Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu trojaner, (ukash) hat mich erwischt.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.12.2012, 10:35   #1
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



guten tag,
ich habe mir den gvu trojaner eingefangen. ich denke, ich konnte ihn beseitigen. bin mir aber nicht nicht sicher. mein vorletzter scan mit Malwarebytes brachte drei trojaner zum vorschein. die funde habe ich beseitigen lassen. der letzte scan brachte keine neuen funde.
trotzdem bin ich unsicher.
kann mir da jemand helfen??
gruß

Alt 27.12.2012, 12:26   #2
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



Hi
öffne Malwarebytes, Logdateien, poste Logs mit Funden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 27.12.2012, 13:31   #3
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



otl scanOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/27/2012 2:12:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\meyer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.97 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 72.83% Memory free
15.95 Gb Paging File | 12.54 Gb Available in Paging File | 78.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.29 Gb Total Space | 346.48 Gb Free Space | 77.98% Space Free | Partition Type: NTFS
Drive E: | 16.18 Gb Total Space | 2.43 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32
 
Computer Name: LT138 | User Name: meyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/12/27 14:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meyer\Desktop\OTL.exe
PRC - [2012/12/19 11:00:15 | 001,131,777 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/08/24 12:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/21 10:32:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/21 10:32:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/21 10:32:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/18 11:03:42 | 000,009,216 | ---- | M] (E+H Process Solutions AG) -- C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe
PRC - [2012/06/18 11:01:02 | 000,171,008 | ---- | M] (Endress+Hauser Process Solutions AG) -- C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\SFG500CommDTMServer.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/04/14 16:44:54 | 000,183,808 | ---- | M] (Tobit.Software) -- C:\Windows\SysWOW64\DV4TS.EXE
PRC - [2011/03/03 18:32:16 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
PRC - [2011/02/11 01:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/02/07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 18:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/18 22:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/01/18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/01/15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/01/13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2011/01/03 23:16:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/03 23:16:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010/03/25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/15 11:03:10 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\21303503faca86dc22acdb09dea9caa6\IAStorUtil.ni.dll
MOD - [2012/11/15 11:03:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\20e6ed751491ededa81930ae57e20a25\IAStorCommon.ni.dll
MOD - [2012/11/15 07:21:38 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\616b25e9ad3de7ab58c67f200e21dbac\System.Web.ni.dll
MOD - [2012/11/15 07:21:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 07:20:23 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 07:20:13 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 07:20:03 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 07:19:59 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 07:19:56 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 07:19:55 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 07:19:51 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/01/18 07:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/03/08 18:02:03 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/19 19:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 19:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 19:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/06/13 12:00:41 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/01/21 17:15:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011/01/27 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011/01/27 03:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/22 03:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/07/30 03:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/04 00:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/12/26 10:34:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/19 11:00:15 | 001,131,777 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe -- (AntiVir Security Management Center Agent)
SRV - [2012/08/24 12:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/21 10:32:16 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/08/21 10:32:16 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/08/21 10:32:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/08/21 10:32:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/18 11:03:42 | 000,009,216 | ---- | M] (E+H Process Solutions AG) [Auto | Running] -- C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe -- (EH.SFG500.CommServer)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/13 10:32:00 | 002,703,360 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/03/03 18:32:16 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2011/02/07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/01/29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/03 23:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/03 23:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/03/25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 10:32:17 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/08/21 10:32:17 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/08/21 10:32:17 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/20 16:23:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012/06/13 12:00:40 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/13 12:00:40 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/22 01:25:16 | 010,497,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/21 16:36:52 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/11 19:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/12/05 08:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/16 00:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 01:05:58 | 000,277,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011/02/28 22:24:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\h36wgps64.sys -- (h36wgps)
DRV:64bit: - [2011/02/08 18:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/30 20:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/27 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/16 09:05:12 | 000,201,680 | ---- | M] (Softing Industrial Automation GmbH) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\PROFIbrd.sys -- (PROFIbrd)
DRV:64bit: - [2010/12/14 11:36:04 | 000,150,992 | ---- | M] (Softing Industrial Automation GmbH) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\PROFIstack.sys -- (PROFIstack)
DRV:64bit: - [2010/12/14 10:54:28 | 000,023,376 | ---- | M] (Softing Industrial Automation GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\PROFIpnp.sys -- (PROFIpnp)
DRV:64bit: - [2010/12/03 02:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/20 04:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 04:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 02:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 08:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/11/01 00:43:10 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2010/11/01 00:43:10 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2010/11/01 00:43:10 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2010/11/01 00:43:10 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/10 11:30:04 | 000,049,720 | ---- | M] (Softing AG) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\PROFIprt.sys -- (PROFIprt)
DRV:64bit: - [2010/03/10 11:29:08 | 000,047,032 | ---- | M] (Softing AG) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\PROFIusb.sys -- (PROFIusb)
DRV:64bit: - [2010/03/02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/24 03:25:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010/02/24 03:25:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010/01/26 21:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/08/18 13:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/08/18 13:06:36 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [DV4TS.EXE] C:\Windows\SysWOW64\DV4TS.EXE (Tobit.Software)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startmt.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = himteam.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FCA07D-F6CA-451B-9A80-5A0DE0FAB8D0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E6E76A-9AB2-4876-A573-69EFC08BD608}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c60b3d5-21ba-11e2-a883-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{3c60b3d5-21ba-11e2-a883-028037ec0200}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^meyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk - C:\windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/27 14:09:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\meyer\Desktop\OTL.exe
[2012/12/27 09:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/27 09:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/21 09:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/20 14:27:22 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Roaming\Malwarebytes
[2012/12/20 14:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/20 14:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/20 14:26:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/20 14:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/20 10:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/20 10:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/20 10:21:45 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012/12/20 10:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/12/20 10:20:53 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Local\Programs
[2012/12/14 12:58:06 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Roaming\Hewlett-Packard
[2012/12/14 12:57:58 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Local\Hewlett-Packard
[2012/12/10 14:36:16 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/12/10 14:09:43 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/12/10 12:14:48 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Local\Logitech® Webcam-Software
[2012/11/28 10:42:06 | 000,402,272 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysWow64\rsnp2uvc.dll
[2012/11/28 10:42:06 | 000,400,736 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\rsnp2uvc.dll
[2012/11/28 10:42:06 | 000,379,232 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\vsnp2uvc.dll
[2012/11/28 10:42:06 | 000,246,112 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/27 14:11:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/27 14:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meyer\Desktop\OTL.exe
[2012/12/27 11:20:16 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/27 11:20:16 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/27 11:11:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/27 11:10:58 | 4268,077,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/21 11:01:00 | 000,359,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/21 09:26:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/20 14:26:58 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/20 10:22:26 | 001,799,538 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/20 10:22:26 | 000,764,936 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/12/20 10:22:26 | 000,718,878 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/20 10:22:26 | 000,174,210 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/12/20 10:22:26 | 000,147,060 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/20 10:21:48 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/12/19 10:56:13 | 000,000,432 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012/12/03 18:20:48 | 000,001,584 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012/11/28 10:42:06 | 001,866,080 | ---- | M] () -- C:\windows\SysNative\drivers\snp2uvc.sys
[2012/11/28 10:42:06 | 000,402,272 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysWow64\rsnp2uvc.dll
[2012/11/28 10:42:06 | 000,400,736 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\rsnp2uvc.dll
[2012/11/28 10:42:06 | 000,379,232 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\vsnp2uvc.dll
[2012/11/28 10:42:06 | 000,246,112 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\csnp2uvc.dll
[2012/11/28 10:42:06 | 000,026,464 | ---- | M] () -- C:\windows\snuvcdsm.exe
 
========== Files Created - No Company Name ==========
 
[2012/12/26 10:34:22 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/21 09:26:49 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/20 14:26:58 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/20 10:21:48 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/20 10:21:48 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/11/28 10:42:06 | 001,866,080 | ---- | C] () -- C:\windows\SysNative\drivers\snp2uvc.sys
[2012/11/28 10:42:06 | 000,026,464 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2012/11/07 10:18:20 | 000,000,208 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/10/09 07:17:29 | 000,000,054 | ---- | C] () -- C:\windows\CoDeSysOPC.ini
[2012/08/21 11:01:33 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/08/21 11:01:33 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD5250DN.DAT
[2012/08/21 10:25:30 | 000,185,344 | ---- | C] () -- C:\windows\DVGRF.DLL
[2012/08/21 10:25:30 | 000,099,840 | ---- | C] () -- C:\windows\IMGMSGMO.dll
[2012/08/21 10:25:10 | 000,000,023 | ---- | C] () -- C:\windows\AVFD.INI
[2012/08/21 10:25:08 | 008,621,568 | ---- | C] () -- C:\windows\TOBITCLT.DLL
[2012/08/21 10:24:38 | 000,000,650 | ---- | C] () -- C:\windows\Tobit.ini
[2012/08/21 10:17:38 | 000,002,592 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/06/13 12:29:04 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejfii.sys
[2012/06/13 12:11:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/06/13 12:08:13 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2012/06/13 12:07:18 | 000,030,028 | R--- | C] () -- C:\windows\ConnectionProfiles.dat
[2012/06/12 20:34:59 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/06/12 20:34:59 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/06/12 20:34:59 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/01/22 07:25:26 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012/01/22 07:25:14 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll
[2012/01/18 15:20:26 | 000,102,400 | R--- | C] () -- C:\windows\SysWow64\dtmMANAGERSatellite_01.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/03/08 18:12:59 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejghg.sys
[2011/03/08 18:01:28 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011/03/08 17:56:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejgie.sys
[2011/03/08 17:27:28 | 001,826,808 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/25 23:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/01/22 20:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2010/03/15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/09/06 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\DVDVideoSoft
[2012/11/05 18:43:47 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Leadertech
[2012/08/21 10:21:31 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Synaptics
[2012/08/21 10:28:14 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Tobit
[2012/10/29 20:25:12 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/09/03 11:20:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/27 16:04:41 | 000,000,000 | -HSD | M] -- C:\boot
[2012/08/20 11:58:30 | 000,000,000 | ---D | M] -- C:\dienst
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/03/08 17:21:48 | 000,000,000 | ---D | M] -- C:\EFI
[2011/03/08 18:13:18 | 000,000,000 | -H-D | M] -- C:\hp
[2012/08/17 09:22:32 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/12/21 09:26:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/12/27 09:06:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012/12/27 11:07:15 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/08/16 11:52:20 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/12/27 14:13:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/08/16 11:58:56 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2012/09/03 11:20:22 | 000,000,000 | R--D | M] -- C:\Users
[2012/12/27 14:04:59 | 000,000,000 | ---D | M] -- C:\Windows
[2012/08/20 12:02:19 | 000,000,000 | ---D | M] -- C:\_inst
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 03:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,528 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/12/26 10:34:22 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/29 04:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/29 04:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/29 04:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2010/10/29 04:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
[2011/01/13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012/11/14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll
 
< %USERPROFILE%\*.* >
[2012/12/27 14:13:38 | 002,097,152 | -HS- | M] () -- C:\Users\meyer\ntuser.dat
[2012/12/27 14:13:38 | 000,262,144 | -HS- | M] () -- C:\Users\meyer\ntuser.dat.LOG1
[2012/08/21 10:21:04 | 000,000,000 | -HS- | M] () -- C:\Users\meyer\ntuser.dat.LOG2
[2012/08/21 10:34:34 | 000,065,536 | -HS- | M] () -- C:\Users\meyer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012/08/21 10:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 10:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/12/14 13:18:38 | 000,065,536 | -HS- | M] () -- C:\Users\meyer\ntuser.dat{19f6c973-45e4-11e2-b9cc-028037ec0200}.TM.blf
[2012/12/14 13:18:38 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\ntuser.dat{19f6c973-45e4-11e2-b9cc-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2012/12/14 13:18:38 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\ntuser.dat{19f6c973-45e4-11e2-b9cc-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 15:09:59 | 000,000,020 | -HS- | M] () -- C:\Users\meyer\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

malware bytes mit fund:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
meyer :: LT138 [Administrator]

27.12.2012 10:49:57
mbam-log-2012-12-27 (10-49-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 301894
Laufzeit: 1 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\meyer\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



danach Malwarebytes ohne fund:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
meyer :: LT138 [Administrator]

27.12.2012 11:43:53
mbam-log-2012-12-27 (11-43-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492530
Laufzeit: 1 Stunde(n), 7 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________

Alt 27.12.2012, 13:42   #4
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/27/2012 2:12:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\meyer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.97 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 72.83% Memory free
15.95 Gb Paging File | 12.54 Gb Available in Paging File | 78.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.29 Gb Total Space | 346.48 Gb Free Space | 77.98% Space Free | Partition Type: NTFS
Drive E: | 16.18 Gb Total Space | 2.43 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32
 
