Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner auf Windows7 64bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.06.2013, 14:32   #16
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Sorry hatte ich überlesen. Hier also noch einmal der log scan für alle user

Code:
ATTFilter
OTL logfile created on: 6/11/2013 9:41:32 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 14.83 Gb Total Space | 14.83 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive I: | 458.95 Gb Total Space | 54.76 Gb Free Space | 11.93% Space Free | Partition Type: NTFS
Drive J: | 459.46 Gb Total Space | 82.12 Gb Free Space | 17.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/06/20 03:19:12 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto] -- I:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2011/01/10 09:48:32 | 000,231,280 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2011/01/10 09:47:54 | 000,109,936 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV:64bit: - [2011/01/10 09:47:42 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV:64bit: - [2009/07/28 11:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto] -- I:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/05/21 02:16:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- I:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 09:26:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/10 11:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto] -- I:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/03/25 10:01:30 | 004,561,152 | ---- | M] () [Auto] -- I:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- I:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/25 18:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 02:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- I:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/08 04:12:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 04:12:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/11 08:11:20 | 000,040,960 | ---- | M] () [Auto] -- I:\Users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/05/19 10:05:22 | 000,081,784 | ---- | M] (AVM Berlin) [Auto] -- I:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 06:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- I:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/06 09:06:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand] -- I:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/07 00:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/08/06 13:18:54 | 000,311,592 | ---- | M] () [Auto] -- I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/28 15:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/08 04:12:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 04:12:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 09:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/04/05 07:31:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- I:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/07/18 01:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/12 17:49:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\Drivers\qd262x64.sys -- (ioatdma2) Intel(R)
DRV:64bit: - [2009/06/12 17:49:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\Drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/06/12 06:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- I:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008/09/23 05:19:04 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\gwfilt64.sys -- (gwfilt64)
DRV:64bit: - [2007/04/11 11:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
DRV:64bit: - [2007/04/11 11:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7721&r=17360110cn06973h54b75ph8045l6s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7721&r=17360110cn06973h54b75ph8045l6s
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\BE.ST_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7721&r=17360110cn06973h54b75ph8045l6s
IE - HKU\BE.ST_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\BE.ST_ON_I\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\BE.ST_ON_I\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\BE.ST_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\BE.ST_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBG&o=15132&locale=de_DE&apn_uid=183CEB53-CDBB-423B-B977-0C103B673CA4&apn_ptnrs=RN&apn_sauid=A47A6612-49D1-4781-B19C-2E9BA3E15B93&apn_dtid=YYYYYYYYDE&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: I:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\cas.de/CASBrowserPlugin: I:\Program Files (x86)\CAS-Software\CAS PIA\npCASBrowserPlugin.dll (CAS Software AG)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/21 02:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/21 02:16:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\extensions\mail@gutscheinrausch.de [2012/01/11 08:11:24 | 000,000,000 | ---D | M]
 
[2010/01/04 11:03:35 | 000,000,000 | ---D | M] (No name found) -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Extensions
[2013/04/16 02:11:57 | 000,000,000 | ---D | M] (No name found) -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\extensions
[2012/04/25 08:50:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\extensions\2020Player_IKEA@2020Technologies.com
[2013/04/16 02:11:57 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\extensions\fb_add_on@avm.de
[2012/01/11 08:11:24 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\extensions\mail@gutscheinrausch.de
[2011/12/28 03:58:59 | 000,000,000 | ---D | M] (No name found) -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\wi2ccqdc.Server2Go\extensions
[2011/12/28 03:58:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\wi2ccqdc.Server2Go\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/11 08:11:22 | 000,002,689 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\askcom.xml
[2012/01/11 08:11:22 | 000,001,131 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\conduit.xml
[2012/01/11 08:11:22 | 000,002,188 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\{36D0CAC9-1383-4AB3-BA29-766822FECC23}.xml
[2012/01/11 08:11:22 | 000,001,870 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\{3C0DACF0-EADE-4838-B1F8-6E6C255CC0C4}.xml
[2012/01/11 08:11:22 | 000,002,077 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\{B9D6FFD2-F2A2-4A67-93D1-AEEBD87BF638}.xml
[2013/05/21 02:16:15 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/21 02:16:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/21 02:16:15 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/21 02:16:15 | 000,000,000 | ---D | M] (Default) -- I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 08:11:22 | 000,001,625 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2011/07/08 05:13:54 | 000,002,952 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.1.217  HPSTORAGE  #Windows Home Server#
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 localhost 
O1 - Hosts: ::1 localhost 
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com 
O1 - Hosts: 127.0.0.1 adobeereg.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com 
O1 - Hosts: 45 more lines...
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - I:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - I:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - I:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - I:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - I:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - I:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - I:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - I:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\BE.ST_ON_I\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - I:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3:64bit: - HKU\BE.ST_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\BE.ST_ON_I\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - I:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\BE.ST_ON_I\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - I:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0]  File not found
O4:64bit: - HKLM..\Run: [CDAServer] I:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] I:\Users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager]  File not found
O4 - HKLM..\Run: [APSDaemon] I:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] I:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] I:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BingDesktop] I:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] I:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [facemoods] I:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FreePDF Assistant] I:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Hotkey Utility] I:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] I:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LexwareInfoService] I:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PlayMovie] I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [SfWinStartInfo] I:\Program Files (x86)\SFirm\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [SwitchBoard]  File not found
O4 - HKU\BE.ST_ON_I..\Run: [Akamai NetSession Interface] I:\Users\BE.ST\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\BE.ST_ON_I..\Run: [Device Detector]  File not found
O4 - HKU\BE.ST_ON_I..\Run: [MobileDocuments]  File not found
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [ScrSav] I:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: I:\Users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ()
O4 - Startup: I:\Users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk ()
O4 - Startup: I:\Users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\BE.ST_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - I:\Users\BE.ST\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - I:\Users\BE.ST\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - BE.ST_ON_I\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\BE.ST_ON_I Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\BE.ST_ON_I Winlogon: Shell - (C:\Users\BE.ST\AppData\Roaming\skype.dat) - I:\Users\BE.ST\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/28 04:22:55 | 000,000,000 | ---D | M] - I:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/10 20:38:16 | 000,000,000 | ---D | C] -- I:\_OTL
[2013/05/21 02:16:10 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Mozilla Firefox
[2013/05/16 02:12:45 | 000,000,000 | ---D | C] -- I:\Users\BE.ST\AppData\Local\Telekom
[2013/05/16 02:12:37 | 000,000,000 | ---D | C] -- I:\Users\BE.ST\AppData\Roaming\Telekom
[2013/05/15 11:08:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll
[2013/05/15 11:08:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll
[2013/05/15 11:08:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2013/05/15 11:08:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl
[2013/05/15 11:08:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2013/05/15 11:08:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2013/05/15 11:08:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\url.dll
[2013/05/15 11:08:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2013/05/15 11:08:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2013/05/15 11:08:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieUnatt.exe
[2013/05/15 11:08:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2013/05/15 11:08:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2013/05/15 11:08:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll
[2013/05/15 11:08:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2013/05/15 11:08:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2013/05/15 11:08:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll
[2013/05/15 11:08:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll
[2013/05/15 04:15:37 | 001,930,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\authui.dll
[2013/05/15 04:15:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\authui.dll
[2013/05/15 04:15:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\shdocvw.dll
[2013/05/15 04:15:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\consent.exe
[2013/05/15 04:15:34 | 000,265,064 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 04:15:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\cdd.dll
[2012/01/11 08:10:31 | 000,507,904 | ---- | C] (www.download-sponsor.de) -- I:\Program Files\Downloader-fuer-SETUP_A1-Faktura-Plus.exe
[2011/12/28 05:04:13 | 000,077,236 | ---- | C] (AppWork UG (haftungsbeschränkt)) -- I:\Program Files\jDownloaderWebInstaller09581.exe
[2011/12/28 03:56:40 | 019,298,464 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- I:\Program Files\FreeYouTubeToMP3Converter.exe
[2011/02/23 08:58:58 | 001,228,416 | ---- | C] (Adobe Systems Incorporated) -- I:\Program Files\DesignPremium_CS5_LS4.exe
[2009/08/14 22:24:31 | 000,036,136 | ---- | C] (Oberon Media) -- I:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 12:58:08 | 000,000,004 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\skype.ini
[2013/06/11 12:58:07 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/06/11 12:55:36 | 000,001,104 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 12:55:16 | 000,000,344 | ---- | M] () -- I:\Windows\tasks\RegistryBooster.job
[2013/06/11 12:54:42 | 529,928,191 | -HS- | M] () -- I:\hiberfil.sys
[2013/06/11 07:00:56 | 000,003,344 | ---- | M] () -- I:\bootsqm.dat
[2013/06/10 09:53:00 | 000,001,108 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/10 09:26:00 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 09:22:42 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 09:22:42 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 05:40:44 | 000,571,532 | ---- | M] () -- I:\Users\BE.ST\Desktop\Materialzertifikat.pdf
[2013/05/21 02:17:23 | 000,002,048 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/16 02:12:37 | 000,001,144 | ---- | M] () -- I:\Users\BE.ST\Desktop\Mediencenter.lnk
[2013/05/16 02:12:37 | 000,001,136 | ---- | M] () -- I:\Users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
[2013/05/16 01:48:58 | 005,090,400 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2013/05/15 11:11:19 | 000,832,646 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2013/05/15 11:11:19 | 000,787,358 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2013/05/15 11:11:19 | 000,199,222 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2013/05/15 11:11:19 | 000,172,010 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2013/05/15 09:26:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 09:26:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/06/11 07:00:56 | 000,003,344 | ---- | C] () -- I:\bootsqm.dat
[2013/06/10 09:54:53 | 000,000,004 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\skype.ini
[2013/05/24 05:40:44 | 000,571,532 | ---- | C] () -- I:\Users\BE.ST\Desktop\Materialzertifikat.pdf
[2013/05/16 02:12:37 | 000,001,144 | ---- | C] () -- I:\Users\BE.ST\Desktop\Mediencenter.lnk
[2013/05/16 02:12:37 | 000,001,136 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
[2013/05/16 02:12:37 | 000,001,130 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk
[2012/11/21 08:39:53 | 000,000,322 | ---- | C] () -- I:\Windows\{5D13EC8D-F5A8-47FB-8273-BF969C208F8D}_WiseFW.ini
[2012/10/17 03:21:32 | 000,149,880 | ---- | C] () -- I:\Windows\Wiainst64.exe
[2012/09/25 08:27:01 | 000,000,029 | ---- | C] () -- I:\Windows\hbcikrnl.ini.lock
[2012/09/25 08:18:45 | 000,000,061 | ---- | C] () -- I:\Windows\Setup_tmp.ini
[2012/09/21 02:20:59 | 000,004,096 | -H-- | C] () -- I:\Users\BE.ST\AppData\Local\keyfile3.drm
[2012/08/03 04:36:49 | 000,024,939 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/06/08 03:12:33 | 000,022,433 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2012/06/08 03:09:12 | 000,021,883 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2012/02/14 10:24:07 | 000,000,127 | ---- | C] () -- I:\Windows\APDatabaseUI.INI
[2012/01/20 08:43:30 | 000,000,120 | ---- | C] () -- I:\Windows\APSqlServerUI.INI
[2012/01/16 14:33:20 | 003,535,391 | ---- | C] () -- I:\Program Files\druck7.zip
[2012/01/15 06:52:47 | 000,000,600 | ---- | C] () -- I:\Users\BE.ST\AppData\Local\PUTTY.RND
[2012/01/11 08:13:02 | 000,000,030 | ---- | C] () -- I:\Windows\ehc190.dat
[2012/01/11 08:11:23 | 000,338,432 | ---- | C] () -- I:\Windows\SysWow64\sqlite36_engine.dll
[2012/01/11 02:27:41 | 000,137,216 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\skype.dat
[2011/12/16 03:13:55 | 000,000,302 | ---- | C] () -- I:\Windows\{EF79E2B2-35E7-431B-A51F-8B507F9C647D}_WiseFW.ini
[2011/09/27 06:17:26 | 000,198,144 | ---- | C] () -- I:\Windows\SysWow64\LXPrnUtil10.dll
[2011/09/27 06:16:20 | 000,304,128 | ---- | C] () -- I:\Windows\SysWow64\LxDNT100.dll
[2011/09/27 06:14:14 | 000,133,120 | ---- | C] () -- I:\Windows\SysWow64\LxDNTvmc100.dll
[2011/09/27 06:13:58 | 000,069,120 | ---- | C] () -- I:\Windows\SysWow64\LxDNTvm100.dll
[2011/07/27 13:36:33 | 000,000,000 | ---- | C] () -- I:\Users\BE.ST\AppData\Roaming\wklnhst.dat
[2011/06/24 03:07:33 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/23 08:58:59 | 2328,442,292 | ---- | C] () -- I:\Program Files\DesignPremium_CS5_LS4.7z
[2011/02/22 12:17:14 | 000,091,352 | ---- | C] () -- I:\Program Files\Install Lightroom 3.exe
[2011/02/22 12:17:08 | 000,641,407 | R--- | C] () -- I:\Program Files\Lightroom 3 ReadMe.pdf
[2011/02/01 07:48:08 | 003,507,314 | ---- | C] () -- I:\Program Files\VFF_FkS_CD(2).zip
[2010/07/25 03:26:07 | 001,971,358 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/24 07:23:43 | 000,000,056 | -H-- | C] () -- I:\Windows\SysWow64\ezsidmv.dat
[2010/07/22 03:34:29 | 000,000,144 | ---- | C] () -- I:\Windows\Pcfk32.INI
[2010/07/05 10:06:16 | 000,000,809 | ---- | C] () -- I:\Windows\CADSymbols.ini
[2010/04/01 02:05:40 | 000,000,026 | ---- | C] () -- I:\Windows\WINCMD.INI
[2010/01/21 10:29:41 | 000,009,216 | ---- | C] () -- I:\Users\BE.ST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/04 11:26:34 | 000,022,016 | ---- | C] () -- I:\Windows\SysWow64\Docobj.dll
[2010/01/04 11:03:17 | 000,000,000 | ---- | C] () -- I:\Windows\nsreg.dat
[2010/01/04 10:53:02 | 000,000,503 | ---- | C] () -- I:\Windows\ODBCINST.ini
[2010/01/04 10:01:02 | 000,000,553 | ---- | C] () -- I:\Windows\ODBC.INI
[2009/11/17 11:11:26 | 000,303,104 | ---- | C] () -- I:\Windows\SysWow64\dnt27VC8.dll
[2009/11/17 11:09:36 | 000,143,360 | ---- | C] () -- I:\Windows\SysWow64\dntvmc27VC8.dll
[2009/11/17 11:09:20 | 000,086,016 | ---- | C] () -- I:\Windows\SysWow64\dntvm27VC8.dll
[2009/08/14 22:19:15 | 000,146,432 | ---- | C] () -- I:\Windows\SysWow64\APOMngr.DLL
[2009/08/14 22:19:15 | 000,072,704 | ---- | C] () -- I:\Windows\SysWow64\CmdRtr.DLL
[2009/08/14 22:02:55 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- I:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelFrench.dll
[2005/07/22 23:55:00 | 000,021,747 | ---- | C] () -- I:\Windows\MSTMON_S.INI
[2005/07/22 23:55:00 | 000,019,253 | ---- | C] () -- I:\Windows\MSUMLT_S.INI
[2002/10/21 12:46:42 | 000,053,248 | ---- | C] () -- I:\Windows\SysWow64\pagesync.dll
[2001/12/12 08:41:36 | 000,041,472 | ---- | C] () -- I:\Windows\SysWow64\W32btstp.dll
[2001/12/12 08:41:36 | 000,025,088 | ---- | C] () -- I:\Windows\SysWow64\W32btxlt.dll
[2001/02/14 11:09:16 | 000,045,056 | ---- | C] () -- I:\Windows\SysWow64\CHFXGer.dll
[2000/10/25 12:15:00 | 000,017,920 | ---- | C] () -- I:\Windows\SysWow64\Implode.dll
[1999/09/21 19:00:00 | 000,100,352 | ---- | C] () -- I:\Windows\SysWow64\pg32conv.dll
 
