf instalieren, ansonsten ists nur ne zusätzliche Gefahr.

Deinstaliere:
Windows Live alle für dich unnötigen

Öffne OTL, bereinigen, PC startet neu.
Öffne CCleaner, analysieren, starten, PC neustarten, testen wie PC und browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 22:08   #15
tobi_fx
 
GVU Trojaner 05.12.2012 - Standard

GVU Trojaner 05.12.2012



alles abgearbeitet.
pc und browser laufen normal/ohne probleme.

Antwort

Themen zu GVU Trojaner 05.12.2012
adobe, anlage, bonjour, dringend, error, eset nod32, excel, fehler, firefox, flash player, format, genesis, home, homepage, install.exe, libusb0.sys, logfile, mozilla, object, office 2007, photoshop, realtek, registry, required, rundll, software, svchost.exe, symantec, trojaner, udp, windows



Ähnliche Themen: GVU Trojaner 05.12.2012


  1. Kaspersky 2012 hat Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (21)
  2. GVU Trojaner mit Webcam Einschaltung 27.12.2012
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (21)
  3. GVU Trojaner 12/2012
    Plagegeister aller Art und deren Bekämpfung - 24.12.2012 (3)
  4. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  5. EXP/2012-1723 und weitere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (3)
  6. Trojaner TR/Agent.464.4 , EXP/2012-0507.CX, EXP/2012-0507.DV, JS/Expack-ZG
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (9)
  7. GVU Trojaner - Variante vom 10.07.2012
    Log-Analyse und Auswertung - 19.08.2012 (11)
  8. CyberPolizei (Österreich) Trojaner, vom 31.7.2012
    Log-Analyse und Auswertung - 04.08.2012 (21)
  9. Guv trojaner 21.7.2012
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (17)
  10. GVU Trojaner - Variante vom 16.05.2012
    Log-Analyse und Auswertung - 11.07.2012 (7)
  11. BKA Trojaner in Österreich, 2.Juli 2012
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (2)
  12. Verschlüsselungs-Trojaner vom 12.06.2012
    Plagegeister aller Art und deren Bekämpfung - 17.06.2012 (3)
  13. Verschlüsselungs-Trojaner am 8.6.2012
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  14. Verschlüsselungs-Trojaner vom 22.05.2012
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (7)
  15. Bundespolizei trojaner - infiziert 23/4/2012
    Log-Analyse und Auswertung - 29.04.2012 (3)
  16. Smart Fortress 2012 Trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 08.04.2012 (1)
  17. Win 7 Antispyware 2012, Vista Antivirus 2012, XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 07.06.2011 (2)

Zum Thema GVU Trojaner 05.12.2012 - Hallo TB-Team, habe mir vor ca. 1h den GVU Trojaner eingehandelt ! Wie hier beschrieben http://www.trojaner-board.de/127821-...tml#post968067 habe ich einen Quickscan durchgeführt. Bitte dringend um Hilfe! Herzlichen Dank, Tobi Nachfolgend der - GVU Trojaner 05.12.2012...
Archiv
Du betrachtest: GVU Trojaner 05.12.2012 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.