Computer Name: LT138 | User Name: meyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{179CE942-A6A2-4978-8E6B-904DB93E33A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2691BF57-82A2-4A86-A348-2E120E70068D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B389D5E-8FD8-4714-A041-38CBA796A6FC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{38D20A0B-9DF5-41B7-948D-5BFA329CFF6B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{417968E5-676A-47A1-B5D0-0466287B8A19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7A1856A1-E805-4105-A1DE-10654BB3A907}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7F387B16-7006-4856-9855-1D46128C7C6B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7FD11283-F7B2-46F4-918C-B97664D744AD}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{933B31F4-AF06-4E4B-B8EC-6C036957E3D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9AB8CA93-B2C0-485F-9E6C-890E6C09A504}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BC52268D-405D-4D59-8AA8-91BE81D0550D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D0941B69-125F-4F50-842B-25B2D09CFFEE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E0E3C9BD-41C3-47A5-84D5-2D588307DA0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F3E31E1B-40BF-4362-A9CC-87926C7281BA}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{F837022B-3079-4310-9ABD-0BFA358B9F33}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01266884-894A-48BB-B97E-FEA6C149E513}" = protocol=6 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\eh.sfg.sfg500.commserver.exe | 
"{0986E042-0FB2-461C-97F5-2BFDDA5A5602}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{0A3C8BB1-83F5-42D1-B314-5F67919C90A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\gateway.exe | 
"{109EDFAF-E0CB-49AB-B9FB-68FC4A8CEE3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19EFFAA1-A783-4BF6-9182-E40888701702}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{1B4D7D42-BD81-4062-8499-192355080966}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1EBD6116-4C78-49B2-AA51-63FF0241DFB3}" = protocol=17 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | 
"{25ECF474-3CE0-4431-B646-536AF0641A59}" = protocol=17 | dir=in | app=c:\windows\syswow64\gateway.exe | 
"{525B1953-63AD-4EB0-BAE7-B1485D53E9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{60C3B891-F91D-4675-AFD4-77A6B35B9D26}" = protocol=6 | dir=in | app=c:\windows\syswow64\gateway.exe | 
"{63E93E17-3CD7-4AD1-9D7C-7D63D16EEC0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | 
"{7FD53F32-0CB0-4D29-8982-67D292C43588}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{9316900F-21AC-4A94-A6DD-2CE91CB57E32}" = protocol=17 | dir=in | app=c:\windows\syswow64\gateway.exe | 
"{94AADF10-713E-4AEF-9341-42C688E3F751}" = protocol=17 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\eh.sfg.sfg500.commserver.exe | 
"{9BBCA887-ABB6-43EA-84B6-4612F8E7B44A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9CEB4028-D0B4-40DC-B137-153B33464EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DA2DDC66-52E6-47CF-B8D6-80BA0FCC39BD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{DDD3EEF7-FA99-4367-BC18-98C2DF3ECC3A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{DFFEA361-20CE-4DCF-AF37-8D4D7634608D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E8BB5F63-F0CB-4F35-83E8-961019AD6A0D}" = protocol=6 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\sfg500commdtmserver.exe | 
"{E8E8D975-0640-4306-8EFB-98C6FA0F01E0}" = protocol=17 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\sfg500commdtmserver.exe | 
"{E95E655D-25F0-41D0-9209-8EF7AC187AD9}" = protocol=6 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | 
"{F163AF12-3CE5-4798-AD06-0869DAA3BE11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F2FA3F75-DA4D-4853-9FA0-CC09CB05581E}" = protocol=6 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | 
"{F364F837-8081-45D1-BE94-2EA4B44436CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F5643AD8-4A6F-4F51-A85E-FE63F2A001B6}" = dir=in | app=c:\program files (x86)\avira\avira security management center agent\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5438E1B0-6F68-4B87-92E8-7BF946883962}" = Softing Profibus Drivers and API
"{5F790368-CC5C-4571-B3D3-BEA8EB068401}" = PCAN OEM 64-Bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A1D577BD-692D-4AC9-98DF-8E3C33B792E4}" = Oracle VM VirtualBox 4.1.20
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8E7F1B9-A304-D655-A7BD-669020C47536}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0A76081-22E4-5B3F-5394-1229DDF73585}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"498B9978CE49397903524B0761200F43EC650044" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"67170FB0228B69BCCBEF8CE14A76953A5505D8EA" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"D799FADEEBD9F7950736A4761F35786956C03D1B" = Windows-Treiberpaket - libusb-win32 (libusb0) libusb-win32 devices  (10/02/2010 1.2.2.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003E5796-EF64-E4F4-E2EE-1E9F0D10E491}" = CCC Help Danish
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0934A6DC-CFEF-45B3-89D7-D5F69008C4D2}" = MotionStudio
"{098B3F8C-EE25-4EB2-98DF-0EC64E47B9E4}" = Endress+Hauser Profibus DTM Library Msi Setup Wrapper
"{0C240737-D51D-4458-8F06-B9EA1F066417}" = ALPHAPLAN Client 2010
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1036E176-F5AD-4C6A-88B2-31A06D54BBEA}" = Endress+Hauser IPC (Level/Pressure) FXA193/291 DTMlibrary V2.33.00
"{119A4348-ED8B-4242-ADF7-544BE069A546}" = IOassistant
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1826494B-7A12-4D34-BFB8-0ED2D4A99A1E}" = CDI_Driver_Setup
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1ACD1A49-D6EA-489C-808D-1D9AA471D2EB}_is1" = XC/XV-Targets V2.3.9 SP2 (Patch 1)
"{1B313630-25BC-4F48-5591-20C148CA4CDD}" = Endress+Hauser SFC162 Communication DTM V1.01.02.000
"{1D5743E5-8C9C-497F-AD8A-8E733EAF38A1}" = PAM Suite
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E31DDD4-573F-480F-8D7C-B9048DA63C68}" = Endress+Hauser FF BasicDTM Msi Setup Wrapper
"{1EA5EB62-B22E-420A-9136-397AABB6EEB0}" = Trebing + Himstedt DTM Library V4.0.4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{225C4860-9D03-49F5-B983-943EB938E0B0}" = HP GPS and Location
"{226F6E94-8E57-29D5-FD6D-7C89A3AD2F90}" = CCC Help German
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{2663F89C-AAB5-496F-8ECC-0E4456AC3A6E}" = FieldCare Profibus Profile
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26FE0551-FBE8-72A0-7584-D5BCDE41FE33}" = CCC Help Swedish
"{28D9389B-FB3E-B1D4-2EFD-EEAAFCD31523}" = CCC Help Italian
"{2B045220-B747-3DB3-AD03-A494DF676BA7}" = CCC Help Chinese Traditional
"{2B571236-978D-4DA8-B53B-98670DE2FF56}_is1" = MXpro V2.3.6 SP1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2C49E498-26AD-415E-8CFA-79DDB1C024BD}" = FieldCare
"{2D2F83A9-6424-4529-930B-39DD87A2771C}" = Endress+Hauser PCP DTMlibrary V2.33.00
"{2E830895-851C-30C2-F3D2-3995E57896E7}" = CCC Help Polish
"{30DC9571-4DBC-4641-B52D-C8993DAE7AAB}" = Endress+Hauser EnvelopeCurveViewer 2011
"{310358D8-48D1-4B35-A984-7DE3E88B6469}" = SEW-Communication-Server
"{32A172F1-6D60-4EB4-B370-94747E313CAA}" = FieldCare HART Modem
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{37F52BBE-2D75-55D4-8933-29D9C49A7197}" = CCC Help French
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E084D68-4C18-5565-9C14-E1C9218F8059}" = CCC Help Turkish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41F7F0D5-72E4-406F-B782-6D3AB619E167}" = Endress+Hauser FF DTM Library Msi Setup Wrapper
"{43194BC8-4119-47EF-B187-9F91DDBCFEFC}_is1" = MXpro V2.3.6
"{4600190B-3A7C-46B7-9BD5-77E3BA833159}" = FieldCare FF commDTM
"{46510B5B-5DF6-40EE-BBA3-2469D4583FE9}" = TXU10 Setup
"{46898964-A7F1-46F8-980F-7C1482769DB7}" = Endress+Hauser PROFIBUS DTMlibrary V2.33.00
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{46C954CF-5417-04EE-409A-F473BC7AE6E6}" = CCC Help Norwegian
"{4889F684-216D-4EA3-9A0C-729DA5EC6BFB}" = Endress+Hauser SFC173 Communication DTM V1.01.01
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A83AB47-06EC-43C4-92C6-48A4F7FBF074}" = PLCEditor für MOVITOOLS MotionStudio
"{4BE1D9D9-45B6-48D1-1CAE-F44E7936CD3B}" = Catalyst Control Center
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload 
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{53FDFECD-6A30-4CFA-82C1-BBB0A4685387}" = Endress+Hauser CDI DTM Library Msi Setup Wrapper
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services
"{5A4EBA17-3E32-43f9-9F95-A9E660440310}" = FieldCare
"{61A8DCC3-336D-4EB1-A00A-37BD38A02042}" = Endress+Hauser HART DTM Library Msi Setup Wrapper
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B6343-F429-451F-9023-110C52F85C7C}_is1" = XC/XV-Targets V2.3.9 SP2
"{682F03E6-91C2-47DF-AD57-6BEC8EB8F992}" = FieldCare
"{682F03E6-91C2-47DF-AD57-6BEC8EB8F992}_FIM" = FieldCare
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{699BE9A3-731B-4FF3-92E6-24C75A1EE9BC}" = FieldCare PlantView
"{6A2D840F-065F-40F7-8F92-9EE1188EDD9B}" = MOVITOOLS® 4.70
"{6DE35E38-F7EE-4747-569A-0DBA92C51D66}" = Catalyst Control Center Localization All
"{6E9B0E05-5557-9148-0E22-C73F3343DBBE}" = CCC Help Russian
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73B0212E-9031-4256-913B-C5C663EBB8DB}" = Endress+Hauser HART DTMlibrary V2.33.00
"{76093D95-0E4A-D8A7-80AD-4B57B27FD417}" = CCC Help Greek
"{7961278A-8FCE-43D7-8F97-AE5C97858F6E}" = Endress+Hauser IPC (Level/Pressure) FXA193/291 CommDTM V1.02.12
"{7ED95A62-1B99-4263-80D1-58187F02F484}" = Endress+Hauser HART Generic DTM V3.1.7
"{7FD171B9-A7DB-4FD5-BCE1-7DAB215CFE56}" = Endress+Hauser Flow Communication DTM FXA193/291 V3.18.00
"{824AF3BF-D1F9-472D-A4FF-30CF6168EB6A}" = Endress+Hauser CDI DTMlibrary V2.33.00
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{867FF927-4191-46AF-91F2-E3ABA70ADEA1}" = Endress+Hauser PCP (ReadWin) Communication DTM 1.01.14
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB89B00-65A7-4DC6-99E8-122DF6491641}" = Endress+Hauser FXA520 DTM V1.05.09
"{8B3EF86B-8F3F-45C6-816A-58CB6FEE8D8D}" = Endress+Hauser SFG500 Comm DTM
"{8B7137F8-8C9E-4C71-B4B4-E739D6EE445C}" = Endress+Hauser PCP DTM Library Msi Setup Wrapper
"{8F13C519-143C-4A03-8E3B-22E8273C302D}" = FieldCare HART OPC commDTM
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E66FE1-622E-4EC9-AB4F-2F4B78F0B55D}" = Endress+Hauser FF DTMLibrary V2.33.00
"{980214D9-E52D-4515-A5C6-0547A9474486}" = HART OPC Server
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A424C13D-E878-FCC9-6129-D4FC425142ED}" = Catalyst Control Center Profiles Mobile
"{A787E44A-57D1-CFEC-9551-502499996E23}" = CCC Help Korean
"{A98F7C8E-72FE-E619-C3CC-AF4AF659801F}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF36D380-57FA-48C5-8215-13A07E5709C8}" = Endress+Hauser IPC DTM Library Msi Setup Wrapper
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFBB25F4-4D53-4894-8987-90FB5CF34159}" = FieldCare CM CommServer
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BCF5BFD6-BA3F-3970-6715-44147EBABAC1}" = CCC Help Portuguese
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C171E354-7AF7-4FBD-8705-58EF4AB5DF20}" = FieldCare CM Application
"{C3E884E5-63A4-450D-B66F-D53AA97BAD66}" = Endress+Hauser Basic DTM Foundation fieldbus V2.33.00
"{C5CDA101-CD15-4C7B-A761-5944D9EE7368}" = FieldCare Profibus
"{C8367983-0E5E-47A3-AB53-D157279938A3}" = FieldCare Documentation & NLS
"{C837152A-3F26-DD7F-D144-4EAB6C619240}" = CCC Help Spanish
"{C8E9D816-DFEE-4D7F-AB9C-193AE4B6D893}" = Endress+Hauser FF CommDTM SFC162 Msi Setup Wrapper
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CDAB0996-9AEB-4B64-8492-D4C40ABB3B7C}" = PLCEditorGatewayServer
"{CE74CF53-8037-419A-9FE1-EED8AAADD011}" = MailStore Client 6.0.5.6910
"{CF3CDFC6-B615-4634-BDB8-639BE63FAB3A}" = SEW sCAN
"{CF67CAEE-90A0-A12C-00D4-378F22190106}" = CCC Help Chinese Standard
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D2738E50-4C79-40FC-B4E1-54FE984BE914}" = Catalyst Control Center - Branding
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D54AFC4A-9FE7-4AE7-9C2E-FA3ABA0C0B41}" = FXA291_Driver_Setup
"{D5C9EB0B-CD13-4BB7-E884-39C436DCCD60}" = Catalyst Control Center Graphics Previews Common
"{D804E4A8-9D03-4812-B65E-991AEE5BA377}" = Endress+Hauser CDI Communication DTM V1.08.00
"{DD76BE0B-92AA-ADE0-513A-0B8A05C51FBA}" = CCC Help Thai
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E860BF84-1B83-0EA1-CDFD-399F137CFD68}" = Catalyst Control Center InstallProxy
"{EBD1C6DF-9F2D-4B5B-DBCF-9F3AC71490F6}" = CCC Help English
"{ED507148-8CD2-DC5F-11D9-83C7C6E60F04}" = CCC Help Dutch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F01B3840-A620-4557-BFBC-0BFD1AC64E76}" = ISSDeviceDTMSetup
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F15D678A-D703-6D1E-9C30-AE88BDE85414}" = CCC Help Czech
"{F161BC21-EE74-4B48-85F1-25978358D73C}" = FieldCare CM Adapter
"{F1742903-373B-F0BF-47D9-C80FAA1F8965}" = CCC Help Hungarian
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}" = Avira Management Console Agent
"{F47D468F-2934-4968-BA7D-A2D3310D0851}" = FXA195_Driver_Setup
"{F4EDA228-A919-0E9E-BBB0-1E4ADD332DCB}" = CCC Help Japanese
"{F8E3BC5B-3461-480B-A5B1-669441F34F09}" = Pepperl+Fuchs Point to bus HART V1.5.9
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Professional Security
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"David Client" = David Client 
"Eaton Automation XSoft-CoDeSys V2.3.9 SP2_is1" = XSoft-CoDeSys V2.3.9 SP2
"Free Video to Nokia Phones Converter_is1" = Free Video to Nokia Phones Converter version 5.0.17.903
"Galileo8.0.3.12065_is1" = Galileo V8.0.3 (12065)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Micro Innovation MXpro V2.3.9 SP1_is1" = MXpro V2.3.9 SP1
"Micro Innovation MXpro V2.3.9_is1" = MXpro V2.3.9 (Patch 2)
"Micro Innovation XV-Targets V2.3.9 SP1_is1" = XV-Targets V2.3.9 SP1
"Micro Innovation XV-Targets V2.3.9_is1" = XV-Targets V2.3.9 (Patch 2)
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NETLink-S7-NET" = NETLink-S7-NET
"NetSetMan_is1" = NetSetMan 3.4.5
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"SEW MotionStudio Uninstall" = MOVITOOLS-MotionStudio
"SZCCID" = Alcor Micro Smart Card Reader Driver
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50) 
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/10/2012 9:09:45 AM | Computer Name = LT138.himteam.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16455,
 Zeitstempel: 0x507284ba  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x11c8  Startzeit der fehlerhaften Anwendung: 0x01cdd6d5b5246cd0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: dd968e2b-42ca-11e2-a4c5-b4b52f2996e3
 