========== LOP Check ==========
 
[2013/04/04 04:26:41 | 000,000,000 | ---D | M] -- I:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2010/01/04 09:45:37 | 000,000,000 | ---D | M] -- I:\ProgramData\ACD Systems
[2009/08/14 22:43:32 | 000,000,000 | ---D | M] -- I:\ProgramData\Acer
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2011/07/28 04:24:00 | 000,000,000 | ---D | M] -- I:\ProgramData\Autodesk
[2009/08/14 22:31:42 | 000,000,000 | ---D | M] -- I:\ProgramData\BackupManager
[2012/09/25 08:28:43 | 000,000,000 | ---D | M] -- I:\ProgramData\bbwin
[2012/02/03 03:44:35 | 000,000,000 | ---D | M] -- I:\ProgramData\BTrieve
[2012/12/12 09:45:34 | 000,000,000 | ---D | M] -- I:\ProgramData\Cached Installations
[2010/01/18 10:27:04 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonBJ
[2012/01/20 08:31:25 | 000,000,000 | ---D | M] -- I:\ProgramData\cobra
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2009/08/14 22:57:20 | 000,000,000 | ---D | M] -- I:\ProgramData\EgisTec
[2011/10/21 06:48:37 | 000,000,000 | ---D | M] -- I:\ProgramData\elsterformular
[2009/08/14 22:55:13 | 000,000,000 | ---D | M] -- I:\ProgramData\eSobi
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2010/01/08 05:41:02 | 000,000,000 | ---D | M] -- I:\ProgramData\FreePDF
[2010/01/04 10:32:04 | 000,000,000 | ---D | M] -- I:\ProgramData\IMSI
[2013/06/10 02:30:49 | 000,000,000 | ---D | M] -- I:\ProgramData\Lexware
[2010/01/04 09:02:38 | 000,000,000 | ---D | M] -- I:\ProgramData\OEM
[2010/07/24 07:11:05 | 000,000,000 | ---D | M] -- I:\ProgramData\Panasonic
[2010/03/26 02:27:17 | 000,000,000 | ---D | M] -- I:\ProgramData\Partner
[2013/02/11 08:37:38 | 000,000,000 | ---D | M] -- I:\ProgramData\regid.1986-12.com.adobe
[2012/10/17 03:22:19 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung
[2012/09/25 08:18:45 | 000,000,000 | ---D | M] -- I:\ProgramData\SFirm LOGS
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2011/07/19 01:21:30 | 000,000,000 | ---D | M] -- I:\ProgramData\Temp
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2012/11/02 04:06:47 | 000,000,000 | ---D | M] -- I:\ProgramData\Windows Home Server
[2010/02/13 17:36:07 | 000,000,000 | ---D | M] -- I:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2011/12/10 17:34:26 | 000,000,000 | ---D | M] -- I:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/01/20 04:11:04 | 000,000,000 | -H-D | M] -- I:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2013/06/11 12:55:16 | 000,000,344 | ---- | M] () -- I:\Windows\Tasks\RegistryBooster.job
[2013/05/06 02:00:51 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/21 13:08:54 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2012/01/11 08:13:59 | 000,000,000 | ---D | M] -- I:\A1-Faktura-Plus
[2011/01/08 11:59:26 | 000,000,000 | -HSD | M] -- I:\ArcBackupDeviceInfo
[2011/07/28 04:22:55 | 000,000,000 | ---D | M] -- I:\Autodesk
[2011/01/12 14:42:28 | 000,000,000 | ---D | M] -- I:\backupLS4B2010
[2009/10/28 05:57:49 | 000,000,000 | ---D | M] -- I:\book
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2009/08/14 22:07:20 | 000,000,000 | ---D | M] -- I:\Intel
[2010/01/05 09:25:43 | 000,000,000 | ---D | M] -- I:\Lexware
[2010/02/01 05:06:21 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2010/01/04 09:02:35 | 000,000,000 | -H-D | M] -- I:\OEM
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2013/04/04 04:26:20 | 000,000,000 | R--D | M] -- I:\Program Files
[2013/05/21 02:17:21 | 000,000,000 | R--D | M] -- I:\Program Files (x86)
[2013/05/16 04:25:33 | 000,000,000 | ---D | M] -- I:\ProgramData
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\Programme
[2010/01/04 09:01:58 | 000,000,000 | -HSD | M] -- I:\Recovery
[2013/06/11 15:26:59 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2011/07/28 05:52:53 | 000,000,000 | R--D | M] -- I:\Users
[2013/06/11 05:19:54 | 000,000,000 | ---D | M] -- I:\Windows
[2012/01/21 03:57:15 | 000,000,000 | ---D | M] -- I:\Windows Home Server-Treiber für Wiederherstellung
[2013/06/10 20:38:16 | 000,000,000 | ---D | M] -- I:\_OTL
 
< %PROGRAMFILES%\*.exe >
[2011/02/23 14:25:38 | 001,228,416 | ---- | M] (Adobe Systems Incorporated) -- I:\Program Files\DesignPremium_CS5_LS4.exe
[2012/01/11 08:10:32 | 000,507,904 | ---- | M] (www.download-sponsor.de) -- I:\Program Files\Downloader-fuer-SETUP_A1-Faktura-Plus.exe
[2011/12/28 03:57:02 | 019,298,464 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- I:\Program Files\FreeYouTubeToMP3Converter.exe
[2010/11/18 16:41:34 | 000,091,352 | ---- | M] () -- I:\Program Files\Install Lightroom 3.exe
[2011/12/28 05:04:13 | 000,077,236 | ---- | M] (AppWork UG (haftungsbeschränkt)) -- I:\Program Files\jDownloaderWebInstaller09581.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/08/07 00:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- I:\Windows Home Server-Treiber für Wiederherstellung\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/08/07 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- I:\Windows\System32\(SYSTEM RESERVED)\Windows Home Server-Treiber für Wiederherstellung\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/08/07 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- I:\Windows\System32\drivers\iaStor.sys
[2009/08/07 00:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- I:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> I:\ProgramData\Temp:F7F48F12
< End of report >
         

Alt 11.06.2013, 14:54   #17
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O20 - HKU\BE.ST_ON_I Winlogon: Shell - (C:\Users\BE.ST\AppData\Roaming\skype.dat) - I:\Users\BE.ST\AppData\Roaming\skype.dat ()
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________

__________________

Alt 11.06.2013, 15:32   #18
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Hier der log

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\BE.ST_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\BE.ST\AppData\Roaming\skype.dat deleted successfully.
I:\Users\BE.ST\AppData\Roaming\skype.dat moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: BE.ST
->Temp folder emptied: 1610810482 bytes
->Temporary Internet Files folder emptied: 168368750 bytes
->Java cache emptied: 23995198 bytes
->FireFox cache emptied: 461268062 bytes
->Flash cache emptied: 42196 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
Total Flash Files Cleaned = 2,160.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: BE.ST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06122013_001611
         
und windows ist auch wieder normal gestartet mit ein paar Verbindungsmeldungen, da der Rechner noch nicht wieder mit dem Internet verbunden ist.
__________________

Alt 11.06.2013, 17:22   #19
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



ok.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 06:40   #20
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