Error - 12/10/2012 9:11:35 AM | Computer Name = LT138.himteam.local | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12/10/2012 9:14:27 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen.  Während des
 Herunterladens ist ein Fehler aufgetreten. .  Es wurden keine neuen Dateien geladen.
 
Error - 12/10/2012 9:36:40 AM | Computer Name = LT138.himteam.local | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12/10/2012 9:39:37 AM | Computer Name = LT138.himteam.local | Source = System Restore | ID = 8204
Description = 
 
Error - 12/10/2012 10:14:37 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen.  Während des
 Herunterladens ist ein Fehler aufgetreten. .  Es wurden keine neuen Dateien geladen.
 
Error - 12/10/2012 11:14:37 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen.  Während des
 Herunterladens ist ein Fehler aufgetreten. .  Es wurden keine neuen Dateien geladen.
 
Error - 12/10/2012 11:15:06 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen.  Während des
 Herunterladens ist ein Fehler aufgetreten. .  Es wurden keine neuen Dateien geladen.
 
Error - 12/10/2012 11:39:58 AM | Computer Name = LT138.himteam.local | Source = Validity USDK | ID = 262184
Description = SSL alert by host: Description is: 47.
 
Error - 12/11/2012 4:41:01 AM | Computer Name = LT138.himteam.local | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12/11/2012 4:41:08 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen.  Während des
 Herunterladens ist ein Fehler aufgetreten. .  Es wurden keine neuen Dateien geladen.
 
[ HP Power Assistant Events ]
Error - 8/17/2012 3:59:51 AM | Computer Name = cvspc | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
[ System Events ]
Error - 12/10/2012 9:39:01 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 12/10/2012 9:39:31 AM | Computer Name = LT138.himteam.local | Source = TermService | ID = 1067
Description = 
 
Error - 12/10/2012 9:39:31 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 HP Power Assistant Service erreicht.
 
Error - 12/10/2012 9:39:31 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Power Assistant Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12/11/2012 4:40:24 AM | Computer Name = LT138.himteam.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HIMTEAM aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 12/11/2012 4:40:51 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 12/11/2012 4:42:24 AM | Computer Name = LT138.himteam.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 12/11/2012 4:42:26 AM | Computer Name = LT138.himteam.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 12/11/2012 4:43:19 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 12/11/2012 4:44:05 AM | Computer Name = LT138.himteam.local | Source = TermService | ID = 1067
Description = 
 
 
< End of report >
         
--- --- ---

Alt 27.12.2012, 15:32   #5
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 16:59   #6
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



17:47:17.0418 6100 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:47:19.0398 6100 ============================================================
17:47:19.0398 6100 Current date / time: 2012/12/27 17:47:19.0398
17:47:19.0398 6100 SystemInfo:
17:47:19.0398 6100
17:47:19.0398 6100 OS Version: 6.1.7601 ServicePack: 1.0
17:47:19.0398 6100 Product type: Workstation
17:47:19.0398 6100 ComputerName: LT138
17:47:19.0399 6100 UserName: meyer
17:47:19.0399 6100 Windows directory: C:\windows
17:47:19.0399 6100 System windows directory: C:\windows
17:47:19.0399 6100 Running under WOW64
17:47:19.0399 6100 Processor architecture: Intel x64
17:47:19.0399 6100 Number of processors: 4
17:47:19.0399 6100 Page size: 0x1000
17:47:19.0399 6100 Boot type: Normal boot
17:47:19.0399 6100 ============================================================
17:47:19.0944 6100 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:47:19.0956 6100 ============================================================
17:47:19.0956 6100 \Device\Harddisk0\DR0:
17:47:19.0957 6100 MBR partitions:
17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x37894000
17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3792A800, BlocksNum 0x205A000
17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39984800, BlocksNum 0x9FD800
17:47:19.0957 6100 ============================================================
17:47:19.0977 6100 C: <-> \Device\Harddisk0\DR0\Partition2
17:47:20.0017 6100 E: <-> \Device\Harddisk0\DR0\Partition3
17:47:20.0027 6100 F: <-> \Device\Harddisk0\DR0\Partition4
17:47:20.0027 6100 ============================================================
17:47:20.0027 6100 Initialize success
17:47:20.0027 6100 ============================================================
17:48:43.0144 2700 ============================================================
17:48:43.0144 2700 Scan started
17:48:43.0144 2700 Mode: Manual; SigCheck; TDLFS;
17:48:43.0144 2700 ============================================================
17:48:43.0602 2700 ================ Scan system memory ========================
17:48:43.0602 2700 System memory - ok
17:48:43.0602 2700 ================ Scan services =============================
17:48:43.0736 2700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:48:43.0850 2700 1394ohci - ok
17:48:43.0881 2700 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
17:48:43.0894 2700 Accelerometer - ok
17:48:43.0913 2700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:48:43.0925 2700 ACPI - ok
17:48:43.0951 2700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:48:44.0019 2700 AcpiPmi - ok
17:48:44.0099 2700 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:48:44.0105 2700 AdobeARMservice - ok
17:48:44.0223 2700 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:48:44.0232 2700 AdobeFlashPlayerUpdateSvc - ok
17:48:44.0269 2700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:48:44.0285 2700 adp94xx - ok
17:48:44.0316 2700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:48:44.0332 2700 adpahci - ok
17:48:44.0359 2700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:48:44.0368 2700 adpu320 - ok
17:48:44.0389 2700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:48:44.0507 2700 AeLookupSvc - ok
17:48:44.0583 2700 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
17:48:44.0641 2700 AESTFilters - ok
17:48:44.0681 2700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:48:44.0747 2700 AFD - ok
17:48:44.0794 2700 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
17:48:44.0800 2700 AgereModemAudio - ok
17:48:44.0835 2700 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
17:48:44.0913 2700 AgereSoftModem - ok
17:48:44.0947 2700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:48:44.0955 2700 agp440 - ok
17:48:44.0985 2700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:48:45.0045 2700 ALG - ok
17:48:45.0069 2700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:48:45.0076 2700 aliide - ok
17:48:45.0106 2700 [ 3D31B3DD621C8F9605FC9C06C182339F ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:48:45.0184 2700 AMD External Events Utility - ok
17:48:45.0197 2700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:48:45.0204 2700 amdide - ok
17:48:45.0222 2700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:48:45.0279 2700 AmdK8 - ok
17:48:45.0444 2700 [ C54C97BD5F39031BA9B5648211063008 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
17:48:45.0693 2700 amdkmdag - ok
17:48:45.0726 2700 [ C4D8FF7CF6BBCCD180E75B5C960F9418 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
17:48:45.0764 2700 amdkmdap - ok
17:48:45.0791 2700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:48:45.0817 2700 AmdPPM - ok
17:48:45.0849 2700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:48:45.0860 2700 amdsata - ok
17:48:45.0883 2700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:48:45.0893 2700 amdsbs - ok
17:48:45.0905 2700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:48:45.0912 2700 amdxata - ok
17:48:45.0987 2700 [ B6F00907FD8053AF04607DC7EE5A8717 ] AntiVir Security Management Center Agent C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
17:48:46.0027 2700 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - warning
17:48:46.0027 2700 AntiVir Security Management Center Agent - detected UnsignedFile.Multi.Generic (1)
17:48:46.0080 2700 [ 56BEB1292DC71E49C824455EC582BFCE ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
17:48:46.0092 2700 AntiVirMailService - ok
17:48:46.0106 2700 [ 7ABE4092C35E7D4596487DFA075D84E1 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:48:46.0112 2700 AntiVirSchedulerService - ok
17:48:46.0124 2700 [ 5A37FFA608AE126C9702F5C07E07FC08 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:48:46.0130 2700 AntiVirService - ok
17:48:46.0147 2700 [ 5F2F39626586536CA86F402A1C947463 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:48:46.0160 2700 AntiVirWebService - ok
17:48:46.0185 2700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:48:46.0293 2700 AppID - ok
17:48:46.0315 2700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:48:46.0364 2700 AppIDSvc - ok
17:48:46.0385 2700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:48:46.0436 2700 Appinfo - ok
17:48:46.0476 2700 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
17:48:46.0531 2700 AppMgmt - ok
17:48:46.0558 2700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
17:48:46.0569 2700 arc - ok
17:48:46.0593 2700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:48:46.0601 2700 arcsas - ok
17:48:46.0622 2700 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
17:48:46.0628 2700 ARCVCAM - ok
17:48:46.0719 2700 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:48:46.0726 2700 aspnet_state - ok
17:48:46.0750 2700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:48:46.0805 2700 AsyncMac - ok
17:48:46.0837 2700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:48:46.0844 2700 atapi - ok
17:48:46.0885 2700 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
17:48:46.0893 2700 AtiHDAudioService - ok
17:48:46.0930 2700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:48:46.0982 2700 AudioEndpointBuilder - ok
17:48:47.0013 2700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:48:47.0041 2700 AudioSrv - ok
17:48:47.0053 2700 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:48:47.0060 2700 avgntflt - ok
17:48:47.0083 2700 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:48:47.0090 2700 avipbb - ok
17:48:47.0099 2700 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:48:47.0105 2700 avkmgr - ok
17:48:47.0140 2700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:48:47.0210 2700 AxInstSV - ok
17:48:47.0239 2700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
17:48:47.0293 2700 b06bdrv - ok
17:48:47.0332 2700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:48:47.0362 2700 b57nd60a - ok
17:48:47.0403 2700 [ CCABEAC61E8D8ADD9DA16E319ED6BF07 ] BCM42RLY C:\windows\system32\drivers\BCM42RLY.sys
17:48:47.0409 2700 BCM42RLY - ok
17:48:47.0480 2700 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
17:48:47.0556 2700 BCM43XX - ok
17:48:47.0596 2700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:48:47.0645 2700 BDESVC - ok
17:48:47.0676 2700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:48:47.0730 2700 Beep - ok
17:48:47.0822 2700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:48:47.0886 2700 BFE - ok
17:48:47.0926 2700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
17:48:47.0982 2700 BITS - ok
17:48:48.0016 2700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:48:48.0059 2700 blbdrive - ok
17:48:48.0093 2700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:48:48.0142 2700 bowser - ok
17:48:48.0177 2700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:48:48.0254 2700 BrFiltLo - ok
17:48:48.0269 2700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:48:48.0279 2700 BrFiltUp - ok
17:48:48.0302 2700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:48:48.0354 2700 Browser - ok
17:48:48.0379 2700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:48:48.0425 2700 Brserid - ok
17:48:48.0448 2700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:48:48.0481 2700 BrSerWdm - ok
17:48:48.0520 2700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:48:48.0530 2700 BrUsbMdm - ok
17:48:48.0551 2700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:48:48.0577 2700 BrUsbSer - ok
17:48:48.0620 2700 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:48:48.0699 2700 BthEnum - ok
17:48:48.0729 2700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:48:48.0755 2700 BTHMODEM - ok
17:48:48.0799 2700 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:48:48.0810 2700 BthPan - ok
17:48:48.0843 2700 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:48:48.0905 2700 BTHPORT - ok
17:48:48.0931 2700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:48:48.0975 2700 bthserv - ok
17:48:48.0999 2700 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:48:49.0029 2700 BTHUSB - ok
17:48:49.0073 2700 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
17:48:49.0085 2700 btwampfl - ok
17:48:49.0108 2700 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
17:48:49.0115 2700 btwaudio - ok
17:48:49.0140 2700 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\windows\system32\drivers\btwavdt.sys
17:48:49.0147 2700 btwavdt - ok
17:48:49.0219 2700 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:48:49.0239 2700 btwdins - ok
17:48:49.0245 2700 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
17:48:49.0251 2700 btwl2cap - ok
17:48:49.0258 2700 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
17:48:49.0264 2700 btwrchid - ok
17:48:49.0301 2700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:48:49.0344 2700 cdfs - ok
17:48:49.0380 2700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:48:49.0408 2700 cdrom - ok
17:48:49.0449 2700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:48:49.0504 2700 CertPropSvc - ok
17:48:49.0548 2700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:48:49.0586 2700 circlass - ok
17:48:49.0629 2700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:48:49.0643 2700 CLFS - ok
17:48:49.0686 2700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:48:49.0693 2700 clr_optimization_v2.0.50727_32 - ok
17:48:49.0720 2700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:48:49.0728 2700 clr_optimization_v2.0.50727_64 - ok
17:48:49.0772 2700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:48:49.0781 2700 clr_optimization_v4.0.30319_32 - ok
17:48:49.0795 2700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:48:49.0803 2700 clr_optimization_v4.0.30319_64 - ok
17:48:49.0830 2700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:48:49.0860 2700 CmBatt - ok
17:48:49.0892 2700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:48:49.0901 2700 cmdide - ok
17:48:49.0944 2700 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
17:48:49.0968 2700 CNG - ok
17:48:49.0985 2700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:48:49.0992 2700 Compbatt - ok
17:48:50.0016 2700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:48:50.0040 2700 CompositeBus - ok
17:48:50.0063 2700 COMSysApp - ok
17:48:50.0078 2700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:48:50.0086 2700 crcdisk - ok
17:48:50.0121 2700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
17:48:50.0174 2700 CryptSvc - ok
17:48:50.0202 2700 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
17:48:50.0262 2700 CSC - ok
17:48:50.0288 2700 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
17:48:50.0328 2700 CscService - ok
17:48:50.0377 2700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:48:50.0405 2700 DcomLaunch - ok
17:48:50.0427 2700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:48:50.0474 2700 defragsvc - ok
17:48:50.0518 2700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:48:50.0561 2700 DfsC - ok
17:48:50.0592 2700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:48:50.0642 2700 Dhcp - ok
17:48:50.0661 2700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:48:50.0699 2700 discache - ok
17:48:50.0739 2700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
17:48:50.0747 2700 Disk - ok
17:48:50.0771 2700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:48:50.0822 2700 Dnscache - ok
17:48:50.0849 2700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:48:50.0893 2700 dot3svc - ok
17:48:50.0925 2700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:48:50.0967 2700 DPS - ok
17:48:51.0006 2700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:48:51.0032 2700 drmkaud - ok
17:48:51.0074 2700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:48:51.0098 2700 DXGKrnl - ok
17:48:51.0129 2700 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
17:48:51.0141 2700 e1cexpress - ok
17:48:51.0184 2700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:48:51.0230 2700 EapHost - ok
17:48:51.0299 2700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
17:48:51.0386 2700 ebdrv - ok
17:48:51.0433 2700 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\windows\system32\Drivers\wwuss64.sys
17:48:51.0439 2700 ecnssndis - ok
17:48:51.0449 2700 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\windows\system32\Drivers\wwussf64.sys
17:48:51.0455 2700 ecnssndisfltr - ok
17:48:51.0481 2700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:48:51.0514 2700 EFS - ok
17:48:51.0604 2700 [ 06503009663CDF85608F3AE5951EC97C ] EH.SFG500.CommServer C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe
17:48:51.0629 2700 EH.SFG500.CommServer ( UnsignedFile.Multi.Generic ) - warning
17:48:51.0630 2700 EH.SFG500.CommServer - detected UnsignedFile.Multi.Generic (1)
17:48:51.0684 2700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:48:51.0742 2700 ehRecvr - ok
17:48:51.0763 2700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:48:51.0812 2700 ehSched - ok
17:48:51.0843 2700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:48:51.0859 2700 elxstor - ok
17:48:51.0878 2700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:48:51.0907 2700 ErrDev - ok
17:48:51.0957 2700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:48:52.0001 2700 EventSystem - ok
17:48:52.0044 2700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:48:52.0087 2700 exfat - ok
17:48:52.0112 2700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:48:52.0162 2700 fastfat - ok
17:48:52.0211 2700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:48:52.0264 2700 Fax - ok
17:48:52.0275 2700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:48:52.0308 2700 fdc - ok
17:48:52.0340 2700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:48:52.0366 2700 fdPHost - ok
17:48:52.0371 2700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:48:52.0413 2700 FDResPub - ok
17:48:52.0441 2700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:48:52.0451 2700 FileInfo - ok
17:48:52.0462 2700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:48:52.0509 2700 Filetrace - ok
17:48:52.0526 2700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:48:52.0555 2700 flpydisk - ok
17:48:52.0599 2700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:48:52.0616 2700 FltMgr - ok
17:48:52.0653 2700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:48:52.0713 2700 FontCache - ok
17:48:52.0761 2700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:48:52.0767 2700 FontCache3.0.0.0 - ok
17:48:52.0789 2700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:48:52.0797 2700 FsDepends - ok
17:48:52.0823 2700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:48:52.0830 2700 Fs_Rec - ok
17:48:52.0868 2700 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\windows\system32\drivers\ftdibus.sys
17:48:52.0874 2700 FTDIBUS - ok
17:48:52.0899 2700 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\windows\system32\drivers\ftser2k.sys
17:48:52.0908 2700 FTSER2K - ok
17:48:52.0949 2700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:48:52.0968 2700 fvevol - ok
17:48:52.0992 2700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:48:53.0000 2700 gagp30kx - ok
17:48:53.0025 2700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:48:53.0075 2700 gpsvc - ok
17:48:53.0110 2700 [ C864875E87E6B790471516856FC1F5C2 ] h36wgps C:\windows\system32\DRIVERS\h36wgps64.sys
17:48:53.0120 2700 h36wgps - ok
17:48:53.0135 2700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:48:53.0157 2700 hcw85cir - ok
17:48:53.0205 2700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:48:53.0238 2700 HdAudAddService - ok
17:48:53.0272 2700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:48:53.0304 2700 HDAudBus - ok
17:48:53.0333 2700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:48:53.0359 2700 HidBatt - ok
17:48:53.0390 2700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:48:53.0416 2700 HidBth - ok
17:48:53.0444 2700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:48:53.0472 2700 HidIr - ok
17:48:53.0497 2700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:48:53.0540 2700 hidserv - ok
17:48:53.0585 2700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:48:53.0593 2700 HidUsb - ok
17:48:53.0618 2700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:48:53.0668 2700 hkmsvc - ok
17:48:53.0710 2700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:48:53.0763 2700 HomeGroupListener - ok
17:48:53.0788 2700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:48:53.0818 2700 HomeGroupProvider - ok
17:48:53.0886 2700 [ 02C2108111D9656A9729995D2219FB99 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
17:48:53.0893 2700 HP Power Assistant Service - ok
17:48:53.0955 2700 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
17:48:53.0961 2700 HPDayStarterService - ok
17:48:53.0984 2700 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
17:48:53.0990 2700 hpdskflt - ok
17:48:54.0072 2700 [ 0ADC6AFAB2B17FFC9C6E24DD1583F888 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
17:48:54.0082 2700 hpHotkeyMonitor - ok
17:48:54.0099 2700 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
17:48:54.0107 2700 HpqKbFiltr - ok
17:48:54.0171 2700 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:48:54.0188 2700 hpqwmiex - ok