ok, TDSSKiller ist problemlos durchgelaufen und hier ist das log file

Code:
ATTFilter
15:36:19.0464 7156  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:36:19.0480 7156  ============================================================
15:36:19.0480 7156  Current date / time: 2013/06/12 15:36:19.0480
15:36:19.0480 7156  SystemInfo:
15:36:19.0480 7156  
15:36:19.0480 7156  OS Version: 6.1.7601 ServicePack: 1.0
15:36:19.0480 7156  Product type: Workstation
15:36:19.0480 7156  ComputerName: ACER_HB
15:36:19.0480 7156  UserName: BE.ST
15:36:19.0480 7156  Windows directory: C:\Windows
15:36:19.0480 7156  System windows directory: C:\Windows
15:36:19.0480 7156  Running under WOW64
15:36:19.0480 7156  Processor architecture: Intel x64
15:36:19.0480 7156  Number of processors: 8
15:36:19.0480 7156  Page size: 0x1000
15:36:19.0480 7156  Boot type: Normal boot
15:36:19.0480 7156  ============================================================
15:36:20.0135 7156  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:36:20.0151 7156  Drive \Device\Harddisk5\DR5 - Size: 0x3B6000000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x791, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:36:20.0151 7156  ============================================================
15:36:20.0151 7156  \Device\Harddisk0\DR0:
15:36:20.0151 7156  MBR partitions:
15:36:20.0151 7156  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:36:20.0151 7156  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x395E7000
15:36:20.0151 7156  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B019800, BlocksNum 0x396EC800
15:36:20.0151 7156  \Device\Harddisk5\DR5:
15:36:20.0151 7156  MBR partitions:
15:36:20.0151 7156  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x970, BlocksNum 0x1DAF690
15:36:20.0151 7156  ============================================================
15:36:20.0244 7156  C: <-> \Device\Harddisk0\DR0\Partition2
15:36:20.0291 7156  D: <-> \Device\Harddisk0\DR0\Partition3
15:36:20.0291 7156  ============================================================
15:36:20.0291 7156  Initialize success
15:36:20.0291 7156  ============================================================
15:36:32.0631 5628  ============================================================
15:36:32.0631 5628  Scan started
15:36:32.0631 5628  Mode: Manual; 
15:36:32.0631 5628  ============================================================
15:36:33.0505 5628  ================ Scan system memory ========================
15:36:33.0505 5628  System memory - ok
15:36:33.0505 5628  ================ Scan services =============================
15:36:33.0895 5628  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:36:33.0910 5628  1394ohci - ok
15:36:34.0097 5628  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:36:34.0113 5628  ACDaemon - ok
15:36:34.0207 5628  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:36:34.0207 5628  ACPI - ok
15:36:34.0222 5628  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:36:34.0222 5628  AcpiPmi - ok
15:36:34.0378 5628  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:36:34.0378 5628  AdobeARMservice - ok
15:36:34.0550 5628  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:36:34.0597 5628  AdobeFlashPlayerUpdateSvc - ok
15:36:34.0643 5628  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:36:34.0659 5628  adp94xx - ok
15:36:34.0675 5628  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:36:34.0675 5628  adpahci - ok
15:36:34.0706 5628  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:36:34.0706 5628  adpu320 - ok
15:36:34.0737 5628  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:36:34.0737 5628  AeLookupSvc - ok
15:36:34.0846 5628  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:36:34.0862 5628  AFD - ok
15:36:34.0940 5628  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:36:34.0955 5628  agp440 - ok
15:36:35.0377 5628  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
15:36:35.0377 5628  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
15:36:35.0377 5628  Akamai ( HiddenFile.Multi.Generic ) - warning
15:36:35.0377 5628  Akamai - detected HiddenFile.Multi.Generic (1)
15:36:35.0423 5628  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:36:35.0423 5628  ALG - ok
15:36:35.0486 5628  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:36:35.0501 5628  aliide - ok
15:36:35.0517 5628  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:36:35.0517 5628  amdide - ok
15:36:35.0564 5628  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:36:35.0579 5628  AmdK8 - ok
15:36:35.0595 5628  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:36:35.0611 5628  AmdPPM - ok
15:36:35.0642 5628  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:36:35.0657 5628  amdsata - ok
15:36:35.0704 5628  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:36:35.0704 5628  amdsbs - ok
15:36:35.0735 5628  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:36:35.0735 5628  amdxata - ok
15:36:35.0798 5628  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:36:35.0829 5628  AntiVirSchedulerService - ok
15:36:35.0845 5628  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:36:35.0860 5628  AntiVirService - ok
15:36:35.0923 5628  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:36:35.0954 5628  AppID - ok
15:36:35.0985 5628  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:36:36.0032 5628  AppIDSvc - ok
15:36:36.0079 5628  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:36:36.0110 5628  Appinfo - ok
15:36:36.0297 5628  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:36:36.0297 5628  Apple Mobile Device - ok
15:36:36.0344 5628  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:36:36.0344 5628  arc - ok
15:36:36.0359 5628  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:36:36.0375 5628  arcsas - ok
15:36:36.0531 5628  [ 3CE5C5A72ACB0A12B5A02C35550DC1A2 ] arXfrSvc        C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
15:36:36.0531 5628  arXfrSvc - ok
15:36:36.0734 5628  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:36:36.0827 5628  aspnet_state - ok
15:36:36.0874 5628  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:36:36.0874 5628  AsyncMac - ok
15:36:36.0937 5628  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:36:36.0937 5628  atapi - ok
15:36:37.0030 5628  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
15:36:37.0124 5628  atikmdag - ok
15:36:37.0264 5628  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:36:37.0295 5628  AudioEndpointBuilder - ok
15:36:37.0295 5628  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:36:37.0311 5628  AudioSrv - ok
15:36:37.0358 5628  [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
15:36:37.0358 5628  Autodesk Licensing Service - ok
15:36:37.0373 5628  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:36:37.0373 5628  avgntflt - ok
15:36:37.0405 5628  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:36:37.0420 5628  avipbb - ok
15:36:37.0436 5628  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:36:37.0436 5628  avkmgr - ok
15:36:37.0483 5628  [ C51101FC4C4AAB3AF977864A65266DBB ] avmident        C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
15:36:37.0483 5628  avmident - ok
15:36:37.0545 5628  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:36:37.0561 5628  AxInstSV - ok
15:36:37.0592 5628  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:36:37.0592 5628  b06bdrv - ok
15:36:37.0623 5628  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:36:37.0639 5628  b57nd60a - ok
15:36:37.0654 5628  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:36:37.0670 5628  BDESVC - ok
15:36:37.0685 5628  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:36:37.0701 5628  Beep - ok
15:36:37.0826 5628  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:36:37.0857 5628  BFE - ok
15:36:38.0075 5628  [ 85D5E6AC46A2AE4672C1AC813AE45B95 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
15:36:38.0091 5628  BingDesktopUpdate - ok
15:36:38.0263 5628  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:36:38.0263 5628  BITS - ok
15:36:38.0309 5628  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:36:38.0341 5628  blbdrive - ok
15:36:38.0497 5628  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:36:38.0497 5628  Bonjour Service - ok
15:36:38.0543 5628  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:36:38.0559 5628  bowser - ok
15:36:38.0575 5628  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:36:38.0575 5628  BrFiltLo - ok
15:36:38.0590 5628  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:36:38.0590 5628  BrFiltUp - ok
15:36:38.0637 5628  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:36:38.0653 5628  Browser - ok
15:36:38.0668 5628  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:36:38.0684 5628  Brserid - ok
15:36:38.0699 5628  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:36:38.0731 5628  BrSerWdm - ok
15:36:38.0762 5628  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:36:38.0793 5628  BrUsbMdm - ok
15:36:38.0793 5628  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:36:38.0793 5628  BrUsbSer - ok
15:36:38.0809 5628  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:36:38.0809 5628  BTHMODEM - ok
15:36:38.0902 5628  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:36:38.0918 5628  bthserv - ok
15:36:38.0933 5628  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:36:38.0965 5628  cdfs - ok
15:36:39.0011 5628  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:36:39.0043 5628  cdrom - ok
15:36:39.0105 5628  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:36:39.0136 5628  CertPropSvc - ok
15:36:39.0167 5628  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:36:39.0183 5628  circlass - ok
15:36:39.0230 5628  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:36:39.0261 5628  CLFS - ok
15:36:39.0417 5628  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:36:39.0433 5628  clr_optimization_v2.0.50727_32 - ok
15:36:39.0479 5628  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:36:39.0479 5628  clr_optimization_v2.0.50727_64 - ok
15:36:39.0651 5628  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:36:39.0947 5628  clr_optimization_v4.0.30319_32 - ok
15:36:40.0025 5628  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:36:40.0119 5628  clr_optimization_v4.0.30319_64 - ok
15:36:40.0166 5628  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:36:40.0181 5628  CmBatt - ok
15:36:40.0228 5628  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:36:40.0259 5628  cmdide - ok
15:36:40.0337 5628  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:36:40.0369 5628  CNG - ok
15:36:40.0415 5628  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:36:40.0447 5628  Compbatt - ok
15:36:40.0493 5628  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:36:40.0525 5628  CompositeBus - ok
15:36:40.0525 5628  COMSysApp - ok
15:36:40.0556 5628  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:36:40.0587 5628  crcdisk - ok
15:36:40.0681 5628  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:36:40.0727 5628  CryptSvc - ok
15:36:40.0805 5628  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:36:40.0805 5628  DcomLaunch - ok
15:36:40.0837 5628  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:36:40.0837 5628  defragsvc - ok
15:36:41.0024 5628  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:36:41.0055 5628  DfsC - ok
15:36:41.0149 5628  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:36:41.0195 5628  Dhcp - ok
15:36:41.0227 5628  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:36:41.0227 5628  discache - ok
15:36:41.0258 5628  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:36:41.0258 5628  Disk - ok
15:36:41.0305 5628  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:36:41.0305 5628  Dnscache - ok
15:36:41.0398 5628  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:36:41.0429 5628  dot3svc - ok
15:36:41.0445 5628  [ B42ED0320C6E41102FDE0005154849BB ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:36:41.0461 5628  dot4 - ok
15:36:41.0507 5628  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
15:36:41.0523 5628  Dot4Print - ok
15:36:41.0523 5628  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:36:41.0539 5628  dot4usb - ok
15:36:41.0570 5628  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:36:41.0570 5628  DPS - ok
15:36:41.0601 5628  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:36:41.0601 5628  drmkaud - ok
15:36:41.0804 5628  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:36:41.0819 5628  DXGKrnl - ok
15:36:41.0866 5628  [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y62x64.sys
15:36:41.0882 5628  e1yexpress - ok
15:36:41.0897 5628  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:36:41.0897 5628  EapHost - ok
15:36:42.0069 5628  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:36:42.0100 5628  ebdrv - ok
15:36:42.0163 5628  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:36:42.0163 5628  EFS - ok
15:36:42.0428 5628  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:36:42.0443 5628  ehRecvr - ok
15:36:42.0521 5628  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:36:42.0537 5628  ehSched - ok
15:36:42.0631 5628  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:36:42.0662 5628  elxstor - ok
15:36:42.0677 5628  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:36:42.0677 5628  ErrDev - ok
15:36:42.0755 5628  [ C987933DED6EEDD2D0CA66ACC4286632 ] esClient        C:\Program Files\Windows Home Server\esClient.exe
15:36:42.0755 5628  esClient - ok
15:36:42.0802 5628  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:36:42.0818 5628  EventSystem - ok
15:36:42.0833 5628  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:36:42.0849 5628  exfat - ok
15:36:42.0865 5628  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:36:42.0865 5628  fastfat - ok
15:36:43.0021 5628  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:36:43.0052 5628  Fax - ok
15:36:43.0067 5628  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:36:43.0379 5628  fdc - ok
15:36:43.0738 5628  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:36:43.0738 5628  fdPHost - ok
15:36:43.0754 5628  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:36:43.0769 5628  FDResPub - ok
15:36:43.0785 5628  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:36:43.0785 5628  FileInfo - ok
15:36:43.0801 5628  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:36:43.0801 5628  Filetrace - ok
15:36:43.0832 5628  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:36:43.0832 5628  flpydisk - ok
15:36:43.0941 5628  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:36:44.0003 5628  FltMgr - ok
15:36:44.0081 5628  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:36:44.0097 5628  FontCache - ok
15:36:44.0144 5628  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:36:44.0206 5628  FontCache3.0.0.0 - ok
15:36:44.0237 5628  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:36:44.0300 5628  FsDepends - ok
15:36:44.0347 5628  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:36:44.0347 5628  Fs_Rec - ok
15:36:44.0409 5628  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:36:44.0471 5628  fvevol - ok
15:36:44.0503 5628  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:36:44.0565 5628  gagp30kx - ok
15:36:44.0627 5628  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:36:44.0643 5628  GEARAspiWDM - ok
15:36:44.0783 5628  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:36:44.0877 5628  gpsvc - ok
15:36:45.0002 5628  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
15:36:45.0127 5628  Greg_Service - ok
15:36:45.0236 5628  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:36:45.0236 5628  gupdate - ok
15:36:45.0314 5628  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:36:45.0314 5628  gupdatem - ok
15:36:45.0345 5628  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:36:45.0361 5628  gusvc - ok
15:36:45.0407 5628  [ 215DCB833B0747FBAD8AE28C85B5381C ] gwfilt64        C:\Windows\system32\drivers\gwfilt64.sys
15:36:45.0407 5628  gwfilt64 - ok
15:36:45.0439 5628  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:36:45.0439 5628  hcw85cir - ok
15:36:45.0641 5628  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:36:45.0719 5628  HdAudAddService - ok
15:36:45.0735 5628  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:36:45.0751 5628  HDAudBus - ok
15:36:45.0766 5628  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:36:45.0766 5628  HidBatt - ok
15:36:45.0782 5628  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:36:45.0782 5628  HidBth - ok
15:36:45.0813 5628  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:36:45.0813 5628  HidIr - ok
15:36:45.0829 5628  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:36:45.0829 5628  hidserv - ok
15:36:45.0875 5628  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:36:45.0891 5628  HidUsb - ok
15:36:45.0922 5628  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:36:45.0938 5628  hkmsvc - ok
15:36:46.0000 5628  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:36:46.0000 5628  HomeGroupListener - ok
15:36:46.0063 5628  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:36:46.0063 5628  HomeGroupProvider - ok
15:36:46.0125 5628  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:36:46.0125 5628  HpSAMD - ok