17:48:54.0218 2700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:48:54.0229 2700 HpSAMD - ok
17:48:54.0246 2700 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe
17:48:54.0252 2700 hpsrv - ok
17:48:54.0300 2700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:48:54.0354 2700 HTTP - ok
17:48:54.0383 2700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:48:54.0391 2700 hwpolicy - ok
17:48:54.0432 2700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:48:54.0447 2700 i8042prt - ok
17:48:54.0470 2700 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:48:54.0480 2700 iaStor - ok
17:48:54.0547 2700 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:48:54.0552 2700 IAStorDataMgrSvc - ok
17:48:54.0589 2700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:48:54.0600 2700 iaStorV - ok
17:48:54.0637 2700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:48:54.0658 2700 idsvc - ok
17:48:54.0679 2700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:48:54.0689 2700 iirsp - ok
17:48:54.0766 2700 [ CE1EE31FFF730CA975A5535D8A71AF61 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
17:48:54.0773 2700 IJPLMSVC - ok
17:48:54.0833 2700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:48:54.0893 2700 IKEEXT - ok
17:48:54.0927 2700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:48:54.0937 2700 intelide - ok
17:48:54.0955 2700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:48:54.0984 2700 intelppm - ok
17:48:55.0006 2700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:48:55.0031 2700 IPBusEnum - ok
17:48:55.0060 2700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:48:55.0105 2700 IpFilterDriver - ok
17:48:55.0143 2700 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:48:55.0199 2700 iphlpsvc - ok
17:48:55.0219 2700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:48:55.0249 2700 IPMIDRV - ok
17:48:55.0280 2700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:48:55.0322 2700 IPNAT - ok
17:48:55.0350 2700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:48:55.0384 2700 IRENUM - ok
17:48:55.0421 2700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:48:55.0428 2700 isapnp - ok
17:48:55.0451 2700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:48:55.0462 2700 iScsiPrt - ok
17:48:55.0493 2700 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
17:48:55.0501 2700 jhi_service - ok
17:48:55.0527 2700 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
17:48:55.0534 2700 JMCR - ok
17:48:55.0569 2700 [ C6A3593D397B111C1DBBC1BE6384B548 ] johci C:\windows\system32\DRIVERS\johci.sys
17:48:55.0575 2700 johci - ok
17:48:55.0600 2700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
17:48:55.0608 2700 kbdclass - ok
17:48:55.0632 2700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:48:55.0656 2700 kbdhid - ok
17:48:55.0680 2700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:48:55.0690 2700 KeyIso - ok
17:48:55.0715 2700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:48:55.0723 2700 KSecDD - ok
17:48:55.0750 2700 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:48:55.0758 2700 KSecPkg - ok
17:48:55.0779 2700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:48:55.0803 2700 ksthunk - ok
17:48:55.0829 2700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:48:55.0877 2700 KtmRm - ok
17:48:55.0918 2700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:48:55.0966 2700 LanmanServer - ok
17:48:56.0014 2700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:48:56.0055 2700 LanmanWorkstation - ok
17:48:56.0118 2700 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:48:56.0137 2700 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:48:56.0137 2700 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:48:56.0185 2700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:48:56.0224 2700 lltdio - ok
17:48:56.0254 2700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:48:56.0280 2700 lltdsvc - ok
17:48:56.0294 2700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:48:56.0318 2700 lmhosts - ok
17:48:56.0368 2700 [ DE75F2EA497DA4B3A764D4EAC43135E9 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:48:56.0377 2700 LMS - ok
17:48:56.0406 2700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:48:56.0414 2700 LSI_FC - ok
17:48:56.0431 2700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:48:56.0439 2700 LSI_SAS - ok
17:48:56.0455 2700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:48:56.0463 2700 LSI_SAS2 - ok
17:48:56.0486 2700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:48:56.0494 2700 LSI_SCSI - ok
17:48:56.0520 2700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:48:56.0562 2700 luafv - ok
17:48:56.0608 2700 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
17:48:56.0620 2700 LVRS64 - ok
17:48:56.0708 2700 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys
17:48:56.0828 2700 LVUVC64 - ok
17:48:56.0889 2700 [ 7AEAC0B5B185CB5601673A0462C7EC36 ] massfilter C:\windows\system32\DRIVERS\massfilter.sys
17:48:56.0932 2700 massfilter - ok
17:48:56.0955 2700 [ 0845DA0BFF1AF5C57DE4DD97ACAF2FCD ] Mbm3CBus C:\windows\system32\DRIVERS\Mbm3CBus.sys
17:48:56.0969 2700 Mbm3CBus - ok
17:48:56.0982 2700 [ DB6FA599AA79324E287C4EAF6020DA37 ] Mbm3DevMt C:\windows\system32\DRIVERS\Mbm3DevMt.sys
17:48:56.0995 2700 Mbm3DevMt - ok
17:48:57.0003 2700 [ 2F71EDB697752D409B9983F0E1D88F70 ] Mbm3mdfl C:\windows\system32\DRIVERS\Mbm3mdfl.sys
17:48:57.0008 2700 Mbm3mdfl - ok
17:48:57.0023 2700 [ 21B412A36DE3CCFE4E13383B88CFC90C ] Mbm3Mdm C:\windows\system32\DRIVERS\Mbm3Mdm.sys
17:48:57.0034 2700 Mbm3Mdm - ok
17:48:57.0059 2700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:48:57.0093 2700 Mcx2Svc - ok
17:48:57.0126 2700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:48:57.0133 2700 megasas - ok
17:48:57.0163 2700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:48:57.0175 2700 MegaSR - ok
17:48:57.0209 2700 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:48:57.0215 2700 MEIx64 - ok
17:48:57.0235 2700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:48:57.0285 2700 MMCSS - ok
17:48:57.0317 2700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:48:57.0358 2700 Modem - ok
17:48:57.0389 2700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:48:57.0420 2700 monitor - ok
17:48:57.0458 2700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:48:57.0466 2700 mouclass - ok
17:48:57.0489 2700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:48:57.0520 2700 mouhid - ok
17:48:57.0552 2700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:48:57.0560 2700 mountmgr - ok
17:48:57.0573 2700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:48:57.0581 2700 mpio - ok
17:48:57.0609 2700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:48:57.0633 2700 mpsdrv - ok
17:48:57.0664 2700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:48:57.0712 2700 MpsSvc - ok
17:48:57.0732 2700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:48:57.0767 2700 MRxDAV - ok
17:48:57.0803 2700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:48:57.0859 2700 mrxsmb - ok
17:48:57.0884 2700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:48:57.0896 2700 mrxsmb10 - ok
17:48:57.0909 2700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:48:57.0953 2700 mrxsmb20 - ok
17:48:57.0984 2700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
17:48:57.0991 2700 msahci - ok
17:48:58.0015 2700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:48:58.0023 2700 msdsm - ok
17:48:58.0039 2700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:48:58.0070 2700 MSDTC - ok
17:48:58.0100 2700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:48:58.0124 2700 Msfs - ok
17:48:58.0146 2700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:48:58.0186 2700 mshidkmdf - ok
17:48:58.0213 2700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:48:58.0220 2700 msisadrv - ok
17:48:58.0247 2700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:48:58.0291 2700 MSiSCSI - ok
17:48:58.0293 2700 msiserver - ok
17:48:58.0341 2700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:48:58.0365 2700 MSKSSRV - ok
17:48:58.0379 2700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:48:58.0418 2700 MSPCLOCK - ok
17:48:58.0441 2700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:48:58.0482 2700 MSPQM - ok
17:48:58.0516 2700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:48:58.0530 2700 MsRPC - ok
17:48:58.0548 2700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:48:58.0555 2700 mssmbios - ok
17:48:58.0604 2700 MSSQL$SQLFIELDCARE - ok
17:48:58.0633 2700 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:48:58.0639 2700 MSSQLServerADHelper100 - ok
17:48:58.0671 2700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:48:58.0718 2700 MSTEE - ok
17:48:58.0738 2700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:48:58.0771 2700 MTConfig - ok
17:48:58.0804 2700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:48:58.0811 2700 Mup - ok
17:48:58.0834 2700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:48:58.0882 2700 napagent - ok
17:48:58.0924 2700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:48:58.0959 2700 NativeWifiP - ok
17:48:59.0006 2700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:48:59.0029 2700 NDIS - ok
17:48:59.0055 2700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:48:59.0100 2700 NdisCap - ok
17:48:59.0127 2700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:48:59.0168 2700 NdisTapi - ok
17:48:59.0204 2700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:48:59.0251 2700 Ndisuio - ok
17:48:59.0273 2700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:48:59.0315 2700 NdisWan - ok
17:48:59.0350 2700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:48:59.0376 2700 NDProxy - ok
17:48:59.0405 2700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:48:59.0449 2700 NetBIOS - ok
17:48:59.0476 2700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:48:59.0518 2700 NetBT - ok
17:48:59.0542 2700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:48:59.0552 2700 Netlogon - ok
17:48:59.0580 2700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:48:59.0608 2700 Netman - ok
17:48:59.0638 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:48:59.0646 2700 NetMsmqActivator - ok
17:48:59.0649 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:48:59.0656 2700 NetPipeActivator - ok
17:48:59.0668 2700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:48:59.0710 2700 netprofm - ok
17:48:59.0732 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:48:59.0739 2700 NetTcpActivator - ok
17:48:59.0742 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:48:59.0749 2700 NetTcpPortSharing - ok
17:48:59.0779 2700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:48:59.0786 2700 nfrd960 - ok
17:48:59.0806 2700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
17:48:59.0843 2700 NlaSvc - ok
17:48:59.0873 2700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:48:59.0897 2700 Npfs - ok
17:48:59.0922 2700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:48:59.0969 2700 nsi - ok
17:48:59.0990 2700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:49:00.0039 2700 nsiproxy - ok
17:49:00.0090 2700 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:49:00.0138 2700 Ntfs - ok
17:49:00.0162 2700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:49:00.0207 2700 Null - ok
17:49:00.0241 2700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:49:00.0250 2700 nvraid - ok
17:49:00.0283 2700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:49:00.0292 2700 nvstor - ok
17:49:00.0304 2700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:49:00.0313 2700 nv_agp - ok
17:49:00.0336 2700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:49:00.0358 2700 ohci1394 - ok
17:49:00.0394 2700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:00.0401 2700 ose - ok
17:49:00.0529 2700 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:49:00.0643 2700 osppsvc - ok
17:49:00.0671 2700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:49:00.0726 2700 p2pimsvc - ok
17:49:00.0753 2700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:49:00.0790 2700 p2psvc - ok
17:49:00.0826 2700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
17:49:00.0837 2700 Parport - ok
17:49:00.0859 2700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:49:00.0867 2700 partmgr - ok
17:49:00.0938 2700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:49:00.0965 2700 PcaSvc - ok
17:49:01.0004 2700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:49:01.0014 2700 pci - ok
17:49:01.0042 2700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
17:49:01.0049 2700 pciide - ok
17:49:01.0069 2700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:49:01.0078 2700 pcmcia - ok
17:49:01.0099 2700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:49:01.0110 2700 pcw - ok
17:49:01.0154 2700 [ 8F924F00F2F81422FD7C340FDA0E00D8 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
17:49:01.0161 2700 PdiService - ok
17:49:01.0180 2700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:49:01.0229 2700 PEAUTH - ok
17:49:01.0265 2700 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
17:49:01.0317 2700 PeerDistSvc - ok
17:49:01.0364 2700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:49:01.0402 2700 PerfHost - ok
17:49:01.0451 2700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:49:01.0509 2700 pla - ok
17:49:01.0558 2700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:49:01.0609 2700 PlugPlay - ok
17:49:01.0625 2700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:49:01.0656 2700 PNRPAutoReg - ok
17:49:01.0676 2700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:49:01.0688 2700 PNRPsvc - ok
17:49:01.0720 2700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:49:01.0771 2700 PolicyAgent - ok
17:49:01.0814 2700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:49:01.0854 2700 Power - ok
17:49:01.0892 2700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:49:01.0941 2700 PptpMiniport - ok
17:49:01.0965 2700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
17:49:01.0992 2700 Processor - ok
17:49:02.0028 2700 [ 6FA0BC406989E500E332CE17CC3D0A8F ] PROFIbrd C:\windows\system32\drivers\PROFIbrd.sys
17:49:02.0037 2700 PROFIbrd - ok
17:49:02.0057 2700 [ 6B086F7D69DA24A9B966C7063B0AD199 ] PROFIpnp C:\windows\system32\drivers\PROFIpnp.sys
17:49:02.0065 2700 PROFIpnp - ok
17:49:02.0080 2700 [ ACA283350F62F1D843D1947EE022BFE4 ] PROFIprt C:\windows\system32\drivers\PROFIprt.sys
17:49:02.0086 2700 PROFIprt - ok
17:49:02.0106 2700 [ 6D7DE08F88AEA5E1BCC8E3FF9F65B13A ] PROFIstack C:\windows\system32\drivers\PROFIstack.sys
17:49:02.0117 2700 PROFIstack - ok
17:49:02.0135 2700 [ BB74D13BA72F84612500D35DFB4D955B ] PROFIusb C:\windows\system32\drivers\PROFIusb.sys
17:49:02.0141 2700 PROFIusb - ok
17:49:02.0176 2700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:49:02.0230 2700 ProfSvc - ok
17:49:02.0244 2700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:49:02.0254 2700 ProtectedStorage - ok
17:49:02.0287 2700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:49:02.0330 2700 Psched - ok
17:49:02.0377 2700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:49:02.0418 2700 ql2300 - ok
17:49:02.0447 2700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:49:02.0455 2700 ql40xx - ok
17:49:02.0474 2700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:49:02.0487 2700 QWAVE - ok
17:49:02.0509 2700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:49:02.0538 2700 QWAVEdrv - ok
17:49:02.0561 2700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:49:02.0603 2700 RasAcd - ok
17:49:02.0632 2700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:49:02.0670 2700 RasAgileVpn - ok
17:49:02.0696 2700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:49:02.0737 2700 RasAuto - ok
17:49:02.0769 2700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:49:02.0812 2700 Rasl2tp - ok
17:49:02.0843 2700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:49:02.0874 2700 RasMan - ok
17:49:02.0890 2700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:49:02.0931 2700 RasPppoe - ok
17:49:02.0965 2700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:49:02.0990 2700 RasSstp - ok
17:49:03.0014 2700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:49:03.0063 2700 rdbss - ok
17:49:03.0097 2700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:49:03.0107 2700 rdpbus - ok
17:49:03.0126 2700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:49:03.0173 2700 RDPCDD - ok
17:49:03.0206 2700 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
17:49:03.0257 2700 RDPDR - ok
17:49:03.0280 2700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:49:03.0321 2700 RDPENCDD - ok
17:49:03.0342 2700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:49:03.0367 2700 RDPREFMP - ok
17:49:03.0395 2700 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
17:49:03.0436 2700 RdpVideoMiniport - ok
17:49:03.0451 2700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:49:03.0499 2700 RDPWD - ok
17:49:03.0517 2700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:49:03.0530 2700 rdyboost - ok
17:49:03.0553 2700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:49:03.0598 2700 RemoteAccess - ok
17:49:03.0623 2700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:49:03.0668 2700 RemoteRegistry - ok
17:49:03.0715 2700 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:49:03.0742 2700 RFCOMM - ok
17:49:03.0780 2700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:49:03.0824 2700 RpcEptMapper - ok
17:49:03.0850 2700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:49:03.0874 2700 RpcLocator - ok
17:49:03.0907 2700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:49:03.0934 2700 RpcSs - ok
17:49:03.0960 2700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:49:04.0004 2700 rspndr - ok
17:49:04.0029 2700 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
17:49:04.0074 2700 s3cap - ok
17:49:04.0089 2700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:49:04.0099 2700 SamSs - ok
17:49:04.0124 2700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:49:04.0132 2700 sbp2port - ok
17:49:04.0157 2700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:49:04.0204 2700 SCardSvr - ok
17:49:04.0234 2700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:49:04.0279 2700 scfilter - ok
17:49:04.0317 2700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:49:04.0365 2700 Schedule - ok
17:49:04.0395 2700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:49:04.0422 2700 SCPolicySvc - ok
17:49:04.0452 2700 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
17:49:04.0466 2700 sdbus - ok
17:49:04.0489 2700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:49:04.0543 2700 SDRSVC - ok
17:49:04.0606 2700 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:49:04.0623 2700 SDScannerService - ok
17:49:04.0663 2700 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:49:04.0682 2700 SDUpdateService - ok
17:49:04.0702 2700 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:49:04.0710 2700 SDWSCService - ok
17:49:04.0732 2700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:49:04.0776 2700 secdrv - ok
17:49:04.0801 2700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:49:04.0842 2700 seclogon - ok
17:49:04.0877 2700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:49:04.0919 2700 SENS - ok
17:49:04.0947 2700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:49:04.0991 2700 SensrSvc - ok
17:49:05.0011 2700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:49:05.0036 2700 Serenum - ok
17:49:05.0075 2700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
17:49:05.0106 2700 Serial - ok
17:49:05.0156 2700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:49:05.0186 2700 sermouse - ok
17:49:05.0221 2700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:49:05.0264 2700 SessionEnv - ok
17:49:05.0292 2700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:49:05.0339 2700 sffdisk - ok
17:49:05.0348 2700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:49:05.0375 2700 sffp_mmc - ok
17:49:05.0396 2700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:49:05.0427 2700 sffp_sd - ok
17:49:05.0445 2700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:49:05.0475 2700 sfloppy - ok
17:49:05.0507 2700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
17:49:05.0554 2700 SharedAccess - ok
17:49:05.0588 2700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:49:05.0629 2700 ShellHWDetection - ok
17:49:05.0661 2700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:49:05.0669 2700 SiSRaid2 - ok
17:49:05.0691 2700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:49:05.0702 2700 SiSRaid4 - ok
17:49:05.0746 2700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:49:05.0753 2700 SkypeUpdate - ok
17:49:05.0781 2700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:49:05.0822 2700 Smb - ok
17:49:05.0874 2700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:49:05.0901 2700 SNMPTRAP - ok
17:49:05.0958 2700 [ 80B683DF156771E30D33E01AF09ABE3C ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
17:49:06.0003 2700 SNP2UVC - ok
17:49:06.0025 2700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:49:06.0032 2700 spldr - ok
17:49:06.0064 2700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:49:06.0115 2700 Spooler - ok
17:49:06.0181 2700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:49:06.0251 2700 sppsvc - ok
17:49:06.0294 2700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:49:06.0337 2700 sppuinotify - ok
17:49:06.0373 2700 [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$SQLFIELDCARE c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLFIELDCARE\MSSQL\Binn\SQLAGENT.EXE
17:49:06.0385 2700 SQLAgent$SQLFIELDCARE - ok
17:49:06.0433 2700 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:49:06.0443 2700 SQLBrowser - ok
17:49:06.0464 2700 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:49:06.0471 2700 SQLWriter - ok
17:49:06.0502 2700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:49:06.0555 2700 srv - ok
17:49:06.0582 2700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:49:06.0615 2700 srv2 - ok
17:49:06.0641 2700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:49:06.0668 2700 srvnet - ok
17:49:06.0700 2700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:49:06.0743 2700 SSDPSRV - ok
17:49:06.0766 2700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:49:06.0793 2700 SstpSvc - ok
17:49:06.0958 2700 [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
17:49:06.0968 2700 STacSV - ok
17:49:06.0993 2700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:49:07.0000 2700 stexstor - ok
17:49:07.0036 2700 [ 5C8D6072D1D09F11789C6A014688048A ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
17:49:07.0070 2700 STHDA - ok
17:49:07.0108 2700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:49:07.0146 2700 stisvc - ok
17:49:07.0188 2700 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
17:49:07.0199 2700 storflt - ok
17:49:07.0223 2700 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
17:49:07.0267 2700 StorSvc - ok
17:49:07.0287 2700 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
17:49:07.0295 2700 storvsc - ok
17:49:07.0310 2700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
17:49:07.0317 2700 swenum - ok
17:49:07.0341 2700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:49:07.0393 2700 swprv - ok
17:49:07.0439 2700 [ 0B0AE2373FF3B31CD02F30BD71C7D14C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:49:07.0452 2700 SynTP - ok
17:49:07.0505 2700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:49:07.0552 2700 SysMain - ok
17:49:07.0574 2700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:49:07.0609 2700 TabletInputService - ok
17:49:07.0648 2700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:49:07.0693 2700 TapiSrv - ok
17:49:07.0731 2700 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\windows\system32\DRIVERS\tapoas.sys
17:49:07.0780 2700 tapoas - ok
17:49:07.0803 2700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:49:07.0828 2700 TBS - ok
17:49:07.0871 2700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:49:07.0931 2700 Tcpip - ok
17:49:07.0978 2700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:49:08.0011 2700 TCPIP6 - ok
17:49:08.0050 2700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:49:08.0080 2700 tcpipreg - ok
17:49:08.0106 2700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:49:08.0157 2700 TDPIPE - ok
17:49:08.0180 2700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:49:08.0207 2700 TDTCP - ok
17:49:08.0254 2700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:49:08.0300 2700 tdx - ok
17:49:08.0381 2700 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:49:08.0446 2700 TeamViewer7 - ok
17:49:08.0463 2700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
17:49:08.0470 2700 TermDD - ok
17:49:08.0500 2700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:49:08.0528 2700 TermService - ok
17:49:08.0553 2700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:49:08.0584 2700 Themes - ok
17:49:08.0616 2700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:49:08.0641 2700 THREADORDER - ok
17:49:08.0676 2700 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
17:49:08.0687 2700 TPM - ok
17:49:08.0719 2700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:49:08.0744 2700 TrkWks - ok
17:49:08.0793 2700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:49:08.0833 2700 TrustedInstaller - ok
17:49:08.0866 2700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:49:08.0911 2700 tssecsrv - ok
17:49:08.0941 2700 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:49:08.0968 2700 TsUsbFlt - ok
17:49:09.0011 2700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:49:09.0052 2700 tunnel - ok
17:49:09.0081 2700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:49:09.0089 2700 uagp35 - ok
17:49:09.0126 2700 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
17:49:09.0137 2700 uArcCapture - ok
17:49:09.0154 2700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:49:09.0209 2700 udfs - ok
17:49:09.0240 2700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:49:09.0249 2700 UI0Detect - ok
17:49:09.0285 2700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:49:09.0296 2700 uliagpkx - ok
17:49:09.0320 2700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:49:09.0343 2700 umbus - ok
17:49:09.0376 2700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:49:09.0410 2700 UmPass - ok
17:49:09.0439 2700 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
17:49:09.0469 2700 UmRdpService - ok
17:49:09.0534 2700 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:49:09.0546 2700 UMVPFSrv - ok
17:49:09.0644 2700 [ 2955A9ADBC618B6A09E3D3BECC3CCB3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:49:09.0708 2700 UNS - ok
17:49:09.0734 2700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:49:09.0779 2700 upnphost - ok
17:49:09.0827 2700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
17:49:09.0838 2700 usbaudio - ok
17:49:09.0852 2700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:49:09.0897 2700 usbccgp - ok
17:49:09.0925 2700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:49:09.0936 2700 usbcir - ok
17:49:09.0952 2700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
17:49:09.0976 2700 usbehci - ok
17:49:10.0009 2700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:49:10.0036 2700 usbhub - ok
17:49:10.0074 2700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:49:10.0095 2700 usbohci - ok
17:49:10.0125 2700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:49:10.0155 2700 usbprint - ok
17:49:10.0190 2700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:49:10.0237 2700 USBSTOR - ok
17:49:10.0254 2700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:49:10.0277 2700 usbuhci - ok
17:49:10.0302 2700 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:49:10.0334 2700 usbvideo - ok
17:49:10.0365 2700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:49:10.0390 2700 UxSms - ok
17:49:10.0405 2700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:49:10.0415 2700 VaultSvc - ok
17:49:10.0447 2700 [ CF619CAFDABFF0A46E17509D5A24D8A6 ] VBoxDrv C:\windows\system32\DRIVERS\VBoxDrv.sys
17:49:10.0456 2700 VBoxDrv - ok
17:49:10.0470 2700 [ A20B65C4C40AA8E5C351DBEA4CE45636 ] VBoxNetAdp C:\windows\system32\DRIVERS\VBoxNetAdp.sys
17:49:10.0478 2700 VBoxNetAdp - ok
17:49:10.0494 2700 [ 08202237262B9D9654B609FFBD8BD725 ] VBoxNetFlt C:\windows\system32\DRIVERS\VBoxNetFlt.sys
17:49:10.0506 2700 VBoxNetFlt - ok
17:49:10.0540 2700 [ D24505CF9AF80ACEC8CD1FEDB230A356 ] VBoxUSB C:\windows\system32\Drivers\VBoxUSB.sys
17:49:10.0548 2700 VBoxUSB - ok
17:49:10.0599 2700 [ 14EB14D8FC182C0D1CF82220025486B5 ] VBoxUSBMon C:\windows\system32\DRIVERS\VBoxUSBMon.sys
17:49:10.0610 2700 VBoxUSBMon - ok
17:49:10.0674 2700 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\windows\system32\vcsFPService.exe
17:49:10.0718 2700 vcsFPService - ok
17:49:10.0744 2700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:49:10.0751 2700 vdrvroot - ok
17:49:10.0774 2700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:49:10.0824 2700 vds - ok
17:49:10.0857 2700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:49:10.0867 2700 vga - ok
17:49:10.0883 2700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:49:10.0928 2700 VgaSave - ok
17:49:10.0957 2700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:49:10.0966 2700 vhdmp - ok
17:49:10.0989 2700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:49:10.0997 2700 viaide - ok
17:49:11.0016 2700 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
17:49:11.0026 2700 vmbus - ok
17:49:11.0036 2700 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
17:49:11.0043 2700 VMBusHID - ok
17:49:11.0120 2700 [ 8719BCFBAA239CCDAA3054973661F3E6 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
17:49:11.0144 2700 VMCService ( UnsignedFile.Multi.Generic ) - warning
17:49:11.0144 2700 VMCService - detected UnsignedFile.Multi.Generic (1)
17:49:11.0170 2700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:49:11.0177 2700 volmgr - ok
17:49:11.0204 2700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:49:11.0217 2700 volmgrx - ok
17:49:11.0243 2700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:49:11.0258 2700 volsnap - ok
17:49:11.0286 2700 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
17:49:11.0294 2700 vpcbus - ok
17:49:11.0319 2700 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
17:49:11.0372 2700 vpcnfltr - ok
17:49:11.0405 2700 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
17:49:11.0432 2700 vpcusb - ok
17:49:11.0483 2700 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
17:49:11.0496 2700 vpcvmm - ok
17:49:11.0522 2700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:49:11.0531 2700 vsmraid - ok
17:49:11.0577 2700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:49:11.0632 2700 VSS - ok
17:49:11.0669 2700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:49:11.0695 2700 vwifibus - ok
17:49:11.0724 2700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:49:11.0752 2700 vwififlt - ok
17:49:11.0793 2700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:49:11.0825 2700 W32Time - ok
17:49:11.0847 2700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:49:11.0875 2700 WacomPen - ok
17:49:11.0914 2700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:49:11.0938 2700 WANARP - ok
17:49:11.0946 2700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:49:11.0970 2700 Wanarpv6 - ok
17:49:12.0020 2700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:49:12.0045 2700 WatAdminSvc - ok
17:49:12.0077 2700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:49:12.0135 2700 wbengine - ok
17:49:12.0155 2700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:49:12.0168 2700 WbioSrvc - ok
17:49:12.0189 2700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:49:12.0224 2700 wcncsvc - ok
17:49:12.0249 2700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:49:12.0299 2700 WcsPlugInService - ok
17:49:12.0317 2700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
17:49:12.0324 2700 Wd - ok
17:49:12.0347 2700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:49:12.0368 2700 Wdf01000 - ok
17:49:12.0389 2700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:49:12.0466 2700 WdiServiceHost - ok
17:49:12.0468 2700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:49:12.0481 2700 WdiSystemHost - ok
17:49:12.0508 2700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:49:12.0544 2700 WebClient - ok
17:49:12.0566 2700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:49:12.0615 2700 Wecsvc - ok
17:49:12.0633 2700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:49:12.0679 2700 wercplsupport - ok
17:49:12.0707 2700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:49:12.0747 2700 WerSvc - ok
17:49:12.0779 2700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:49:12.0825 2700 WfpLwf - ok
17:49:12.0847 2700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:49:12.0854 2700 WIMMount - ok
17:49:12.0868 2700 WinDefend - ok
17:49:12.0872 2700 WinHttpAutoProxySvc - ok
17:49:12.0915 2700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:49:12.0963 2700 Winmgmt - ok
17:49:13.0021 2700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:49:13.0104 2700 WinRM - ok
17:49:13.0147 2700 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
17:49:13.0178 2700 WinUSB - ok
17:49:13.0215 2700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:49:13.0259 2700 Wlansvc - ok
17:49:13.0298 2700 [ 9E281477BF61B1CF77CE725851B144CE ] wltrysvc C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
17:49:13.0301 2700 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
17:49:13.0301 2700 wltrysvc - detected UnsignedFile.Multi.Generic (1)
17:49:13.0335 2700 WMCoreService - ok
17:49:13.0358 2700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:49:13.0391 2700 WmiAcpi - ok
17:49:13.0420 2700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:49:13.0450 2700 wmiApSrv - ok
17:49:13.0473 2700 WMPNetworkSvc - ok
17:49:13.0496 2700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:49:13.0522 2700 WPCSvc - ok
17:49:13.0545 2700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:49:13.0579 2700 WPDBusEnum - ok
17:49:13.0601 2700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:49:13.0645 2700 ws2ifsl - ok
17:49:13.0676 2700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
17:49:13.0709 2700 wscsvc - ok
17:49:13.0711 2700 WSearch - ok
17:49:13.0774 2700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:49:13.0828 2700 wuauserv - ok
17:49:13.0856 2700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:49:13.0897 2700 WudfPf - ok
17:49:13.0913 2700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:49:13.0945 2700 WUDFRd - ok
17:49:13.0974 2700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:49:14.0001 2700 wudfsvc - ok
17:49:14.0030 2700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:49:14.0043 2700 WwanSvc - ok
17:49:14.0084 2700 [ 39A502A36AAE7FBD0D2F57491C1001FA ] WwanUsbServ C:\windows\system32\DRIVERS\WwanUsbMp64.sys
17:49:14.0092 2700 WwanUsbServ - ok
17:49:14.0121 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:49:14.0142 2700 ZTEusbmdm6k - ok
17:49:14.0162 2700 [ 9E74E0D096F8023A68A262A012153182 ] ZTEusbnet C:\windows\system32\DRIVERS\ZTEusbnet.sys
17:49:14.0213 2700 ZTEusbnet - ok
17:49:14.0228 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
17:49:14.0235 2700 ZTEusbnmea - ok
17:49:14.0272 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
17:49:14.0280 2700 ZTEusbser6k - ok
17:49:14.0302 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbvoice C:\windows\system32\DRIVERS\ZTEusbvoice.sys
17:49:14.0312 2700 ZTEusbvoice - ok
17:49:14.0332 2700 ================ Scan global ===============================
17:49:14.0352 2700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:49:14.0374 2700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
17:49:14.0385 2700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
17:49:14.0400 2700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:49:14.0429 2700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:49:14.0431 2700 [Global] - ok
17:49:14.0431 2700 ================ Scan MBR ==================================
17:49:14.0439 2700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:49:14.0741 2700 \Device\Harddisk0\DR0 - ok
17:49:14.0741 2700 ================ Scan VBR ==================================
17:49:14.0743 2700 [ E5E1A44B776D7D72FE33CBEE13499CF5 ] \Device\Harddisk0\DR0\Partition1
17:49:14.0744 2700 \Device\Harddisk0\DR0\Partition1 - ok
17:49:14.0781 2700 [ 37704F41C23129D148E30518B880DDC7 ] \Device\Harddisk0\DR0\Partition2
17:49:14.0783 2700 \Device\Harddisk0\DR0\Partition2 - ok
17:49:14.0813 2700 [ 1C00A767E54C132E18985FEEEBB597C4 ] \Device\Harddisk0\DR0\Partition3
17:49:14.0816 2700 \Device\Harddisk0\DR0\Partition3 - ok
17:49:14.0827 2700 [ 811CFFDF4CE879F0DC16C8CF326DBCC3 ] \Device\Harddisk0\DR0\Partition4
17:49:14.0828 2700 \Device\Harddisk0\DR0\Partition4 - ok
17:49:14.0828 2700 ============================================================
17:49:14.0828 2700 Scan finished
17:49:14.0828 2700 ============================================================
17:49:14.0833 4808 Detected object count: 5
17:49:14.0833 4808 Actual detected object count: 5
17:49:31.0695 4808 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:31.0695 4808 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:31.0695 4808 EH.SFG500.CommServer ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:31.0695 4808 EH.SFG500.CommServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:31.0696 4808 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:31.0696 4808 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:31.0697 4808 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:31.0697 4808 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:31.0697 4808 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:31.0697 4808 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 27.12.2012, 18:48   #7
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 20:07   #8
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