15:36:46.0219 5628  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:36:46.0234 5628  HTTP - ok
15:36:46.0281 5628  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:36:46.0281 5628  hwpolicy - ok
15:36:46.0343 5628  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:36:46.0359 5628  i8042prt - ok
15:36:46.0437 5628  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:36:46.0453 5628  IAANTMON - ok
15:36:46.0499 5628  [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE          C:\Windows\system32\DRIVERS\IAMTVE.sys
15:36:46.0499 5628  IAMTVE - ok
15:36:46.0515 5628  [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE         C:\Windows\system32\DRIVERS\IAMTXPE.sys
15:36:46.0515 5628  IAMTXPE - ok
15:36:46.0546 5628  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:36:46.0546 5628  iaStor - ok
15:36:46.0640 5628  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:36:46.0687 5628  iaStorV - ok
15:36:46.0765 5628  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:36:46.0796 5628  idsvc - ok
15:36:46.0905 5628  [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL         C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
15:36:46.0921 5628  IGDCTRL - ok
15:36:47.0014 5628  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:36:47.0014 5628  iirsp - ok
15:36:47.0155 5628  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:36:47.0233 5628  IKEEXT - ok
15:36:47.0373 5628  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:36:47.0404 5628  IntcAzAudAddService - ok
15:36:47.0404 5628  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:36:47.0404 5628  intelide - ok
15:36:47.0435 5628  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:36:47.0435 5628  intelppm - ok
15:36:47.0467 5628  [ 127F0A7586ACEC7B83131BFF2B4394C1 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
15:36:47.0482 5628  ioatdma1 - ok
15:36:47.0482 5628  [ 70CC19B5C076F8497CAB4A77D6500E8A ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
15:36:47.0498 5628  ioatdma2 - ok
15:36:47.0529 5628  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:36:47.0529 5628  IPBusEnum - ok
15:36:47.0576 5628  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:36:47.0591 5628  IpFilterDriver - ok
15:36:47.0638 5628  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:36:47.0654 5628  iphlpsvc - ok
15:36:47.0685 5628  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:36:47.0701 5628  IPMIDRV - ok
15:36:47.0716 5628  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:36:47.0732 5628  IPNAT - ok
15:36:47.0794 5628  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:36:47.0794 5628  iPod Service - ok
15:36:47.0810 5628  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:36:47.0825 5628  IRENUM - ok
15:36:47.0872 5628  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:36:47.0888 5628  isapnp - ok
15:36:47.0888 5628  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:36:47.0903 5628  iScsiPrt - ok
15:36:47.0935 5628  [ 2224ABC439D115A44EDB5630A92C1D7E ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
15:36:47.0935 5628  JRAID - ok
15:36:47.0950 5628  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:36:47.0950 5628  kbdclass - ok
15:36:47.0966 5628  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:36:47.0966 5628  kbdhid - ok
15:36:47.0981 5628  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:36:47.0981 5628  KeyIso - ok
15:36:48.0028 5628  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:36:48.0028 5628  KSecDD - ok
15:36:48.0122 5628  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:36:48.0137 5628  KSecPkg - ok
15:36:48.0169 5628  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:36:48.0169 5628  ksthunk - ok
15:36:48.0184 5628  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:36:48.0200 5628  KtmRm - ok
15:36:48.0247 5628  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:36:48.0278 5628  LanmanServer - ok
15:36:48.0309 5628  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:36:48.0325 5628  LanmanWorkstation - ok
15:36:48.0340 5628  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:36:48.0340 5628  lltdio - ok
15:36:48.0356 5628  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:36:48.0371 5628  lltdsvc - ok
15:36:48.0387 5628  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:36:48.0403 5628  lmhosts - ok
15:36:48.0434 5628  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:36:48.0449 5628  LSI_FC - ok
15:36:48.0465 5628  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:36:48.0481 5628  LSI_SAS - ok
15:36:48.0481 5628  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:36:48.0496 5628  LSI_SAS2 - ok
15:36:48.0496 5628  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:36:48.0512 5628  LSI_SCSI - ok
15:36:48.0527 5628  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:36:48.0527 5628  luafv - ok
15:36:48.0574 5628  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:36:48.0590 5628  Mcx2Svc - ok
15:36:48.0715 5628  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
15:36:48.0777 5628  MDM - ok
15:36:48.0793 5628  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:36:48.0793 5628  megasas - ok
15:36:48.0808 5628  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:36:48.0824 5628  MegaSR - ok
15:36:48.0917 5628  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:36:48.0933 5628  Microsoft Office Groove Audit Service - ok
15:36:48.0964 5628  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:36:48.0964 5628  MMCSS - ok
15:36:49.0011 5628  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:36:49.0042 5628  Modem - ok
15:36:49.0058 5628  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:36:49.0058 5628  monitor - ok
15:36:49.0105 5628  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:36:49.0105 5628  mouclass - ok
15:36:49.0120 5628  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:36:49.0136 5628  mouhid - ok
15:36:49.0183 5628  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:36:49.0183 5628  mountmgr - ok
15:36:49.0292 5628  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:36:49.0307 5628  MozillaMaintenance - ok
15:36:49.0354 5628  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:36:49.0385 5628  mpio - ok
15:36:49.0417 5628  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:36:49.0432 5628  mpsdrv - ok
15:36:49.0588 5628  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:36:49.0651 5628  MpsSvc - ok
15:36:49.0713 5628  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:36:49.0744 5628  MRxDAV - ok
15:36:49.0791 5628  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:36:49.0807 5628  mrxsmb - ok
15:36:49.0853 5628  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:36:49.0853 5628  mrxsmb10 - ok
15:36:49.0869 5628  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:36:49.0869 5628  mrxsmb20 - ok
15:36:49.0916 5628  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:36:49.0931 5628  msahci - ok
15:36:49.0994 5628  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:36:50.0025 5628  msdsm - ok
15:36:50.0041 5628  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:36:50.0041 5628  MSDTC - ok
15:36:50.0072 5628  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:36:50.0072 5628  Msfs - ok
15:36:50.0087 5628  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:36:50.0087 5628  mshidkmdf - ok
15:36:50.0134 5628  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:36:50.0134 5628  msisadrv - ok
15:36:50.0150 5628  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:36:50.0165 5628  MSiSCSI - ok
15:36:50.0165 5628  msiserver - ok
15:36:50.0181 5628  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:36:50.0181 5628  MSKSSRV - ok
15:36:50.0181 5628  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:36:50.0181 5628  MSPCLOCK - ok
15:36:50.0197 5628  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:36:50.0197 5628  MSPQM - ok
15:36:50.0228 5628  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:36:50.0259 5628  MsRPC - ok
15:36:50.0290 5628  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:36:50.0290 5628  mssmbios - ok
15:36:50.0462 5628  MSSQL$COBRA - ok
15:36:50.0727 5628  MSSQL$COMBIT_CRM - ok
15:36:50.0789 5628  [ AE0277B34DC0F8E0F8257690BECFC4BA ] MSSQLFDLauncher$COMBIT_CRM C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\fdlauncher.exe
15:36:50.0789 5628  MSSQLFDLauncher$COMBIT_CRM - ok
15:36:50.0899 5628  [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:36:50.0914 5628  MSSQLServerADHelper100 - ok
15:36:50.0992 5628  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:36:51.0008 5628  MSTEE - ok
15:36:51.0023 5628  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:36:51.0023 5628  MTConfig - ok
15:36:51.0039 5628  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:36:51.0039 5628  Mup - ok
15:36:51.0070 5628  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:36:51.0070 5628  mwlPSDFilter - ok
15:36:51.0086 5628  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:36:51.0086 5628  mwlPSDNServ - ok
15:36:51.0133 5628  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:36:51.0133 5628  mwlPSDVDisk - ok
15:36:51.0226 5628  [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
15:36:51.0242 5628  MWLService - ok
15:36:51.0351 5628  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:36:51.0367 5628  napagent - ok
15:36:51.0476 5628  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:36:51.0523 5628  NativeWifiP - ok
15:36:51.0710 5628  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:36:51.0725 5628  NDIS - ok
15:36:51.0803 5628  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:36:51.0819 5628  NdisCap - ok
15:36:51.0881 5628  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:36:51.0897 5628  NdisTapi - ok
15:36:51.0975 5628  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:36:52.0006 5628  Ndisuio - ok
15:36:52.0037 5628  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:36:52.0069 5628  NdisWan - ok
15:36:52.0147 5628  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:36:52.0162 5628  NDProxy - ok
15:36:52.0459 5628  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:36:52.0599 5628  Nero BackItUp Scheduler 4.0 - ok
15:36:52.0646 5628  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:36:52.0646 5628  NetBIOS - ok
15:36:52.0693 5628  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:36:52.0755 5628  NetBT - ok
15:36:52.0817 5628  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:36:52.0817 5628  Netlogon - ok
15:36:52.0942 5628  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:36:52.0942 5628  Netman - ok
15:36:53.0036 5628  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:53.0192 5628  NetMsmqActivator - ok
15:36:53.0254 5628  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:53.0254 5628  NetPipeActivator - ok
15:36:53.0363 5628  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:36:53.0395 5628  netprofm - ok
15:36:53.0410 5628  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:53.0426 5628  NetTcpActivator - ok
15:36:53.0441 5628  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:53.0441 5628  NetTcpPortSharing - ok
15:36:53.0488 5628  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:36:53.0504 5628  nfrd960 - ok
15:36:53.0597 5628  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:36:53.0613 5628  NlaSvc - ok
15:36:53.0644 5628  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:36:53.0660 5628  Npfs - ok
15:36:53.0707 5628  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:36:53.0707 5628  nsi - ok
15:36:53.0738 5628  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:36:53.0769 5628  nsiproxy - ok
15:36:54.0019 5628  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:36:54.0268 5628  Ntfs - ok
15:36:54.0455 5628  [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:36:54.0471 5628  NTI IScheduleSvc - ok
15:36:54.0533 5628  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:36:54.0533 5628  NTIDrvr - ok
15:36:54.0565 5628  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:36:54.0580 5628  Null - ok
15:36:56.0312 5628  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:36:56.0374 5628  nvlddmkm - ok
15:36:56.0483 5628  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:36:56.0515 5628  nvraid - ok
15:36:56.0608 5628  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:36:56.0655 5628  nvstor - ok
15:36:56.0967 5628  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:36:56.0983 5628  nvsvc - ok
15:36:57.0341 5628  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:36:57.0653 5628  nvUpdatusService - ok
15:36:57.0747 5628  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:36:57.0778 5628  nv_agp - ok
15:36:58.0028 5628  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:36:58.0137 5628  odserv - ok
15:36:58.0153 5628  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:36:58.0199 5628  ohci1394 - ok
15:36:58.0433 5628  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:36:58.0480 5628  ose - ok
15:36:58.0574 5628  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:36:58.0589 5628  p2pimsvc - ok
15:36:58.0745 5628  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:36:58.0777 5628  p2psvc - ok
15:36:58.0839 5628  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:36:58.0855 5628  Parport - ok
15:36:58.0901 5628  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:36:58.0948 5628  partmgr - ok
15:36:59.0042 5628  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:36:59.0057 5628  PcaSvc - ok
15:36:59.0104 5628  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:36:59.0167 5628  pci - ok
15:36:59.0198 5628  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:36:59.0229 5628  pciide - ok
15:36:59.0307 5628  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:36:59.0338 5628  pcmcia - ok
15:36:59.0369 5628  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:36:59.0369 5628  pcw - ok
15:36:59.0510 5628  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:36:59.0588 5628  PEAUTH - ok
15:37:00.0555 5628  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:37:00.0571 5628  PerfHost - ok
15:37:00.0914 5628  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:37:01.0070 5628  pla - ok
15:37:01.0273 5628  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:37:01.0288 5628  PlugPlay - ok
15:37:01.0319 5628  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:37:01.0335 5628  PNRPAutoReg - ok
15:37:01.0397 5628  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:37:01.0413 5628  PNRPsvc - ok
15:37:01.0507 5628  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:37:01.0569 5628  PolicyAgent - ok
15:37:01.0678 5628  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:37:01.0678 5628  Power - ok
15:37:01.0772 5628  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:37:01.0803 5628  PptpMiniport - ok
15:37:01.0865 5628  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:37:01.0897 5628  Processor - ok
15:37:01.0990 5628  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:37:02.0037 5628  ProfSvc - ok
15:37:02.0068 5628  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:37:02.0068 5628  ProtectedStorage - ok
15:37:02.0224 5628  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:37:02.0224 5628  Psched - ok
15:37:02.0521 5628  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:37:02.0599 5628  ql2300 - ok
15:37:02.0645 5628  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:37:02.0677 5628  ql40xx - ok
15:37:02.0770 5628  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:37:02.0817 5628  QWAVE - ok
15:37:02.0879 5628  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:37:02.0911 5628  QWAVEdrv - ok
15:37:02.0926 5628  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:37:02.0957 5628  RasAcd - ok
15:37:03.0067 5628  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:37:03.0098 5628  RasAgileVpn - ok
15:37:03.0191 5628  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:37:03.0285 5628  RasAuto - ok
15:37:03.0332 5628  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:03.0363 5628  Rasl2tp - ok
15:37:03.0503 5628  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:37:03.0550 5628  RasMan - ok
15:37:03.0722 5628  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:03.0753 5628  RasPppoe - ok
15:37:03.0815 5628  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:37:03.0847 5628  RasSstp - ok
15:37:03.0971 5628  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:37:04.0034 5628  rdbss - ok
15:37:04.0096 5628  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:37:04.0112 5628  rdpbus - ok
15:37:04.0174 5628  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:04.0190 5628  RDPCDD - ok
15:37:04.0268 5628  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:37:04.0283 5628  RDPENCDD - ok
15:37:04.0315 5628  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:37:04.0346 5628  RDPREFMP - ok
15:37:04.0455 5628  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:37:04.0486 5628  RdpVideoMiniport - ok
15:37:04.0533 5628  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:37:04.0564 5628  RDPWD - ok
15:37:04.0658 5628  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:37:04.0705 5628  rdyboost - ok
15:37:04.0736 5628  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:37:04.0767 5628  RemoteAccess - ok