nach dem scan habe ich avira wieder aktiviert!!!
hier das ergebnis.
vielen dank noch mal.


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-27.03 - meyer 27.12.2012  20:57:37.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8166.5655 [GMT 1:00]
ausgeführt von:: c:\users\meyer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\regobj.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 20:00 . 2012-12-27 20:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-27 20:00 . 2012-12-27 20:00	--------	d-----w-	c:\users\cvs\AppData\Local\temp
2012-12-27 20:00 . 2012-12-27 20:00	--------	d-----w-	c:\users\schneider\AppData\Local\temp
2012-12-27 20:00 . 2012-12-27 20:00	--------	d-----w-	c:\users\administrator.HIMTEAM\AppData\Local\temp
2012-12-27 20:00 . 2012-12-27 20:00	--------	d-----w-	c:\users\Administrator.cvspc\AppData\Local\temp
2012-12-27 08:07 . 2012-12-27 08:07	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-27 08:06 . 2012-12-27 08:06	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-27 08:06 . 2012-12-27 08:06	--------	d-----w-	c:\program files (x86)\Java
2012-12-21 09:57 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 09:57 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 09:57 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 09:57 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-21 08:26 . 2012-12-21 08:26	--------	d-----w-	c:\program files\CCleaner
2012-12-20 13:27 . 2012-12-20 13:27	--------	d-----w-	c:\users\meyer\AppData\Roaming\Malwarebytes
2012-12-20 13:26 . 2012-12-20 13:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-20 13:26 . 2012-12-20 13:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-20 13:26 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-20 09:21 . 2012-12-27 19:34	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-12-20 09:21 . 2012-12-27 19:55	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-20 09:20 . 2012-12-20 09:20	--------	d-----w-	c:\users\meyer\AppData\Local\Programs
2012-12-14 12:19 . 2012-11-14 06:06	887296	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-12-14 12:19 . 2012-11-14 06:06	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-12-14 12:19 . 2012-11-14 02:01	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-12-14 12:19 . 2012-11-14 07:06	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-12-14 12:19 . 2012-11-14 06:32	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-12-14 12:00 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-14 12:00 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-14 11:58 . 2012-12-14 11:58	--------	d-----w-	c:\users\meyer\AppData\Roaming\Hewlett-Packard
2012-12-14 11:57 . 2012-12-14 11:57	--------	d-----w-	c:\users\meyer\AppData\Local\Hewlett-Packard
2012-12-10 11:14 . 2012-12-10 11:14	--------	d-----w-	c:\users\meyer\AppData\Local\Logitech® Webcam-Software
2012-12-01 10:05 . 2011-06-17 20:58	89952	----a-w-	c:\windows\SysWow64\SQSRVRES.DLL
2012-12-01 10:01 . 2012-03-14 04:00	385024	----a-w-	c:\windows\system32\CNMLMAT.DLL
2012-12-01 09:55 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-01 09:55 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-01 09:55 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-01 09:55 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-01 09:55 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-01 09:55 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-01 09:55 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-01 09:55 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-12-01 09:55 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-11-28 09:42 . 2012-11-28 09:42	402272	----a-w-	c:\windows\SysWow64\rsnp2uvc.dll
2012-11-28 09:42 . 2012-11-28 09:42	400736	----a-w-	c:\windows\system32\rsnp2uvc.dll
2012-11-28 09:42 . 2012-11-28 09:42	379232	----a-w-	c:\windows\system32\vsnp2uvc.dll
2012-11-28 09:42 . 2012-11-28 09:42	26464	----a-w-	c:\windows\snuvcdsm.exe
2012-11-28 09:42 . 2012-11-28 09:42	246112	----a-w-	c:\windows\system32\csnp2uvc.dll
2012-11-28 09:42 . 2012-11-28 09:42	1866080	----a-w-	c:\windows\system32\drivers\snp2uvc.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 08:06 . 2012-08-17 09:31	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-27 08:06 . 2012-08-17 09:31	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-26 09:34 . 2012-08-20 10:56	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-26 09:34 . 2012-08-20 10:56	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 12:22 . 2012-08-16 15:07	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-12 11:07 . 2012-08-21 09:32	140936	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-11-12 11:07 . 2012-08-21 09:32	114168	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-11-07 09:18 . 2012-11-07 09:18	86016	----a-w-	c:\windows\SysWow64\OdbcJdbcSetup.dll
2012-11-07 09:18 . 2012-11-07 09:18	225280	----a-w-	c:\windows\SysWow64\IscDbc.dll
2012-11-07 09:18 . 2012-11-07 09:18	200704	----a-w-	c:\windows\SysWow64\OdbcJdbc.dll
2012-11-05 17:43 . 2012-11-05 17:43	53248	----a-r-	c:\users\meyer\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-10-16 08:38 . 2012-12-01 09:53	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-01 09:53	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-01 09:53	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 14:49	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 14:49	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 14:49	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 14:49	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-14 12:01	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 14:50	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 14:50	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 14:50	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 14:50	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 14:50	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 14:50	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 14:50	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 14:50	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 14:50	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 14:50	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 14:50	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-22 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2011-03-10 93240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-04-14 183808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-21 348664]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
startmt.cmd [2012-8-21 388]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVir Security Management Center Agent;Avira Management Console Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [2012-12-19 1131777]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 11776]
R3 PROFIpnp;PROFIBUS PnP Hardware Driver (Softing); [x]
R3 PROFIusb;PROFIusb Device Driver (Softing AG); [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-08-20 117080]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-19 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-08-18 135168]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 119680]
R4 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-08-21 375760]
R4 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-21 465360]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 SQLAgent$SQLFIELDCARE;SQL Server Agent (SQLFIELDCARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLFIELDCARE\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-08-21 27760]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-08-20 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-08-20 130904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-21 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-21 86224]
S2 EH.SFG500.CommServer;E+H SFG500 CommServer;c:\program files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe [2012-06-18 9216]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MSSQL$SQLFIELDCARE;SQL Server (SQLFIELDCARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLFIELDCARE\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 PROFIbrd;PROFIBUS V5 Hardware Driver (Softing); [x]
S2 PROFIprt;PROFIBUS Protocol Driver (Softing); [x]
S2 PROFIstack;PROFIBUS V6 Hardware Driver (Softing); [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-03-25 9216]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248]
S3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys [2011-02-28 101416]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 Mbm3CBus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208]
S3 Mbm3DevMt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912]
S3 Mbm3mdfl;HP  Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528]
S3 Mbm3Mdm;HP  Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-08-20 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-08-20 166232]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-03-04 277032]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 70014878
*Deregistered* - 70014878
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2012-06-13 5398528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2779024]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-27  21:02:25
ComboFix-quarantined-files.txt  2012-12-27 20:02
.
Vor Suchlauf: 10 Verzeichnis(se), 371.582.050.304 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 371.550.593.024 Bytes frei
.
- - End Of File - - 430AF080F6860508020BAC5E769620E1
         