15:37:04.0861 5628  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:37:04.0907 5628  RemoteRegistry - ok
15:37:04.0970 5628  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:37:04.0985 5628  RpcEptMapper - ok
15:37:05.0048 5628  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:37:05.0079 5628  RpcLocator - ok
15:37:05.0141 5628  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:37:05.0141 5628  RpcSs - ok
15:37:05.0251 5628  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:37:05.0282 5628  rspndr - ok
15:37:05.0313 5628  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:37:05.0313 5628  SamSs - ok
15:37:05.0781 5628  [ 6090BCB4345D615070D3155A0A2EB60F ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
15:37:05.0906 5628  Samsung Network Fax Server - ok
15:37:05.0937 5628  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:37:05.0953 5628  sbp2port - ok
15:37:06.0046 5628  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:37:06.0155 5628  SCardSvr - ok
15:37:06.0187 5628  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:37:06.0202 5628  scfilter - ok
15:37:06.0499 5628  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:37:06.0623 5628  Schedule - ok
15:37:06.0655 5628  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:37:06.0655 5628  SCPolicySvc - ok
15:37:06.0733 5628  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:37:06.0764 5628  SDRSVC - ok
15:37:07.0107 5628  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
15:37:07.0107 5628  SearchAnonymizer - ok
15:37:07.0232 5628  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:37:07.0247 5628  secdrv - ok
15:37:07.0294 5628  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:37:07.0325 5628  seclogon - ok
15:37:07.0388 5628  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:37:07.0388 5628  SENS - ok
15:37:07.0450 5628  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:37:07.0466 5628  SensrSvc - ok
15:37:07.0559 5628  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:37:07.0591 5628  Serenum - ok
15:37:07.0684 5628  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:37:07.0715 5628  Serial - ok
15:37:07.0793 5628  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:37:07.0809 5628  sermouse - ok
15:37:07.0840 5628  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:37:07.0840 5628  SessionEnv - ok
15:37:07.0887 5628  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:37:07.0918 5628  sffdisk - ok
15:37:07.0949 5628  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:37:07.0965 5628  sffp_mmc - ok
15:37:07.0996 5628  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:37:08.0012 5628  sffp_sd - ok
15:37:08.0090 5628  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:37:08.0105 5628  sfloppy - ok
15:37:08.0230 5628  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:37:08.0277 5628  SharedAccess - ok
15:37:08.0386 5628  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:37:08.0386 5628  ShellHWDetection - ok
15:37:08.0480 5628  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:37:08.0511 5628  SiSRaid2 - ok
15:37:08.0527 5628  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:37:08.0558 5628  SiSRaid4 - ok
15:37:09.0619 5628  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:37:09.0697 5628  Skype C2C Service - ok
15:37:09.0962 5628  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:37:09.0962 5628  SkypeUpdate - ok
15:37:10.0055 5628  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:37:10.0071 5628  Smb - ok
15:37:10.0133 5628  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:37:10.0165 5628  SNMPTRAP - ok
15:37:10.0180 5628  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:37:10.0196 5628  spldr - ok
15:37:10.0352 5628  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:37:10.0367 5628  Spooler - ok
15:37:11.0303 5628  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:37:11.0397 5628  sppsvc - ok
15:37:11.0459 5628  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:37:11.0491 5628  sppuinotify - ok
15:37:11.0803 5628  [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$COBRA  C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.COBRA\MSSQL\Binn\SQLAGENT.EXE
15:37:11.0865 5628  SQLAgent$COBRA - ok
15:37:12.0239 5628  [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$COMBIT_CRM C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\SQLAGENT.EXE
15:37:12.0317 5628  SQLAgent$COMBIT_CRM - ok
15:37:12.0411 5628  [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:37:12.0427 5628  SQLBrowser - ok
15:37:12.0661 5628  [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:37:12.0661 5628  SQLWriter - ok
15:37:12.0817 5628  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:37:12.0832 5628  srv - ok
15:37:12.0988 5628  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:37:13.0004 5628  srv2 - ok
15:37:13.0051 5628  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:37:13.0097 5628  srvnet - ok
15:37:13.0207 5628  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:37:13.0207 5628  SSDPSRV - ok
15:37:13.0331 5628  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
15:37:13.0347 5628  SSPORT - ok
15:37:13.0378 5628  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:37:13.0394 5628  SstpSvc - ok
15:37:13.0659 5628  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:37:13.0675 5628  Stereo Service - ok
15:37:13.0737 5628  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:37:13.0815 5628  stexstor - ok
15:37:13.0987 5628  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:37:14.0002 5628  stisvc - ok
15:37:14.0065 5628  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:37:14.0065 5628  swenum - ok
15:37:14.0314 5628  SwitchBoard - ok
15:37:14.0455 5628  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:37:14.0595 5628  swprv - ok
15:37:14.0938 5628  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:37:14.0985 5628  SysMain - ok
15:37:15.0032 5628  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:37:15.0063 5628  TabletInputService - ok
15:37:15.0141 5628  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:37:15.0297 5628  TapiSrv - ok
15:37:15.0359 5628  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:37:15.0359 5628  TBS - ok
15:37:16.0171 5628  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:37:17.0450 5628  Tcpip - ok
15:37:18.0261 5628  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:37:18.0261 5628  TCPIP6 - ok
15:37:18.0339 5628  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:37:18.0370 5628  tcpipreg - ok
15:37:18.0417 5628  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:37:18.0495 5628  TDPIPE - ok
15:37:18.0557 5628  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:37:18.0651 5628  TDTCP - ok
15:37:18.0729 5628  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:37:18.0776 5628  tdx - ok
15:37:19.0010 5628  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:37:19.0010 5628  TermDD - ok
15:37:19.0478 5628  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:37:19.0587 5628  TermService - ok
15:37:19.0681 5628  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:37:19.0805 5628  Themes - ok
15:37:19.0993 5628  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:37:19.0993 5628  THREADORDER - ok
15:37:20.0102 5628  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:37:20.0117 5628  TrkWks - ok
15:37:20.0523 5628  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:37:20.0663 5628  TrustedInstaller - ok
15:37:20.0819 5628  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:20.0975 5628  tssecsrv - ok
15:37:21.0163 5628  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:37:21.0287 5628  TsUsbFlt - ok
15:37:21.0428 5628  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:37:21.0521 5628  tunnel - ok
15:37:21.0553 5628  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:37:21.0646 5628  uagp35 - ok
15:37:21.0740 5628  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:37:21.0755 5628  UBHelper - ok
15:37:21.0865 5628  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:37:22.0099 5628  udfs - ok
15:37:22.0177 5628  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:37:22.0208 5628  UI0Detect - ok
15:37:22.0286 5628  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:37:22.0348 5628  uliagpkx - ok
15:37:22.0473 5628  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:37:22.0535 5628  umbus - ok
15:37:22.0613 5628  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:37:22.0645 5628  UmPass - ok
15:37:22.0785 5628  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:37:22.0879 5628  Updater Service - ok
15:37:22.0988 5628  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:37:23.0097 5628  upnphost - ok
15:37:23.0159 5628  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:37:23.0253 5628  USBAAPL64 - ok
15:37:23.0300 5628  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:23.0378 5628  usbccgp - ok
15:37:23.0487 5628  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:37:23.0518 5628  usbcir - ok
15:37:23.0565 5628  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:37:23.0674 5628  usbehci - ok
15:37:23.0783 5628  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:37:24.0033 5628  usbhub - ok
15:37:24.0361 5628  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:37:24.0548 5628  usbohci - ok
15:37:24.0735 5628  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:37:24.0782 5628  usbprint - ok
15:37:24.0891 5628  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:37:25.0125 5628  usbscan - ok
15:37:25.0172 5628  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:25.0172 5628  USBSTOR - ok
15:37:25.0234 5628  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:37:25.0297 5628  usbuhci - ok
15:37:25.0484 5628  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:37:25.0531 5628  usbvideo - ok
15:37:25.0593 5628  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:37:25.0593 5628  UxSms - ok
15:37:25.0640 5628  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:37:25.0640 5628  VaultSvc - ok
15:37:25.0718 5628  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:37:25.0718 5628  vdrvroot - ok
15:37:25.0905 5628  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:37:25.0952 5628  vds - ok
15:37:26.0061 5628  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:26.0077 5628  vga - ok
15:37:26.0108 5628  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:37:26.0123 5628  VgaSave - ok
15:37:26.0155 5628  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:37:26.0201 5628  vhdmp - ok
15:37:26.0279 5628  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:37:26.0295 5628  viaide - ok
15:37:26.0357 5628  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:37:26.0389 5628  volmgr - ok
15:37:26.0513 5628  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:37:26.0591 5628  volmgrx - ok
15:37:26.0669 5628  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:37:26.0685 5628  volsnap - ok
15:37:26.0825 5628  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:37:26.0857 5628  vsmraid - ok
15:37:27.0231 5628  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:37:27.0325 5628  VSS - ok
15:37:27.0356 5628  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:37:27.0387 5628  vwifibus - ok
15:37:27.0512 5628  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:37:27.0527 5628  W32Time - ok
15:37:27.0590 5628  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:37:27.0621 5628  WacomPen - ok
15:37:27.0715 5628  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:37:27.0746 5628  WANARP - ok
15:37:27.0746 5628  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:37:27.0746 5628  Wanarpv6 - ok
15:37:28.0058 5628  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:37:28.0151 5628  WatAdminSvc - ok
15:37:28.0448 5628  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:37:28.0541 5628  wbengine - ok
15:37:28.0635 5628  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:37:28.0666 5628  WbioSrvc - ok
15:37:28.0791 5628  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:37:28.0807 5628  wcncsvc - ok
15:37:28.0838 5628  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:37:28.0869 5628  WcsPlugInService - ok
15:37:28.0900 5628  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:37:28.0963 5628  Wd - ok
15:37:29.0212 5628  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:37:29.0306 5628  Wdf01000 - ok
15:37:29.0353 5628  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:37:29.0353 5628  WdiServiceHost - ok
15:37:29.0368 5628  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:37:29.0368 5628  WdiSystemHost - ok
15:37:29.0431 5628  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:37:29.0477 5628  WebClient - ok
15:37:29.0540 5628  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:37:29.0571 5628  Wecsvc - ok
15:37:29.0633 5628  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:37:29.0633 5628  wercplsupport - ok
15:37:29.0711 5628  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:37:29.0711 5628  WerSvc - ok
15:37:29.0789 5628  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:29.0805 5628  WfpLwf - ok
15:37:30.0133 5628  [ DE35BD336FD1E6AFAC0578DF221A7C0C ] WHSConnector    C:\Program Files\Windows Home Server\WHSConnector.exe
15:37:30.0133 5628  WHSConnector - ok
15:37:30.0179 5628  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:37:30.0211 5628  WIMMount - ok
15:37:30.0273 5628  WinDefend - ok
15:37:30.0273 5628  WinHttpAutoProxySvc - ok
15:37:30.0554 5628  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:37:30.0585 5628  Winmgmt - ok
15:37:31.0022 5628  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:37:31.0162 5628  WinRM - ok
15:37:31.0334 5628  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:31.0349 5628  WinUsb - ok
15:37:31.0552 5628  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:37:31.0615 5628  Wlansvc - ok
15:37:31.0693 5628  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:37:31.0693 5628  WmiAcpi - ok
15:37:31.0771 5628  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:37:31.0802 5628  wmiApSrv - ok
15:37:31.0895 5628  WMPNetworkSvc - ok
15:37:32.0020 5628  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:37:32.0036 5628  WPCSvc - ok
15:37:32.0083 5628  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:37:32.0098 5628  WPDBusEnum - ok
15:37:32.0161 5628  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:37:32.0176 5628  ws2ifsl - ok
15:37:32.0207 5628  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:37:32.0223 5628  wscsvc - ok
15:37:32.0332 5628  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:37:32.0348 5628  WSDPrintDevice - ok
15:37:32.0379 5628  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
15:37:32.0379 5628  WSDScan - ok
15:37:32.0379 5628  WSearch - ok
15:37:33.0112 5628  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:37:33.0237 5628  wuauserv - ok
15:37:33.0268 5628  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:37:33.0299 5628  WudfPf - ok
15:37:33.0409 5628  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:33.0424 5628  WUDFRd - ok
15:37:33.0487 5628  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:37:33.0502 5628  wudfsvc - ok
15:37:33.0611 5628  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:37:33.0627 5628  WwanSvc - ok
15:37:33.0658 5628  ================ Scan global ===============================
15:37:33.0674 5628  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:37:33.0783 5628  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:37:33.0814 5628  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:37:33.0877 5628  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:37:34.0017 5628  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:37:34.0017 5628  [Global] - ok
15:37:34.0017 5628  ================ Scan MBR ==================================
15:37:34.0048 5628  [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
15:37:35.0780 5628  \Device\Harddisk0\DR0 - ok
15:37:35.0795 5628  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
15:37:35.0795 5628  \Device\Harddisk5\DR5 - ok
15:37:35.0795 5628  ================ Scan VBR ==================================
15:37:35.0811 5628  [ D9187D8DCA160E389C636A5C7F6493D2 ] \Device\Harddisk0\DR0\Partition1
15:37:35.0842 5628  \Device\Harddisk0\DR0\Partition1 - ok
15:37:35.0873 5628  [ F7F16ACFDAA13D7586E56B31EEF1143F ] \Device\Harddisk0\DR0\Partition2
15:37:35.0889 5628  \Device\Harddisk0\DR0\Partition2 - ok
15:37:35.0905 5628  [ 30F49E5251F60B4FAAB4099FF25DB7DC ] \Device\Harddisk0\DR0\Partition3
15:37:35.0967 5628  \Device\Harddisk0\DR0\Partition3 - ok
15:37:35.0967 5628  [ A7D0F3F4F21718218D021D1E1A52F896 ] \Device\Harddisk5\DR5\Partition1
15:37:35.0967 5628  \Device\Harddisk5\DR5\Partition1 - ok
15:37:35.0967 5628  ============================================================
15:37:35.0967 5628  Scan finished
15:37:35.0967 5628  ============================================================
15:37:35.0983 5052  Detected object count: 1
15:37:35.0983 5052  Actual detected object count: 1
15:38:07.0791 5052  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:38:07.0791 5052  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
15:38:18.0415 7060  Deinitialize success
         