--- --- ---

Alt 28.12.2012, 14:33   #9
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



Hi,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.12.2012, 10:38   #10
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



ich hoffe, du kannst da etwas mit anfangen.


Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	26.12.2012	6,00 MB	11.5.502.135	"notwendig"
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	20.08.2012	121 MB	10.1.4	"notwendig"
Alcor Micro Smart Card Reader Driver	Alcor Micro Corp.	13.06.2012	88,0 KB	1.7.16.0	"notwendig"
ALPHAPLAN Client 2010	CVS Ingenieurgesellschaft mbH	21.08.2012	2,92 MB	3.12.2010		"notwendig"
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	13.06.2012	22,7 MB	3.0.851.0	"notwendig"
ArcSoft Webcam Sharing Manager	ArcSoft	13.06.2012	7,78 MB	2.0.0.30				"notwendig"		
Avira Management Console Agent	Avira Operations GmbH & Co. KG	21.08.2012				"notwendig"			
Avira Professional Security	Avira	07.12.2012	130 MB	12.1.9.1580				"notwendig"	
Broadcom 2070 Bluetooth 3.0	Broadcom Corporation	13.06.2012	183 MB	6.3.0.6300		"notwendig"
Broadcom 802.11 Wireless LAN Adapter	Broadcom Corporation	13.06.2012		5.60.48.61	"notwendig"
Broadcom Wireless Utility	Broadcom Corporation	13.06.2012		5.60.48.61		"notwendig"	
Canon IJ Network Scanner Selector EX		24.09.2012						"notwendig"
Canon IJ Network Tool		24.09.2012								"notwendig"
Canon Inkjet Printer/Scanner/Fax Extended Survey Program		24.09.2012			"notwendig"
Canon MG5300 series Benutzerregistrierung		24.09.2012					"notwendig"	
Canon MG5300 series MP Drivers		24.09.2012							"notwendig"
Canon My Printer		24.09.2012								"notwendig"	
CCleaner	Piriform	19.12.2012		3.26						"notwendig"
CDI_Driver_Setup	E+H Process Solutions AG	07.11.2012	28,0 KB	1.0.0			"notwendig"		
Cisco EAP-FAST Module	Cisco Systems, Inc.	13.06.2012	1,55 MB	2.2.14			"unbekannt"
Cisco LEAP Module	Cisco Systems, Inc.	13.06.2012	644 KB	1.0.19			"unbekannt"
Cisco PEAP Module	Cisco Systems, Inc.	13.06.2012	1,23 MB	1.1.6			"unbekannt"
David Client	Tobit.Software	21.08.2012		11.00a						"notwendig"
Endress+Hauser Basic DTM Foundation fieldbus V2.33.00	Endress+Hauser	07.11.2012	27,5 MB	2.0.71.0"notwendig"
Endress+Hauser CDI DTMlibrary V2.33.00	Endress+Hauser	07.11.2012	820 MB	1.7.680			"notwendig"
Endress+Hauser EnvelopeCurveViewer 2011	Endress+Hauser	07.11.2012	9,55 MB	3.00.03.0408		"notwendig"	
Endress+Hauser FF DTMLibrary V2.33.00	ENDRESS+HAUSER	07.11.2012	415 MB	1.7.109			"notwendig"
Endress+Hauser FXA520 DTM V1.05.09	Endress+Hauser	07.11.2012	29,4 MB	1.05.09			"notwendig"
Endress+Hauser HART DTMlibrary V2.33.00	Endress+Hauser	07.11.2012	1,92 GB	1.7.454			"notwendig"
Endress+Hauser HART Generic DTM V3.1.7	Endress+Hauser	07.11.2012	7,68 MB	3.1.7			"notwendig"	
Endress+Hauser IPC (Level/Pressure) FXA193/291 DTMlibrary V2.33.00	Endress+Hauser	07.11.2012	1,01 GB	1.7.453			"notwendig"
Endress+Hauser PCP DTMlibrary V2.33.00	Endress+Hauser	07.11.2012	30,8 MB	1.7.452							"notwendig"
Endress+Hauser PROFIBUS DTMlibrary V2.33.00	Endress+Hauser	07.11.2012	2,35 GB	1.7.318						"notwendig"
Endress+Hauser SFC162 Communication DTM V1.01.02.000	Endress+Hauser Process Solutions AG	07.11.2012	14,5 MB	1.01.02.000	"notwendig"
Endress+Hauser SFC173 Communication DTM V1.01.01	Endress+Hauser	07.11.2012	6,95 MB	1.1.1.1					"notwendig"
Endress+Hauser SFG500 Comm DTM	Endress+Hauser Process Solutions AG	07.11.2012	45,4 MB	1.00.04.107				"notwendig"
Energy Star Digital Logo	Hewlett-Packard	13.06.2012	300 KB	1.0.1								"notwendig"
FieldCare	Endress+Hauser	07.11.2012	8,01 MB	2.09.00.1617									"notwendig"
FieldCare FF commDTM	Metso Endress+Hauser Technology AG	07.11.2012	1,37 MB	1.5.2.0						"notwendig"
FieldCare HART Modem	Metso Endress+Hauser Technology AG	07.11.2012	2,46 MB	1.0.42.0					"notwendig"
FieldCare HART OPC commDTM	Metso Endress+Hauser Technology AG	07.11.2012	2,43 MB	2.0.0.186				"notwendig"
FieldCare Profibus	Metso Endress+Hauser Technology AG	07.11.2012	16,5 MB	2.11						"notwendig"
FieldCare Profibus Profile	Endress+Hauser Process Solutions AG	07.11.2012	78,5 MB	1.5.67012				"notwendig"
Free Video to Nokia Phones Converter version 5.0.17.903	DVDVideoSoft Ltd.	06.09.2012	74,0 MB	5.0.17.903	"unnötig"	
FXA195_Driver_Setup	E+H Process Solutions AG	07.11.2012	6,51 MB	1.00.00	"notwendig"
FXA291_Driver_Setup	E+H Process Solutions AG	07.11.2012	3,15 MB	1.00.00	"notwendig"
Galileo V8.0.3 (12065)	Eaton Automation	19.10.2012		8.0.3.12065	"notwendig"
HART OPC Server	Metso Endress+Hauser Technology AG	07.11.2012	4,96 MB	3.2.0	"notwendig"
HP 3D DriveGuard	Hewlett-Packard Company	08.03.2011	9,67 MB	4.1.4.1		"notwendig"
HP Client Automation Agent Preload 	Hewlett-Packard	08.03.2011	5,87 MB	7.5	"notwendig"
HP DayStarter	Hewlett-Packard Company	13.06.2012	18,6 MB	2.0.0.12		"notwendig"
HP Documentation	Hewlett-Packard	13.06.2012	0,96 GB	1.1.0.0			"notwendig"
HP ESU for Microsoft Windows 7	Hewlett-Packard Company	08.03.2011	16,1 MB	1.1.11.1"notwendig"
HP GPS and Location	Hewlett-Packard Company	13.06.2012	14,7 MB	1.0.26.1	"notwendig"
HP HotKey Support	Hewlett-Packard Company	08.03.2011	12,3 MB	4.0.10.1	"notwendig"
HP Mobile Broadband Drivers	Ericsson AB	13.06.2012		6.3.5.3		"notwendig"
HP Power Assistant	Hewlett-Packard Company	08.03.2011	37,3 MB	2.0.2.0		"notwendig"
HP QuickWeb	Hewlett-Packard Company	13.06.2012	4,35 MB	3.0.0.9057		"notwendig"
HP Setup	Hewlett-Packard Company	08.03.2011		8.5.4526.3645		"notwendig"
HP SoftPaq Download Manager	Hewlett-Packard Company	08.03.2011	13,9 MB	3.2.0.0	"notwendig"
HP Software Framework	Hewlett-Packard Company	13.06.2012	2,81 MB	4.0.112.1	"notwendig"
HP Software Setup	Hewlett-Packard Company	08.03.2011	14,1 MB	8.2.1.1		"notwendig"
HP System Default Settings	Hewlett-Packard Company	08.03.2011	1,58 MB	2.1.2	"notwendig"
HP Wallpaper	Hewlett-Packard Company	08.03.2011	44,3 MB	2.00			"notwendig"
HP Webcam	Roxio	13.06.2012	9,76 MB	1.0.25.0				"notwendig"
HP Webcam Driver	Sonix	13.06.2012		5.8.50058.0			"notwendig"
IDT Audio	IDT	13.06.2012		1.0.6325.0				"notwendig"				
Intel(R) Identity Protection Technology 1.0.71.0	Intel Corporation	13.06.2012	1,13 MB	1.0.71.0	"notwendig"
Intel(R) Management Engine Components	Intel Corporation	08.03.2011		7.0.0.1144			"notwendig"
Intel(R) Network Connections Drivers	Intel	13.06.2012	916 KB	15.4						"notwendig"
Intel(R) Rapid Storage Technology	Intel Corporation	13.06.2012		10.1.2.1004			"notwendig"
IOassistant	Eaton	03.09.2012	59,1 MB	2.6.4000								"notwendig"
ISSDeviceDTMSetup	Endress+Hauser	07.11.2012	145 MB	6.06.2100						"notwendig"
Java 7 Update 10	Oracle	27.12.2012	128 MB	7.0.100								"notwendig"
JMicron 1394 Filter Driver	JMicron Technology Corp.	13.06.2012		1.00.21.00			"notwendig"
JMicron Flash Media Controller Driver	JMicron Technology Corp.	13.06.2012		1.0.57.2		"notwendig"
LightScribe System Software	LightScribe	08.03.2011	24,5 MB	1.18.15.1					"notwendig"
Logitech Vid HD	Logitech Inc..	05.11.2012		7.2 (7248)							"notwendig"
Logitech Webcam Software	Logitech Inc.	05.11.2012		2.0						"notwendig"
LSI HDA Modem	LSI Corporation	13.06.2012	16,0 KB	2.2.100								"notwendig"
MailStore Client 6.0.5.6910	deepinvent Software GmbH	21.08.2012	29,8 MB	6.15.0				"notwendig"
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	20.12.2012	19,4 MB	1.65.1.1000	"notwendig"
Microsoft .NET Compact Framework 2.0 SP2	Microsoft Corporation	16.10.2012	93,2 MB	2.0.7045		"notwendig"
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.03.2011	38,8 MB	4.0.30319		"notwendig"
Microsoft .NET Framework 4 Extended	Microsoft Corporation	08.03.2011	51,9 MB	4.0.30319			"notwendig"
Microsoft Office Home and Business 2010	Microsoft Corporation	21.08.2012		14.0.6029.1000			"notwendig"
Microsoft Silverlight	Microsoft Corporation	20.08.2012	40,3 MB	4.1.10329.0					"notwendig"
Microsoft SQL Server 2008 R2	Microsoft Corporation	07.11.2012							"notwendig"		
Microsoft SQL Server 2008 R2 Native Client	Microsoft Corporation	01.12.2012	6,09 MB	10.51.2500.0		"notwendig"
Microsoft SQL Server 2008 R2 Setup (English)	Microsoft Corporation	01.12.2012	26,6 MB	10.51.2500.0		"notwendig"
Microsoft SQL Server 2008 Setup Support Files 	Microsoft Corporation	07.11.2012	21,6 MB	10.1.2731.0		"notwendig"
Microsoft SQL Server Browser	Microsoft Corporation	01.12.2012	9,19 MB	10.51.2500.0				"notwendig"
Microsoft SQL Server VSS Writer	Microsoft Corporation	01.12.2012	3,64 MB	10.51.2500.0				"notwendig"
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	20.08.2012	300 KB	8.0.61001		"notwendig"
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	13.06.2012	612 KB	8.0.61000		"notwendig"
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	08.03.2011	788 KB	9.0.30729	"notwendig"
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	20.08.2012	788 KB	9.0.30729.6161	"notwendig"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	08.03.2011	596 KB	9.0.30729	"notwendig"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	21.08.2012	224 KB	9.0.30729.4148	"notwendig"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	20.08.2012	600 KB	9.0.30729.6161	"notwendig"
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	20.08.2012	13,7 MB	10.0.30319	"notwendig"
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	21.08.2012	16,5 MB	10.0.40219	"notwendig"
Microsoft Visual J# 2.0 Redistributable Package	Microsoft Corporation	15.10.2012			"notwendig"								
MotionStudio	SEW-EURODRIVE GmbH & Co KG	16.10.2012	226 MB	5.8.0				"notwendig"
MOVITOOLS-MotionStudio	SEW-EURODRIVE GmbH & Co KG	16.10.2012					"notwendig"		
MOVITOOLS® 4.70	SEW-EURODRIVE GmbH & Co KG	15.10.2012	409 MB	4.7.0				"notwendig"
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2012	1,27 MB	4.20.9870.0		"notwendig"
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	12.11.2012	1,33 MB	4.20.9876.0		"notwendig"
MXpro V2.3.6	Micro Innovation AG	03.09.2012		2.3.6					"notwendig"
MXpro V2.3.6 SP1	Micro Innovation AG	03.09.2012		2.3.6 SP1			"notwendig"
MXpro V2.3.9 (Patch 2)	Micro Innovation	03.09.2012		2.3.9 (990)			"notwendig"
MXpro V2.3.9 SP1	Micro Innovation	03.09.2012		2.3.9 SP1 (1122)		"notwendig"
NETLink-S7-NET		06.09.2012									"notwendig"	
NetSetMan 3.4.5	Ilja Herlein	09.10.2012	7,45 MB	3.4.5						"notwendig"
Oracle VM VirtualBox 4.1.20	Oracle Corporation	03.09.2012	139 MB	4.1.20			"notwendig"
PCAN OEM 64-Bit		16.10.2012	18,6 MB							"unbekannt"
Pepperl+Fuchs Point to bus HART V1.5.9	Pepperl+Fuchs GmbH	07.11.2012	32,8 MB	1.5.9.1		"notwendig"
PLCEditor für MOVITOOLS MotionStudio	SEW Eurodrive GmbH & Co. KG	16.10.2012			"notwendig"	
PLCEditorGatewayServer	SEW Eurodrive GmbH & Co. KG	16.10.2012	1,83 MB	2.3.0925		"notwendig"
SEW sCAN	SEW EURODRIVE	15.10.2012	18,1 MB	1.3.0						"notwendig"
SEW-Communication-Server	SEW Eurodrive GmbH	16.10.2012	8,56 MB	1.0.0			"notwendig"
Skype™ 5.10	Skype Technologies S.A.	06.09.2012	19,4 MB	5.10.116				"notwendig"
Softing Profibus Drivers and API	Softing AG	07.11.2012	11,2 MB	5.45.6			"notwendig"
Synaptics Pointing Device Driver	Synaptics Incorporated	16.08.2012	46,4 MB	15.3.25.0	"notwendig"
TeamViewer 7	TeamViewer	06.09.2012		7.0.14484					"notwendig"
Total Commander (Remove or Repair)	Ghisler Software GmbH	20.08.2012		8.01		"notwendig"	
Trebing + Himstedt DTM Library V4.0.4.0	Trebing & Himstedt Prozeßautomation GmbH & Co. KG	07.11.2012	47,6 MB	4.0.4.0	"notwendig"
TXU10 Setup	E+H Process Solutions AG	07.11.2012	4,87 MB	1.00.00							"notwendig"
Validity Fingerprint Sensor Driver	Validity Sensors, Inc.	13.06.2012	24,8 MB	4.3.117.0				"notwendig"
VIP Access SDK x64(1.0.0.50)	Symantec Inc.	13.06.2012		1.0.0.50						"notwendig"
Vodafone Mobile Connect Lite	Vodafone	29.10.2012	34,1 MB	9.4.9.22273						"notwendig"
Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)	FTDI	16.10.2012		07/12/2010 2.08.02	"notwendig"
Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)	FTDI	16.10.2012		07/12/2010 2.08.02	"notwendig"	
Windows-Treiberpaket - libusb-win32 (libusb0) libusb-win32 devices  (10/02/2010 1.2.2.0)	libusb-win32	16.10.2012		10/02/2010 1.2.2.0	"notwendig"
XC/XV-Targets V2.3.9 SP2	Eaton Automation	03.09.2012		2.3.9 SP2 (1384)		"notwendig"
XC/XV-Targets V2.3.9 SP2 (Patch 1)	Eaton Automation	19.10.2012		2.3.9 SP2 (1517)	"notwendig"
XSoft-CoDeSys V2.3.9 SP2	Eaton Automation	03.09.2012		2.3.9 SP2 (1384)		"notwendig"
XV-Targets V2.3.9 (Patch 2)	Micro Innovation	03.09.2012		2.3.9 (990)			"notwendig"
XV-Targets V2.3.9 SP1	Micro Innovation	03.09.2012		2.3.9 SP1 (1122)			"notwendig"
         

Alt 02.01.2013, 20:11   #11
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Free Video

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 08:52   #12
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



# AdwCleaner v2.104 - Datei am 03/01/2013 um 09:45:51 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : meyer - LT138
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\meyer\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\meyer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [982 octets] - [03/01/2013 09:45:51]

########## EOF - C:\AdwCleaner[R3].txt - [1041 octets] ##########

Alt 03.01.2013, 17:06   #13
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



Hi

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)
neustarten, testen wie der PC läuft + Programme wie Browser.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 20:07   #14
kreuz as
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



ein neustart hat gereicht.
hier die datei:

# AdwCleaner v2.104 - Datei am 03/01/2013 um 21:02:05 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : meyer - LT138
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\meyer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\meyer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R5].txt - [1108 octets] - [03/01/2013 21:01:33]
AdwCleaner[S1].txt - [1044 octets] - [03/01/2013 21:02:05]

########## EOF - C:\AdwCleaner[S1].txt - [1104 octets] ##########


rechner läuft unauffällig!!!

Geändert von kreuz as (03.01.2013 um 20:08 Uhr) Grund: vergessen

Alt 05.01.2013, 15:34   #15
markusg
/// Malware-holic
 
gvu trojaner, (ukash) hat mich erwischt. - Standard

gvu trojaner, (ukash) hat mich erwischt.



Hi
öffne OTL, bereinigen, PC startet neu,löscht Remover.
Falls setups etc über bleiben, löschen, papierkorb leeren.

PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu gvu trojaner, (ukash) hat mich erwischt.
erwischt, funde, guten, gvu trojaner, konnte, malwarebytes, neue, neuen, scan, troja, trojaner, ukash



Ähnliche Themen: gvu trojaner, (ukash) hat mich erwischt.


  1. BKA Trojaner hat auch mich erwischt .
    Log-Analyse und Auswertung - 25.10.2014 (5)
  2. gvu trojaner hat mich erwischt
    Log-Analyse und Auswertung - 09.09.2013 (10)
  3. GVU Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (24)
  4. GVU Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (11)
  5. GVU-Trojaner ... hat mich auch erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (9)
  6. UKASH-Bundestrojaner hat mich erwischt...
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  7. Trojaner hat mich ebenfalls erwischt.
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  8. BKA Trojaner (mit Webcamfenster) hat mich erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (5)
  9. GVU-Trojaner 2.07 hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (14)
  10. ukash und paysafecard 100 € mich hats auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (6)
  11. UKash-Trojaner hat mich auch erwischt-.-
    Mülltonne - 17.03.2012 (0)
  12. 50€-Trojaner: auch mich hat es erwischt.
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (52)
  13. 50€ Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  14. Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.11.2011 (2)
  15. der ukash-trojaner hat uns erwischt!
    Log-Analyse und Auswertung - 04.10.2011 (5)
  16. BKA Ukash hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (1)
  17. Bundespolizei Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (5)

Zum Thema gvu trojaner, (ukash) hat mich erwischt. - guten tag, ich habe mir den gvu trojaner eingefangen. ich denke, ich konnte ihn beseitigen. bin mir aber nicht nicht sicher. mein vorletzter scan mit Malwarebytes brachte drei trojaner zum - gvu trojaner, (ukash) hat mich erwischt....
Archiv
Du betrachtest: gvu trojaner, (ukash) hat mich erwischt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.