Alt 12.06.2013, 10:56   #21
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



tdss killer nach Anleitung konfigurieren, erneut scannen.
__________________
--> GVU Trojaner auf Windows7 64bit

Alt 12.06.2013, 11:22   #22
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Gut, jetzt mit den gesetzten Haken

Code:
ATTFilter
20:17:38.0930 6204  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:17:38.0930 6204  ============================================================
20:17:38.0930 6204  Current date / time: 2013/06/12 20:17:38.0930
20:17:38.0930 6204  SystemInfo:
20:17:38.0930 6204  
20:17:38.0930 6204  OS Version: 6.1.7601 ServicePack: 1.0
20:17:38.0930 6204  Product type: Workstation
20:17:38.0930 6204  ComputerName: ACER_HB
20:17:38.0930 6204  UserName: BE.ST
20:17:38.0930 6204  Windows directory: C:\Windows
20:17:38.0930 6204  System windows directory: C:\Windows
20:17:38.0930 6204  Running under WOW64
20:17:38.0930 6204  Processor architecture: Intel x64
20:17:38.0930 6204  Number of processors: 8
20:17:38.0930 6204  Page size: 0x1000
20:17:38.0930 6204  Boot type: Normal boot
20:17:38.0930 6204  ============================================================
20:17:39.0491 6204  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:17:39.0507 6204  ============================================================
20:17:39.0507 6204  \Device\Harddisk0\DR0:
20:17:39.0507 6204  MBR partitions:
20:17:39.0507 6204  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
20:17:39.0507 6204  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x395E7000
20:17:39.0507 6204  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B019800, BlocksNum 0x396EC800
20:17:39.0507 6204  ============================================================
20:17:39.0554 6204  C: <-> \Device\Harddisk0\DR0\Partition2
20:17:39.0600 6204  D: <-> \Device\Harddisk0\DR0\Partition3
20:17:39.0600 6204  ============================================================
20:17:39.0600 6204  Initialize success
20:17:39.0600 6204  ============================================================
20:17:56.0870 3016  ============================================================
20:17:56.0870 3016  Scan started
20:17:56.0870 3016  Mode: Manual; SigCheck; TDLFS; 
20:17:56.0870 3016  ============================================================
20:17:57.0540 3016  ================ Scan system memory ========================
20:17:57.0540 3016  System memory - ok
20:17:57.0540 3016  ================ Scan services =============================
20:17:57.0696 3016  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:17:57.0774 3016  1394ohci - ok
20:17:57.0899 3016  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:17:57.0930 3016  ACDaemon - ok
20:17:57.0977 3016  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:17:57.0993 3016  ACPI - ok
20:17:58.0040 3016  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:17:58.0086 3016  AcpiPmi - ok
20:17:58.0211 3016  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:17:58.0227 3016  AdobeARMservice - ok
20:17:58.0352 3016  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:17:58.0352 3016  AdobeFlashPlayerUpdateSvc - ok
20:17:58.0430 3016  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:17:58.0430 3016  adp94xx - ok
20:17:58.0461 3016  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:17:58.0476 3016  adpahci - ok
20:17:58.0492 3016  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:17:58.0508 3016  adpu320 - ok
20:17:58.0539 3016  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:17:58.0632 3016  AeLookupSvc - ok
20:17:58.0695 3016  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:17:58.0773 3016  AFD - ok
20:17:58.0835 3016  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:17:58.0851 3016  agp440 - ok
20:17:59.0022 3016  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
20:17:59.0022 3016  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
20:17:59.0022 3016  Akamai ( HiddenFile.Multi.Generic ) - warning
20:17:59.0022 3016  Akamai - detected HiddenFile.Multi.Generic (1)
20:17:59.0069 3016  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:17:59.0132 3016  ALG - ok
20:17:59.0178 3016  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:17:59.0194 3016  aliide - ok
20:17:59.0225 3016  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:17:59.0241 3016  amdide - ok
20:17:59.0272 3016  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:17:59.0303 3016  AmdK8 - ok
20:17:59.0334 3016  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:17:59.0366 3016  AmdPPM - ok
20:17:59.0412 3016  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:17:59.0428 3016  amdsata - ok
20:17:59.0506 3016  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:17:59.0506 3016  amdsbs - ok
20:17:59.0553 3016  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:17:59.0553 3016  amdxata - ok
20:17:59.0631 3016  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:17:59.0631 3016  AntiVirSchedulerService - ok
20:17:59.0662 3016  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:17:59.0678 3016  AntiVirService - ok
20:17:59.0724 3016  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:17:59.0818 3016  AppID - ok
20:17:59.0834 3016  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:17:59.0865 3016  AppIDSvc - ok
20:17:59.0912 3016  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:17:59.0943 3016  Appinfo - ok
20:18:00.0052 3016  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:18:00.0068 3016  Apple Mobile Device - ok
20:18:00.0099 3016  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:18:00.0114 3016  arc - ok
20:18:00.0114 3016  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:18:00.0130 3016  arcsas - ok
20:18:00.0255 3016  [ 3CE5C5A72ACB0A12B5A02C35550DC1A2 ] arXfrSvc        C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
20:18:00.0270 3016  arXfrSvc - ok
20:18:00.0395 3016  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:18:00.0395 3016  aspnet_state - ok
20:18:00.0411 3016  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:18:00.0458 3016  AsyncMac - ok
20:18:00.0520 3016  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:18:00.0536 3016  atapi - ok
20:18:00.0614 3016  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
20:18:00.0723 3016  atikmdag - ok
20:18:00.0816 3016  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:18:00.0879 3016  AudioEndpointBuilder - ok
20:18:00.0894 3016  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:18:00.0926 3016  AudioSrv - ok
20:18:00.0972 3016  [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
20:18:00.0988 3016  Autodesk Licensing Service - ok
20:18:00.0988 3016  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:18:01.0004 3016  avgntflt - ok
20:18:01.0035 3016  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:18:01.0050 3016  avipbb - ok
20:18:01.0082 3016  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:18:01.0082 3016  avkmgr - ok
20:18:01.0113 3016  [ C51101FC4C4AAB3AF977864A65266DBB ] avmident        C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
20:18:01.0128 3016  avmident - ok
20:18:01.0175 3016  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:18:01.0238 3016  AxInstSV - ok
20:18:01.0300 3016  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:18:01.0378 3016  b06bdrv - ok
20:18:01.0425 3016  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:18:01.0456 3016  b57nd60a - ok
20:18:01.0503 3016  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:18:01.0518 3016  BDESVC - ok
20:18:01.0565 3016  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:18:01.0596 3016  Beep - ok
20:18:01.0674 3016  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:18:01.0721 3016  BFE - ok
20:18:01.0846 3016  [ 85D5E6AC46A2AE4672C1AC813AE45B95 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
20:18:01.0862 3016  BingDesktopUpdate - ok
20:18:01.0908 3016  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:18:01.0971 3016  BITS - ok
20:18:01.0986 3016  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:18:02.0002 3016  blbdrive - ok
20:18:02.0080 3016  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:18:02.0096 3016  Bonjour Service - ok
20:18:02.0158 3016  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:18:02.0174 3016  bowser - ok
20:18:02.0189 3016  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:18:02.0236 3016  BrFiltLo - ok
20:18:02.0252 3016  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:18:02.0252 3016  BrFiltUp - ok
20:18:02.0298 3016  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:18:02.0330 3016  Browser - ok
20:18:02.0361 3016  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:18:02.0408 3016  Brserid - ok
20:18:02.0454 3016  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:18:02.0501 3016  BrSerWdm - ok
20:18:02.0532 3016  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:18:02.0610 3016  BrUsbMdm - ok
20:18:02.0610 3016  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:18:02.0657 3016  BrUsbSer - ok
20:18:02.0688 3016  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:18:02.0704 3016  BTHMODEM - ok
20:18:02.0735 3016  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:18:02.0798 3016  bthserv - ok
20:18:02.0844 3016  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:18:02.0876 3016  cdfs - ok
20:18:02.0938 3016  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:18:02.0954 3016  cdrom - ok
20:18:03.0016 3016  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:18:03.0047 3016  CertPropSvc - ok
20:18:03.0078 3016  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:18:03.0094 3016  circlass - ok
20:18:03.0125 3016  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:18:03.0141 3016  CLFS - ok
20:18:03.0203 3016  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:03.0219 3016  clr_optimization_v2.0.50727_32 - ok
20:18:03.0266 3016  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:18:03.0266 3016  clr_optimization_v2.0.50727_64 - ok
20:18:03.0406 3016  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:18:03.0406 3016  clr_optimization_v4.0.30319_32 - ok
20:18:03.0422 3016  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:18:03.0437 3016  clr_optimization_v4.0.30319_64 - ok
20:18:03.0453 3016  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:18:03.0484 3016  CmBatt - ok
20:18:03.0515 3016  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:18:03.0531 3016  cmdide - ok
20:18:03.0578 3016  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:18:03.0609 3016  CNG - ok
20:18:03.0609 3016  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:18:03.0624 3016  Compbatt - ok
20:18:03.0640 3016  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:18:03.0640 3016  CompositeBus - ok
20:18:03.0656 3016  COMSysApp - ok
20:18:03.0687 3016  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:18:03.0702 3016  crcdisk - ok
20:18:03.0749 3016  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:18:03.0812 3016  CryptSvc - ok
20:18:03.0858 3016  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:18:03.0921 3016  DcomLaunch - ok
20:18:03.0968 3016  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:18:04.0014 3016  defragsvc - ok
20:18:04.0046 3016  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:18:04.0077 3016  DfsC - ok
20:18:04.0124 3016  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:18:04.0186 3016  Dhcp - ok
20:18:04.0248 3016  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:18:04.0295 3016  discache - ok
20:18:04.0342 3016  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:18:04.0342 3016  Disk - ok
20:18:04.0389 3016  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:18:04.0482 3016  Dnscache - ok
20:18:04.0545 3016  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:18:04.0592 3016  dot3svc - ok
20:18:04.0623 3016  [ B42ED0320C6E41102FDE0005154849BB ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:18:04.0638 3016  dot4 - ok
20:18:04.0685 3016  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
20:18:04.0701 3016  Dot4Print - ok
20:18:04.0732 3016  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:18:04.0748 3016  dot4usb - ok
20:18:04.0794 3016  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:18:04.0810 3016  DPS - ok
20:18:04.0857 3016  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:18:04.0857 3016  drmkaud - ok
20:18:04.0935 3016  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:18:04.0950 3016  DXGKrnl - ok
20:18:04.0997 3016  [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y62x64.sys
20:18:05.0013 3016  e1yexpress - ok
20:18:05.0028 3016  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:18:05.0060 3016  EapHost - ok
20:18:05.0138 3016  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:18:05.0184 3016  ebdrv - ok
20:18:05.0231 3016  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:18:05.0278 3016  EFS - ok
20:18:05.0340 3016  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:18:05.0387 3016  ehRecvr - ok
20:18:05.0434 3016  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:18:05.0450 3016  ehSched - ok
20:18:05.0528 3016  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:18:05.0543 3016  elxstor - ok
20:18:05.0559 3016  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:18:05.0574 3016  ErrDev - ok
20:18:05.0637 3016  [ C987933DED6EEDD2D0CA66ACC4286632 ] esClient        C:\Program Files\Windows Home Server\esClient.exe
20:18:05.0637 3016  esClient - ok
20:18:05.0668 3016  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:18:05.0699 3016  EventSystem - ok
20:18:05.0746 3016  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:18:05.0777 3016  exfat - ok
20:18:05.0808 3016  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:18:05.0855 3016  fastfat - ok
20:18:05.0918 3016  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:18:05.0964 3016  Fax - ok
20:18:05.0996 3016  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:18:05.0996 3016  fdc - ok
20:18:06.0011 3016  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:18:06.0074 3016  fdPHost - ok
20:18:06.0074 3016  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:18:06.0105 3016  FDResPub - ok
20:18:06.0120 3016  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:18:06.0136 3016  FileInfo - ok
20:18:06.0136 3016  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:18:06.0183 3016  Filetrace - ok
20:18:06.0214 3016  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:18:06.0214 3016  flpydisk - ok
20:18:06.0276 3016  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:18:06.0276 3016  FltMgr - ok
20:18:06.0339 3016  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:18:06.0370 3016  FontCache - ok
20:18:06.0432 3016  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:18:06.0432 3016  FontCache3.0.0.0 - ok
20:18:06.0448 3016  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:18:06.0464 3016  FsDepends - ok
20:18:06.0510 3016  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:18:06.0510 3016  Fs_Rec - ok
20:18:06.0557 3016  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:18:06.0573 3016  fvevol - ok
20:18:06.0604 3016  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:18:06.0620 3016  gagp30kx - ok
20:18:06.0682 3016  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:18:06.0682 3016  GEARAspiWDM - ok
20:18:06.0744 3016  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:18:06.0776 3016  gpsvc - ok
20:18:06.0822 3016  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
20:18:06.0854 3016  Greg_Service - ok
20:18:06.0900 3016  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:18:06.0900 3016  gupdate - ok
20:18:06.0916 3016  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:18:06.0932 3016  gupdatem - ok
20:18:06.0963 3016  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:18:06.0963 3016  gusvc - ok
20:18:06.0994 3016  [ 215DCB833B0747FBAD8AE28C85B5381C ] gwfilt64        C:\Windows\system32\drivers\gwfilt64.sys
20:18:06.0994 3016  gwfilt64 - ok
20:18:07.0025 3016  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:18:07.0056 3016  hcw85cir - ok
20:18:07.0119 3016  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:18:07.0150 3016  HdAudAddService - ok
20:18:07.0181 3016  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:18:07.0181 3016  HDAudBus - ok
20:18:07.0197 3016  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:18:07.0212 3016  HidBatt - ok
20:18:07.0228 3016  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:18:07.0228 3016  HidBth - ok
20:18:07.0244 3016  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:18:07.0290 3016  HidIr - ok
20:18:07.0306 3016  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:18:07.0353 3016  hidserv - ok
20:18:07.0415 3016  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:18:07.0415 3016  HidUsb - ok
20:18:07.0462 3016  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:18:07.0509 3016  hkmsvc - ok
20:18:07.0556 3016  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:18:07.0556 3016  HomeGroupListener - ok
20:18:07.0602 3016  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:18:07.0618 3016  HomeGroupProvider - ok
20:18:07.0634 3016  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:18:07.0649 3016  HpSAMD - ok
20:18:07.0712 3016  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:18:07.0743 3016  HTTP - ok
20:18:07.0758 3016  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:18:07.0758 3016  hwpolicy - ok
20:18:07.0821 3016  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:18:07.0821 3016  i8042prt - ok
20:18:07.0868 3016  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:18:07.0883 3016  IAANTMON - ok
20:18:07.0914 3016  [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE          C:\Windows\system32\DRIVERS\IAMTVE.sys
20:18:07.0914 3016  IAMTVE - ok
20:18:07.0930 3016  [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE         C:\Windows\system32\DRIVERS\IAMTXPE.sys
20:18:07.0946 3016  IAMTXPE - ok
20:18:07.0961 3016  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:18:07.0977 3016  iaStor - ok
20:18:07.0992 3016  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:18:08.0008 3016  iaStorV - ok
20:18:08.0070 3016  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:18:08.0086 3016  idsvc - ok
20:18:08.0164 3016  [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL         C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
20:18:08.0164 3016  IGDCTRL - ok
20:18:08.0195 3016  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:18:08.0195 3016  iirsp - ok
20:18:08.0258 3016  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:18:08.0304 3016  IKEEXT - ok
20:18:08.0367 3016  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:18:08.0398 3016  IntcAzAudAddService - ok
20:18:08.0414 3016  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:18:08.0429 3016  intelide - ok
20:18:08.0460 3016  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:18:08.0460 3016  intelppm - ok
20:18:08.0492 3016  [ 127F0A7586ACEC7B83131BFF2B4394C1 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
20:18:08.0492 3016  ioatdma1 - ok
20:18:08.0507 3016  [ 70CC19B5C076F8497CAB4A77D6500E8A ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
20:18:08.0507 3016  ioatdma2 - ok
20:18:08.0538 3016  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:18:08.0570 3016  IPBusEnum - ok
20:18:08.0616 3016  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:18:08.0648 3016  IpFilterDriver - ok
20:18:08.0710 3016  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:18:08.0757 3016  iphlpsvc - ok
20:18:08.0788 3016  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:18:08.0819 3016  IPMIDRV - ok
20:18:08.0850 3016  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:18:08.0882 3016  IPNAT - ok
20:18:08.0928 3016  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:18:08.0944 3016  iPod Service - ok
20:18:08.0960 3016  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:18:09.0006 3016  IRENUM - ok
20:18:09.0053 3016  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:18:09.0069 3016  isapnp - ok
20:18:09.0100 3016  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:18:09.0116 3016  iScsiPrt - ok
20:18:09.0131 3016  [ 2224ABC439D115A44EDB5630A92C1D7E ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
20:18:09.0178 3016  JRAID - ok
20:18:09.0194 3016  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:18:09.0209 3016  kbdclass - ok
20:18:09.0209 3016  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:18:09.0240 3016  kbdhid - ok
20:18:09.0272 3016  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:18:09.0272 3016  KeyIso - ok
20:18:09.0318 3016  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:18:09.0318 3016  KSecDD - ok
20:18:09.0350 3016  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:18:09.0350 3016  KSecPkg - ok
20:18:09.0381 3016  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:18:09.0412 3016  ksthunk - ok
20:18:09.0443 3016  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:18:09.0474 3016  KtmRm - ok
20:18:09.0521 3016  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:18:09.0552 3016  LanmanServer - ok
20:18:09.0599 3016  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:18:09.0646 3016  LanmanWorkstation - ok
20:18:09.0677 3016  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:18:09.0708 3016  lltdio - ok
20:18:09.0724 3016  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:18:09.0771 3016  lltdsvc - ok
20:18:09.0786 3016  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:18:09.0818 3016  lmhosts - ok
20:18:09.0833 3016  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:18:09.0849 3016  LSI_FC - ok
20:18:09.0864 3016  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:18:09.0880 3016  LSI_SAS - ok
20:18:09.0896 3016  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:18:09.0896 3016  LSI_SAS2 - ok
20:18:09.0911 3016  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:18:09.0911 3016  LSI_SCSI - ok
20:18:09.0927 3016  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:18:09.0974 3016  luafv - ok
20:18:10.0006 3016  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:18:10.0021 3016  Mcx2Svc - ok
20:18:10.0084 3016  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:18:10.0099 3016  MDM - ok
20:18:10.0131 3016  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:18:10.0131 3016  megasas - ok
20:18:10.0146 3016  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:18:10.0162 3016  MegaSR - ok
20:18:10.0224 3016  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:18:10.0240 3016  Microsoft Office Groove Audit Service - ok
20:18:10.0271 3016  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:18:10.0318 3016  MMCSS - ok
20:18:10.0333 3016  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:18:10.0365 3016  Modem - ok
20:18:10.0380 3016  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:18:10.0396 3016  monitor - ok
20:18:10.0443 3016  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:18:10.0458 3016  mouclass - ok
20:18:10.0474 3016  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:18:10.0489 3016  mouhid - ok
20:18:10.0536 3016  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:18:10.0536 3016  mountmgr - ok
20:18:10.0614 3016  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:18:10.0614 3016  MozillaMaintenance - ok
20:18:10.0630 3016  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:18:10.0645 3016  mpio - ok
20:18:10.0661 3016  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:18:10.0708 3016  mpsdrv - ok
20:18:10.0755 3016  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:18:10.0786 3016  MpsSvc - ok
20:18:10.0833 3016  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:18:10.0848 3016  MRxDAV - ok
20:18:10.0895 3016  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:18:10.0926 3016  mrxsmb - ok
20:18:10.0973 3016  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:18:10.0989 3016  mrxsmb10 - ok
20:18:10.0989 3016  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:18:11.0020 3016  mrxsmb20 - ok
20:18:11.0098 3016  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:18:11.0113 3016  msahci - ok
20:18:11.0145 3016  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:18:11.0145 3016  msdsm - ok
20:18:11.0176 3016  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:18:11.0191 3016  MSDTC - ok
20:18:11.0207 3016  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:18:11.0238 3016  Msfs - ok
20:18:11.0254 3016  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:18:11.0285 3016  mshidkmdf - ok
20:18:11.0301 3016  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:18:11.0301 3016  msisadrv - ok
20:18:11.0316 3016  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:18:11.0347 3016  MSiSCSI - ok
20:18:11.0363 3016  msiserver - ok
20:18:11.0394 3016  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:18:11.0441 3016  MSKSSRV - ok
20:18:11.0441 3016  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:18:11.0472 3016  MSPCLOCK - ok
20:18:11.0472 3016  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:18:11.0519 3016  MSPQM - ok
20:18:11.0566 3016  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:18:11.0566 3016  MsRPC - ok
20:18:11.0613 3016  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:18:11.0628 3016  mssmbios - ok
20:18:11.0769 3016  MSSQL$COBRA - ok
20:18:11.0878 3016  MSSQL$COMBIT_CRM - ok
20:18:11.0940 3016  [ AE0277B34DC0F8E0F8257690BECFC4BA ] MSSQLFDLauncher$COMBIT_CRM C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\fdlauncher.exe
20:18:11.0940 3016  MSSQLFDLauncher$COMBIT_CRM - ok
20:18:12.0034 3016  [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:18:12.0049 3016  MSSQLServerADHelper100 - ok
20:18:12.0096 3016  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:18:12.0127 3016  MSTEE - ok
20:18:12.0127 3016  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:18:12.0143 3016  MTConfig - ok
20:18:12.0159 3016  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:18:12.0159 3016  Mup - ok
20:18:12.0190 3016  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:18:12.0205 3016  mwlPSDFilter - ok
20:18:12.0221 3016  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:18:12.0221 3016  mwlPSDNServ - ok
20:18:12.0237 3016  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:18:12.0237 3016  mwlPSDVDisk - ok
20:18:12.0268 3016  [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
20:18:12.0283 3016  MWLService - ok
20:18:12.0330 3016  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:18:12.0361 3016  napagent - ok
20:18:12.0393 3016  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:18:12.0408 3016  NativeWifiP - ok
20:18:12.0471 3016  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:18:12.0486 3016  NDIS - ok
20:18:12.0502 3016  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:18:12.0533 3016  NdisCap - ok
20:18:12.0549 3016  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:18:12.0595 3016  NdisTapi - ok
20:18:12.0627 3016  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:18:12.0658 3016  Ndisuio - ok
20:18:12.0705 3016  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:18:12.0736 3016  NdisWan - ok
20:18:12.0767 3016  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:18:12.0814 3016  NDProxy - ok
20:18:12.0876 3016  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:18:12.0892 3016  Nero BackItUp Scheduler 4.0 - ok
20:18:12.0907 3016  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:18:12.0939 3016  NetBIOS - ok
20:18:12.0985 3016  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:18:13.0017 3016  NetBT - ok
20:18:13.0048 3016  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:18:13.0063 3016  Netlogon - ok
20:18:13.0095 3016  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:18:13.0126 3016  Netman - ok
20:18:13.0173 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:18:13.0188 3016  NetMsmqActivator - ok
20:18:13.0188 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:18:13.0204 3016  NetPipeActivator - ok
20:18:13.0219 3016  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:18:13.0251 3016  netprofm - ok
20:18:13.0251 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:18:13.0266 3016  NetTcpActivator - ok
20:18:13.0266 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:18:13.0282 3016  NetTcpPortSharing - ok
20:18:13.0297 3016  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:18:13.0297 3016  nfrd960 - ok
20:18:13.0344 3016  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:18:13.0360 3016  NlaSvc - ok
20:18:13.0375 3016  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:18:13.0407 3016  Npfs - ok
20:18:13.0422 3016  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:18:13.0453 3016  nsi - ok
20:18:13.0469 3016  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:18:13.0500 3016  nsiproxy - ok
20:18:13.0563 3016  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:18:13.0594 3016  Ntfs - ok
20:18:13.0625 3016  [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
20:18:13.0641 3016  NTI IScheduleSvc - ok
20:18:13.0656 3016  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
20:18:13.0656 3016  NTIDrvr - ok
20:18:13.0672 3016  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:18:13.0687 3016  Null - ok
20:18:13.0875 3016  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:18:13.0999 3016  nvlddmkm - ok
20:18:14.0031 3016  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:18:14.0046 3016  nvraid - ok
20:18:14.0093 3016  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:18:14.0093 3016  nvstor - ok
20:18:14.0140 3016  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:18:14.0171 3016  nvsvc - ok
20:18:14.0280 3016  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:18:14.0296 3016  nvUpdatusService - ok
20:18:14.0343 3016  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:18:14.0358 3016  nv_agp - ok
20:18:14.0405 3016  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:18:14.0421 3016  odserv - ok
20:18:14.0436 3016  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:18:14.0467 3016  ohci1394 - ok
20:18:14.0514 3016  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:18:14.0530 3016  ose - ok
20:18:14.0545 3016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:18:14.0577 3016  p2pimsvc - ok
20:18:14.0592 3016  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:18:14.0608 3016  p2psvc - ok
20:18:14.0623 3016  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:18:14.0639 3016  Parport - ok
20:18:14.0670 3016  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:18:14.0686 3016  partmgr - ok
20:18:14.0686 3016  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:18:14.0717 3016  PcaSvc - ok
20:18:14.0733 3016  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:18:14.0733 3016  pci - ok
20:18:14.0779 3016  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:18:14.0779 3016  pciide - ok
20:18:14.0795 3016  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:18:14.0811 3016  pcmcia - ok
20:18:14.0811 3016  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:18:14.0826 3016  pcw - ok
20:18:14.0842 3016  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:18:14.0889 3016  PEAUTH - ok
20:18:14.0967 3016  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:18:14.0982 3016  PerfHost - ok
20:18:15.0045 3016  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:18:15.0107 3016  pla - ok
20:18:15.0154 3016  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:18:15.0185 3016  PlugPlay - ok
20:18:15.0185 3016  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:18:15.0216 3016  PNRPAutoReg - ok
20:18:15.0232 3016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:18:15.0247 3016  PNRPsvc - ok
20:18:15.0294 3016  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:18:15.0325 3016  PolicyAgent - ok
20:18:15.0357 3016  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:18:15.0388 3016  Power - ok
20:18:15.0435 3016  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:18:15.0450 3016  PptpMiniport - ok
20:18:15.0481 3016  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:18:15.0481 3016  Processor - ok
20:18:15.0528 3016  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:18:15.0575 3016  ProfSvc - ok
20:18:15.0575 3016  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:18:15.0591 3016  ProtectedStorage - ok
20:18:15.0637 3016  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:18:15.0669 3016  Psched - ok
20:18:15.0731 3016  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:18:15.0762 3016  ql2300 - ok
20:18:15.0778 3016  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:18:15.0793 3016  ql40xx - ok
20:18:15.0809 3016  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:18:15.0840 3016  QWAVE - ok
20:18:15.0840 3016  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:18:15.0871 3016  QWAVEdrv - ok
20:18:15.0887 3016  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:18:15.0934 3016  RasAcd - ok
20:18:15.0965 3016  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:18:15.0996 3016  RasAgileVpn - ok
20:18:15.0996 3016  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:18:16.0027 3016  RasAuto - ok
20:18:16.0074 3016  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:18:16.0105 3016  Rasl2tp - ok
20:18:16.0152 3016  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:18:16.0183 3016  RasMan - ok
20:18:16.0199 3016  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:18:16.0215 3016  RasPppoe - ok
20:18:16.0246 3016  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:18:16.0277 3016  RasSstp - ok
20:18:16.0324 3016  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:18:16.0355 3016  rdbss - ok
20:18:16.0371 3016  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:18:16.0371 3016  rdpbus - ok
20:18:16.0386 3016  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:18:16.0417 3016  RDPCDD - ok
20:18:16.0417 3016  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:18:16.0449 3016  RDPENCDD - ok
20:18:16.0449 3016  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:18:16.0480 3016  RDPREFMP - ok
20:18:16.0511 3016  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:18:16.0527 3016  RdpVideoMiniport - ok
20:18:16.0573 3016  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:18:16.0620 3016  RDPWD - ok
20:18:16.0667 3016  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:18:16.0683 3016  rdyboost - ok
20:18:16.0698 3016  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:18:16.0729 3016  RemoteAccess - ok
20:18:16.0745 3016  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:18:16.0792 3016  RemoteRegistry - ok
20:18:16.0792 3016  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:18:16.0823 3016  RpcEptMapper - ok
20:18:16.0839 3016  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:18:16.0870 3016  RpcLocator - ok
20:18:16.0901 3016  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:18:16.0932 3016  RpcSs - ok
20:18:16.0963 3016  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:18:16.0995 3016  rspndr - ok
20:18:17.0026 3016  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:18:17.0026 3016  SamSs - ok
20:18:17.0135 3016  [ 6090BCB4345D615070D3155A0A2EB60F ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
20:18:17.0135 3016  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
20:18:17.0135 3016  Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
20:18:17.0182 3016  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:18:17.0197 3016  sbp2port - ok
20:18:17.0213 3016  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:18:17.0260 3016  SCardSvr - ok
20:18:17.0275 3016  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:18:17.0322 3016  scfilter - ok
20:18:17.0369 3016  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:18:17.0400 3016  Schedule - ok
20:18:17.0447 3016  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:18:17.0478 3016  SCPolicySvc - ok
20:18:17.0509 3016  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:18:17.0541 3016  SDRSVC - ok
20:18:17.0634 3016  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:18:17.0650 3016  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:18:17.0650 3016  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:18:17.0681 3016  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:18:17.0712 3016  secdrv - ok
20:18:17.0743 3016  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:18:17.0790 3016  seclogon - ok
20:18:17.0821 3016  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:18:17.0868 3016  SENS - ok
20:18:17.0884 3016  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:18:17.0899 3016  SensrSvc - ok
20:18:17.0931 3016  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:18:17.0931 3016  Serenum - ok
20:18:17.0946 3016  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:18:17.0977 3016  Serial - ok
20:18:18.0024 3016  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:18:18.0055 3016  sermouse - ok
20:18:18.0102 3016  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:18:18.0133 3016  SessionEnv - ok
20:18:18.0180 3016  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:18:18.0196 3016  sffdisk - ok
20:18:18.0211 3016  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:18:18.0227 3016  sffp_mmc - ok
20:18:18.0227 3016  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:18:18.0243 3016  sffp_sd - ok
20:18:18.0274 3016  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:18:18.0274 3016  sfloppy - ok
20:18:18.0305 3016  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:18:18.0352 3016  SharedAccess - ok
20:18:18.0399 3016  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:18:18.0430 3016  ShellHWDetection - ok
20:18:18.0445 3016  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:18:18.0461 3016  SiSRaid2 - ok
20:18:18.0477 3016  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:18:18.0477 3016  SiSRaid4 - ok
20:18:18.0633 3016  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:18:18.0679 3016  Skype C2C Service - ok
20:18:18.0742 3016  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:18:18.0757 3016  SkypeUpdate - ok
20:18:18.0773 3016  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:18:18.0789 3016  Smb - ok
20:18:18.0820 3016  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:18:18.0835 3016  SNMPTRAP - ok
20:18:18.0851 3016  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:18:18.0851 3016  spldr - ok
20:18:18.0898 3016  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:18:18.0960 3016  Spooler - ok
20:18:19.0038 3016  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:18:19.0116 3016  sppsvc - ok
20:18:19.0147 3016  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:18:19.0179 3016  sppuinotify - ok
20:18:19.0350 3016  [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$COBRA  C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.COBRA\MSSQL\Binn\SQLAGENT.EXE
20:18:19.0366 3016  SQLAgent$COBRA - ok
20:18:19.0506 3016  [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$COMBIT_CRM C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\SQLAGENT.EXE
20:18:19.0522 3016  SQLAgent$COMBIT_CRM - ok
20:18:19.0600 3016  [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:18:19.0615 3016  SQLBrowser - ok
20:18:19.0709 3016  [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:18:19.0725 3016  SQLWriter - ok
20:18:19.0771 3016  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:18:19.0787 3016  srv - ok
20:18:19.0834 3016  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:18:19.0865 3016  srv2 - ok
20:18:19.0896 3016  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:18:19.0896 3016  srvnet - ok
20:18:19.0927 3016  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:18:19.0959 3016  SSDPSRV - ok
20:18:20.0005 3016  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
20:18:20.0005 3016  SSPORT - ok
20:18:20.0037 3016  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:18:20.0068 3016  SstpSvc - ok
20:18:20.0193 3016  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:18:20.0208 3016  Stereo Service - ok
20:18:20.0224 3016  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:18:20.0224 3016  stexstor - ok
20:18:20.0286 3016  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:18:20.0302 3016  stisvc - ok
20:18:20.0333 3016  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:18:20.0349 3016  swenum - ok
20:18:20.0380 3016  SwitchBoard - ok
20:18:20.0395 3016  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:18:20.0427 3016  swprv - ok
20:18:20.0489 3016  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:18:20.0536 3016  SysMain - ok
20:18:20.0567 3016  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:18:20.0583 3016  TabletInputService - ok
20:18:20.0598 3016  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:18:20.0629 3016  TapiSrv - ok
20:18:20.0645 3016  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:18:20.0676 3016  TBS - ok
20:18:20.0739 3016  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:18:20.0770 3016  Tcpip - ok
20:18:20.0785 3016  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:18:20.0817 3016  TCPIP6 - ok
20:18:20.0863 3016  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:18:20.0879 3016  tcpipreg - ok
20:18:20.0910 3016  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:18:20.0941 3016  TDPIPE - ok
20:18:20.0973 3016  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:18:20.0988 3016  TDTCP - ok
20:18:21.0051 3016  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:18:21.0066 3016  tdx - ok
20:18:21.0129 3016  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:18:21.0129 3016  TermDD - ok
20:18:21.0160 3016  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:18:21.0207 3016  TermService - ok
20:18:21.0238 3016  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:18:21.0253 3016  Themes - ok
20:18:21.0269 3016  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:18:21.0300 3016  THREADORDER - ok
20:18:21.0316 3016  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:18:21.0331 3016  TrkWks - ok
20:18:21.0394 3016  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:18:21.0425 3016  TrustedInstaller - ok
20:18:21.0456 3016  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:18:21.0487 3016  tssecsrv - ok
20:18:21.0534 3016  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:18:21.0550 3016  TsUsbFlt - ok
20:18:21.0597 3016  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:18:21.0628 3016  tunnel - ok
20:18:21.0643 3016  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:18:21.0659 3016  uagp35 - ok
20:18:21.0659 3016  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:18:21.0675 3016  UBHelper - ok
20:18:21.0721 3016  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:18:21.0753 3016  udfs - ok
20:18:21.0784 3016  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:18:21.0799 3016  UI0Detect - ok
20:18:21.0846 3016  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:18:21.0862 3016  uliagpkx - ok
20:18:21.0877 3016  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:18:21.0877 3016  umbus - ok
20:18:21.0893 3016  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:18:21.0909 3016  UmPass - ok
20:18:21.0955 3016  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:18:21.0955 3016  Updater Service - ok
20:18:21.0987 3016  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:18:22.0018 3016  upnphost - ok
20:18:22.0065 3016  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:18:22.0111 3016  USBAAPL64 - ok
20:18:22.0143 3016  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:18:22.0174 3016  usbccgp - ok
20:18:22.0221 3016  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:18:22.0236 3016  usbcir - ok
20:18:22.0267 3016  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:18:22.0283 3016  usbehci - ok
20:18:22.0299 3016  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:18:22.0314 3016  usbhub - ok
20:18:22.0330 3016  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:18:22.0345 3016  usbohci - ok
20:18:22.0377 3016  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:18:22.0392 3016  usbprint - ok
20:18:22.0439 3016  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:18:22.0455 3016  usbscan - ok
20:18:22.0486 3016  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:18:22.0517 3016  USBSTOR - ok
20:18:22.0548 3016  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:18:22.0579 3016  usbuhci - ok
20:18:22.0626 3016  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:18:22.0642 3016  usbvideo - ok
20:18:22.0657 3016  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:18:22.0704 3016  UxSms - ok
20:18:22.0735 3016  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:18:22.0735 3016  VaultSvc - ok
20:18:22.0751 3016  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:18:22.0767 3016  vdrvroot - ok
20:18:22.0813 3016  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:18:22.0860 3016  vds - ok
20:18:22.0891 3016  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:18:22.0907 3016  vga - ok
20:18:22.0923 3016  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:18:22.0938 3016  VgaSave - ok
20:18:22.0985 3016  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:18:23.0001 3016  vhdmp - ok
20:18:23.0047 3016  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:18:23.0047 3016  viaide - ok
20:18:23.0079 3016  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:18:23.0079 3016  volmgr - ok
20:18:23.0125 3016  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:18:23.0141 3016  volmgrx - ok
20:18:23.0141 3016  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:18:23.0157 3016  volsnap - ok
20:18:23.0188 3016  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:18:23.0188 3016  vsmraid - ok
20:18:23.0250 3016  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:18:23.0297 3016  VSS - ok
20:18:23.0313 3016  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:18:23.0328 3016  vwifibus - ok
20:18:23.0359 3016  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:18:23.0406 3016  W32Time - ok
20:18:23.0422 3016  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:18:23.0453 3016  WacomPen - ok
20:18:23.0500 3016  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:18:23.0531 3016  WANARP - ok
20:18:23.0531 3016  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:18:23.0562 3016  Wanarpv6 - ok
20:18:23.0625 3016  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:18:23.0640 3016  WatAdminSvc - ok
20:18:23.0703 3016  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:18:23.0718 3016  wbengine - ok
20:18:23.0749 3016  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:18:23.0765 3016  WbioSrvc - ok
20:18:23.0812 3016  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:18:23.0843 3016  wcncsvc - ok
20:18:23.0859 3016  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:18:23.0874 3016  WcsPlugInService - ok
20:18:23.0890 3016  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:18:23.0905 3016  Wd - ok
20:18:23.0952 3016  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:18:23.0968 3016  Wdf01000 - ok
20:18:23.0983 3016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:18:24.0046 3016  WdiServiceHost - ok
20:18:24.0046 3016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:18:24.0061 3016  WdiSystemHost - ok
20:18:24.0093 3016  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:18:24.0124 3016  WebClient - ok
20:18:24.0139 3016  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:18:24.0171 3016  Wecsvc - ok
20:18:24.0171 3016  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:18:24.0202 3016  wercplsupport - ok
20:18:24.0217 3016  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:18:24.0233 3016  WerSvc - ok
20:18:24.0249 3016  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:18:24.0264 3016  WfpLwf - ok
20:18:24.0373 3016  [ DE35BD336FD1E6AFAC0578DF221A7C0C ] WHSConnector    C:\Program Files\Windows Home Server\WHSConnector.exe
20:18:24.0373 3016  WHSConnector - ok
20:18:24.0405 3016  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:18:24.0420 3016  WIMMount - ok
20:18:24.0436 3016  WinDefend - ok
20:18:24.0436 3016  WinHttpAutoProxySvc - ok
20:18:24.0483 3016  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:18:24.0514 3016  Winmgmt - ok
20:18:24.0592 3016  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:18:24.0639 3016  WinRM - ok
20:18:24.0717 3016  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:18:24.0732 3016  WinUsb - ok
20:18:24.0763 3016  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:18:24.0795 3016  Wlansvc - ok
20:18:24.0826 3016  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:18:24.0841 3016  WmiAcpi - ok
20:18:24.0857 3016  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:18:24.0888 3016  wmiApSrv - ok
20:18:24.0904 3016  WMPNetworkSvc - ok
20:18:24.0919 3016  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:18:24.0935 3016  WPCSvc - ok
20:18:24.0966 3016  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:18:24.0982 3016  WPDBusEnum - ok
20:18:24.0997 3016  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:18:25.0029 3016  ws2ifsl - ok
20:18:25.0044 3016  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:18:25.0075 3016  wscsvc - ok
20:18:25.0122 3016  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:18:25.0138 3016  WSDPrintDevice - ok
20:18:25.0138 3016  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
20:18:25.0153 3016  WSDScan - ok
20:18:25.0153 3016  WSearch - ok
20:18:25.0216 3016  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:18:25.0263 3016  wuauserv - ok
20:18:25.0294 3016  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:18:25.0325 3016  WudfPf - ok
20:18:25.0341 3016  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:18:25.0341 3016  WUDFRd - ok
20:18:25.0356 3016  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:18:25.0372 3016  wudfsvc - ok
20:18:25.0403 3016  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:18:25.0419 3016  WwanSvc - ok
20:18:25.0419 3016  ================ Scan global ===============================
20:18:25.0450 3016  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:18:25.0481 3016  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:18:25.0481 3016  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:18:25.0497 3016  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:18:25.0512 3016  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:18:25.0512 3016  [Global] - ok
20:18:25.0512 3016  ================ Scan MBR ==================================
20:18:25.0528 3016  [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
20:18:27.0275 3016  \Device\Harddisk0\DR0 - ok
20:18:27.0275 3016  ================ Scan VBR ==================================
20:18:27.0275 3016  [ D9187D8DCA160E389C636A5C7F6493D2 ] \Device\Harddisk0\DR0\Partition1
20:18:27.0275 3016  \Device\Harddisk0\DR0\Partition1 - ok
20:18:27.0291 3016  [ F7F16ACFDAA13D7586E56B31EEF1143F ] \Device\Harddisk0\DR0\Partition2
20:18:27.0291 3016  \Device\Harddisk0\DR0\Partition2 - ok
20:18:27.0306 3016  [ 30F49E5251F60B4FAAB4099FF25DB7DC ] \Device\Harddisk0\DR0\Partition3
20:18:27.0306 3016  \Device\Harddisk0\DR0\Partition3 - ok
20:18:27.0306 3016  ============================================================
20:18:27.0306 3016  Scan finished
20:18:27.0306 3016  ============================================================
20:18:27.0322 2596  Detected object count: 3
20:18:27.0322 2596  Actual detected object count: 3
20:19:07.0869 2596  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:19:07.0869 2596  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
20:19:07.0869 2596  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:07.0869 2596  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:19:07.0869 2596  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:07.0869 2596  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:20:16.0628 6052  Deinitialize success
         

Alt 12.06.2013, 15:08   #23
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 15:51   #24
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



ComboFix läuft aber steht seit ca. 15 Minuten bei "Zielverzeichnis: C\32788R22FWJFW"
Ist das normal, dass es so lange dauert oder soll ich abbrechen?

So hier jetzt das Ergebnis von ComboFix:
Code:
ATTFilter
ComboFix 13-06-08.02 - BE.ST 13.06.2013   1:13.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.4096 [GMT 2:00]
ausgeführt von:: c:\users\BE.ST\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\Common Files\Outlook Security Manager\osMAx.ocx
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\users\BE.ST\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe
c:\users\BE.ST\AppData\Roaming\skype.ini
c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-12 bis 2013-06-12  ))))))))))))))))))))))))))))))
.
.
2013-06-12 23:23 . 2013-06-12 23:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-12 23:23 . 2013-06-12 23:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-12 23:09 . 2013-06-12 23:09	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBF9E913-D45F-4A3C-9AFD-425993268BA4}\offreg.dll
2013-06-12 15:16 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBF9E913-D45F-4A3C-9AFD-425993268BA4}\mpengine.dll
2013-06-11 00:38 . 2013-06-11 00:38	--------	d-----w-	C:\_OTL
2013-05-16 06:13 . 2013-06-12 23:07	--------	d-----r-	c:\users\BE.ST\Mediencenter
2013-05-16 06:12 . 2013-05-16 06:12	--------	d-----w-	c:\users\BE.ST\AppData\Local\Telekom
2013-05-16 06:12 . 2013-05-16 06:12	--------	d-----w-	c:\users\BE.ST\AppData\Roaming\Telekom
2013-05-15 15:09 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-15 15:09 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 15:09 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-15 08:15 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 08:15 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 08:15 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 08:15 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 08:15 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 08:15 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 08:15 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 08:15 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 08:15 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 08:15 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 23:02 . 2011-01-06 18:51	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 13:26 . 2012-04-04 05:08	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:26 . 2011-05-17 05:11	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-01-05 07:17	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-24 06:04	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-22 14:32 . 2013-02-01 07:19	92248	----a-w-	c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-03-19 06:04 . 2013-04-10 06:12	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:12	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:12	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:12	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:12	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:12	112640	----a-w-	c:\windows\system32\smss.exe
2012-01-11 12:10 . 2012-01-11 12:10	507904	----a-w-	c:\program files\Downloader-fuer-SETUP_A1-Faktura-Plus.exe
2011-12-28 09:04 . 2011-12-28 09:04	77236	----a-w-	c:\program files\jDownloaderWebInstaller09581.exe
2011-12-28 07:57 . 2011-12-28 07:56	19298464	----a-w-	c:\program files\FreeYouTubeToMP3Converter.exe
2011-02-23 18:25 . 2011-02-23 12:58	1228416	----a-w-	c:\program files\DesignPremium_CS5_LS4.exe
2010-11-18 20:41 . 2011-02-22 16:17	91352	----a-w-	c:\program files\Install Lightroom 3.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files (x86)\Freeware.de\prxtbFre0.dll" [2013-04-14 231712]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\prxtbsof0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
2013-04-14 12:35	231712	----a-w-	c:\program files (x86)\Freeware.de\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2013-04-14 12:35	231712	----a-w-	c:\program files (x86)\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files (x86)\Freeware.de\prxtbFre0.dll" [2013-04-14 231712]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\prxtbsof0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"Akamai NetSession Interface"="c:\users\BE.ST\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-10 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SfWinStartInfo"="c:\program files (x86)\SFirm\sfWinStartupInfo.exe" [2012-09-25 144544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-04-10 2387088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\BE.ST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\BE.ST\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [N/A]
Mediencenter.lnk - c:\users\BE.ST\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-4-22 526144]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2009-10-28 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2009-10-28 339968]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-1-8 331776]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$COBRA;SQL Server-Agent (COBRA);c:\program files (x86)\Microsoft SQL Server\MSSQL10.COBRA\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.COBRA\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SQLAgent$COMBIT_CRM;SQL Server-Agent (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [x]
S2 avmident;AVM FRITZ!Box-Kindersicherung;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe;c:\program files\Windows Home Server\esClient.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 MSSQL$COBRA;SQL Server (COBRA);c:\program files (x86)\Microsoft SQL Server\MSSQL10.COBRA\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.COBRA\MSSQL\Binn\sqlservr.exe [x]
S2 MSSQL$COMBIT_CRM;SQL Server (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\sqlservr.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WHSConnector;Windows Home Server-Connectordienst;c:\program files\Windows Home Server\WHSConnector.exe;c:\program files\Windows Home Server\WHSConnector.exe [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys;c:\windows\SYSNATIVE\drivers\gwfilt64.sys [x]
S3 MSSQLFDLauncher$COMBIT_CRM;SQL Full-text Filter Daemon Launcher (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\fdlauncher.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.COMBIT_CRM\MSSQL\Binn\fdlauncher.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-10 06:53	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:26]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-08 15:37]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-08 15:37]
.
2013-06-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 08:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-04-18 16:06	558592	----a-w-	c:\users\BE.ST\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-04-18 16:06	558592	----a-w-	c:\users\BE.ST\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-04-18 16:06	558592	----a-w-	c:\users\BE.ST\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Ocs_SM"="c:\users\BE.ST\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-01-11 106496]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7721&r=17360110cn06973h54b75ph8045l6s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7721&r=17360110cn06973h54b75ph8045l6s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\BE.ST\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: Interfaces\{C9C13324-AFCB-4488-A37D-F0A99390A232}: NameServer = 192.168.1.2
FF - ProfilePath - c:\users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBG&o=15132&locale=de_DE&apn_uid=183CEB53-CDBB-423B-B977-0C103B673CA4&apn_ptnrs=RN&apn_sauid=A47A6612-49D1-4781-B19C-2E9BA3E15B93&apn_dtid=YYYYYYYYDE&q=
FF - ExtSQL: !HIDDEN! 2012-01-11 13:11; mail@gutscheinrausch.de; c:\users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\extensions\mail@gutscheinrausch.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-AdobeCS5ServiceManager - c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-{02698606-3A21-489D-9D2A-75C9E8D3E5BD} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{15FEDA5F-141C-4127-8D7E-B962D1742728} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**æ—Á*@"]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:519237ad
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.amr"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.apd"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bwf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cel"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.flc"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fli"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ico"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.JFIF"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kar"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m15"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m1a"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m2a"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m75"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mpv"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pics"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.qcp"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.qtpf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rw2"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sdv"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sfil"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.smf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.smi"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.smil"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sml"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.swa"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-993182072-3024642314-2012708821-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ulw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.vfw"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"
.
[HKEY_USERS\S-1-5-21-993182072-3024642314-2012708821-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-13  01:24:07
ComboFix-quarantined-files.txt  2013-06-12 23:24
.
Vor Suchlauf: 15 Verzeichnis(se), 87.167.782.912 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 86.620.209.152 Bytes frei
.
- - End Of File - - 8AC4837F34CF350C1ED2490D2C1F1CFA
70E629B51C16B3C007730C6AE57144C9
         

Alt 12.06.2013, 17:23   #25
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 06:18   #26
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Hi Markus,
malwarebytes hat nichts in die Quarantäne verschoben.
Hier der log file:
Code:
ATTFilter
2013/06/13 02:52:55 +0200	ACER_HB	BE.ST	MESSAGE	Starting protection
2013/06/13 02:52:55 +0200	ACER_HB	BE.ST	MESSAGE	Protection started successfully
2013/06/13 02:52:55 +0200	ACER_HB	BE.ST	MESSAGE	Starting IP protection
2013/06/13 02:53:03 +0200	ACER_HB	BE.ST	MESSAGE	IP Protection started successfully
2013/06/13 02:53:09 +0200	ACER_HB	BE.ST	MESSAGE	Starting database refresh
2013/06/13 02:53:09 +0200	ACER_HB	BE.ST	MESSAGE	Stopping IP protection
2013/06/13 02:53:11 +0200	ACER_HB	BE.ST	MESSAGE	IP Protection stopped successfully
2013/06/13 02:53:13 +0200	ACER_HB	BE.ST	MESSAGE	Database refreshed successfully
2013/06/13 02:53:13 +0200	ACER_HB	BE.ST	MESSAGE	Starting IP protection
2013/06/13 02:53:14 +0200	ACER_HB	BE.ST	MESSAGE	IP Protection started successfully
2013/06/13 03:22:57 +0200	ACER_HB	(null)	MESSAGE	Starting protection
2013/06/13 03:22:57 +0200	ACER_HB	(null)	MESSAGE	Protection started successfully
2013/06/13 03:22:57 +0200	ACER_HB	(null)	MESSAGE	Starting IP protection
2013/06/13 03:22:59 +0200	ACER_HB	(null)	MESSAGE	IP Protection started successfully
2013/06/13 15:08:07 +0200	ACER_HB	BE.ST	MESSAGE	Starting protection
2013/06/13 15:08:07 +0200	ACER_HB	BE.ST	MESSAGE	Protection started successfully
2013/06/13 15:08:07 +0200	ACER_HB	BE.ST	MESSAGE	Starting IP protection
2013/06/13 15:08:08 +0200	ACER_HB	BE.ST	MESSAGE	IP Protection started successfully
         

Alt 13.06.2013, 11:13   #27
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 12:07   #28
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Hier ist die Liste, ganz schön viel das meiste unbekannt und nur wenig unnötig

Code:
ATTFilter
1&1 EasyLogin		03.01.2011	NOTWENDIG	
7-Zip 9.16 beta		08.11.2010	NOTWENDIG	
ACDSee Image Decoder Update	ACD Systems	06.01.2011	2,20MB	2.0.5  NOTWENDIG
ACDSee Pro 2.5	ACD Systems International	06.01.2011	113MB	2.5.363  NOTWENDIG
ACDSee RAW Image Decoder Plug-In Update 4.0	ACD Systems	06.01.2011	2,00MB	4.0.76  NOTWENDIG
Acer Arcade Deluxe	CyberLink Corp.	28.10.2009	96,4MB	3.1.6731  UNBEKANNT
Acer Backup Manager	NewTech Infosystems	14.08.2009	226MB	2.0.2.19   UNBEKANNT
Acer eRecovery Management	Acer Incorporated	28.10.2009		4.05.3003             UNBEKANNT
Acer GameZone Console	Oberon Media, Inc.	14.08.2009		5.1.0.2                    UNBEKANNT
Acer Registration	Acer Incorporated	28.10.2009		1.02.3006                 UNBEKANNT
Acer ScreenSaver	Acer Incorporated	28.10.2009		1.1.0812                  UNBEKANNT
Acer Updater	Acer Incorporated	14.08.2009		1.01.3014                        UNBEKANNT
Acrobat.com	Adobe Systems Incorporated	14.08.2009	1,60MB	1.6.65               NOTWENDIG
ActiveTrader 4.14.7_b1		04.01.2010		                                    NOTWENDIG
Adobe AIR	Adobe Systems Inc.	23.02.2011		1.5.3.9120                  UNBEKANNT
Adobe Community Help	Adobe Systems Incorporated	23.02.2011		3.0.0.400   UNBEKANNT
Adobe Creative Suite 5 Design Premium	Adobe Systems Incorporated	23.02.2011	5,60GB	5.0      UNBEKANNT
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	13.06.2013	6,00MB	11.7.700.224     NOTWENDIG
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.06.2013	6,00MB	11.7.700.224      NOTWENDIG
Adobe Media Player	Adobe Systems Incorporated	23.02.2011		1.8                          NOTWENDIG
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	28.09.2012	121MB	10.1.4        NOTWENDIG
Akamai NetSession Interface	Akamai Technologies, Inc	24.06.2012		UNBEKANNT
Akamai NetSession Interface Service		10.11.2011		               UNBEKANNT
Apple Application Support	Apple Inc.	04.04.2013	62,7MB	2.3.3           UNBEKANNT
Apple Mobile Device Support	Apple Inc.	04.04.2013	25,2MB	6.1.0.13         UNBEKANNT
Apple Software Update	Apple Inc.	10.12.2011	2,38MB	2.1.3.127            UNBEKANNT
ArcSoft TotalMedia Backup	ArcSoft	08.01.2011		1.5.21.7              UNBEKANNT
AutoCAD LT 2009 - Deutsch	Autodesk	06.01.2010		17.2.56.0      NOTWENDIG
Autodesk Design Review 2011	Autodesk, Inc.	29.12.2010		11.0.0.86       NOTWENDIG
Avira Free Antivirus	Avira	15.11.2012	104MB	12.1.9.1236                NOTWENDIG
AVM FRITZ!Box-Kindersicherung	AVM Berlin	16.12.2011	334KB	4.2.2        NOTWENDIG
Bonjour	Apple Inc.	10.12.2011	1,85MB	3.0.0.10                      UNBEKANNT
CADSymbols 2.0	IMSI	05.07.2010	273MB	2.00.0000              NOTWENDIG
CAS PIA Addin	CAS Software AG	07.05.2013	23,9MB	4.40          NOTWENDIG
CCleaner	Piriform	24.05.2013		4.02         UNBEKANNT
ChemSep 6.51		20.02.2010		6.51                 NOTWENDIG
cobra Adress PLUS 2011	cobra GmbH	20.01.2012	276MB	15.2.2002         NOTWENDIG
cobra Adress PLUS 9		04.01.2010		                     NOTWENDIG
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013	276MB	12.0.6612.1000 NOTWENDIG
DHTML Editing Component	Microsoft Corporation	21.11.2012	554KB	6.02.0001            UNBEKANNT
Druckverlust 7.0	Software-Factory	16.01.2012	10,8MB	        NOTWENDIG
DWG TrueView 2010	Autodesk	22.02.2010		18.0.55.0        NOTWENDIG
eBay Worldwide	OEM	04.01.2010	100KB	2.1.0703                           UNBEKANNT
ElsterFormular	Landesfinanzdirektion Thüringen	21.10.2011		12.4.0.7094u NOTWENDIG
eSobi v2	esobi Inc.	14.08.2009	20,4MB	2.0.4.000274     UNBEKANNT
FloorPlan 3D V.7	IMSI	04.01.2010	111MB	7.3            NOTWENDIG
Foxit Reader		04.01.2010		                   NOTWENDIG
Free RAR Extract Frog	Philipp Winterberg	16.12.2010		2.15 NOTWENDIG
Free YouTube to MP3 Converter version 3.10.14.1206	DVDVideoSoft Ltd.	28.12.2011	77,6MB	NOTWENDIG
FreePDF (Remove only)		08.01.2010		NOTWENDIG
Freeware.de Toolbar	Freeware.de	13.06.2013		6.13.3.501      UNBEKANNT
FRITZ!DSL64		16.12.2011	7,64MB	         NOTWENDIG
Gigaset QuickSync	Gigaset Communications GmbH	12.12.2012	8,59MB	8.0.0856.1 NOTWENDIG
Google Chrome	Google Inc.	08.03.2010		27.0.1453.110  NICHT NOTWENDIG
Google Earth	Google	28.03.2013	173MB	7.0.3.8542        NOTWENDIG
GPL Ghostscript 8.70		08.01.2010		                  UNBEKANNT
Hotkey Utility	Acer Incorporated	28.10.2009		1.00.3003 UNBEKANNT
HP Data Vault 3.1 (x64)	Ihr Firmenname	17.12.2010	6,24MB	3.1.1.34819  NOTWENDIG
HP Update	Hewlett-Packard	13.07.2012	3,98MB	5.003.001.001  UNBEKANNT
iCloud	Apple Inc.	04.04.2013	81,9MB	2.1.1.3                  NOTWENDIG
Identity Card	Acer Incorporated	28.10.2009		1.00.3001   UNBEKANNT
Intel(R) Network Connections 14.3.100.0	Intel	14.08.2009	12,7MB	14.3.100.0   UNBEKANNT
Intel® Matrix Storage Manager	Intel Corporation	28.10.2009		UNBEKANNT
iTunes	Apple Inc.	04.04.2013	187MB	11.0.2.26   NOTWENDIG
Java(TM) 6 Update 30	Sun Microsystems, Inc.	04.01.2010	94,9MB	6.0.300  UNBEKANNT
JDownloader 0.9	AppWork GmbH	28.12.2011		0.9    UNBEKANNT
JMicron JMB36X Driver	JMICRON Technology Corp.	14.08.2009		1.00.0000   UNBEKANNT
KG-TOWER® 5.0	KOCH GLITSCH LP	04.02.2011	49,4MB	5.00.007   NOTWENDIG
Lexware faktura+auftrag 2012	Haufe-Lexware GmbH & Co.KG	13.09.2012	361MB	16.03.00.0140  NOTWENDIG
Lexware Info Service	Haufe-Lexware GmbH & Co.KG	03.02.2012	14,8MB	2.80.00.0007   NOTWENDIG
Lexware online banking	Lexware GmbH & Co. KG	12.08.2010	21,8MB	9.00.00.0035   NOTWENDIG
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	13.06.2013	19,2MB	1.75.0.1300  NOTWENDIG
Mediencenter 3.7.0.2204	Deutsche Telekom AG	16.05.2013		3.7.0.2204   NOTWENDIG
Merriam Websters Spell Jam	Oberon Media	28.10.2009		  UNBEKANNT
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	20.01.2012	38,8MB	4.0.30319   UNBEKANNT
Microsoft .NET Framework 4 Extended	Microsoft Corporation	20.01.2012	51,9MB	4.0.30319   UNBEKANNT
Microsoft Camera Codec Pack	Microsoft Corporation	23.10.2011	15,8MB	16.0.0652.0621   UNBEKANNT
Microsoft Office Enterprise 2007	Microsoft Corporation	22.11.2011		12.0.6612.1000   UNBEKANNT
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003   UNBEKANNT
Microsoft Office Live Add-in 1.5	Microsoft Corporation	20.09.2012	508KB	2.0.4024.1    UNBEKANNT
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	16.06.2011	582MB	10.0.6626.0  UNBEKANNT
Microsoft Report Viewer Redistributable 2008 SP1	Microsoft Corporation	21.11.2012		UNBEKANNT
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU	Microsoft Corporation	21.11.2012	UNBEKANNT	
Microsoft Silverlight	Microsoft Corporation	14.03.2013	100MB	5.1.20125.0    UNBEKANNT
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	28.10.2009	1,72MB	3.1.0000  UNBEKANNT
Microsoft SQL Server 2005-Abwärtskompatibilität	Microsoft Corporation	20.01.2012	47,7MB	8.05.2309  UNBEKANNT
Microsoft SQL Server 2008	Microsoft Corporation	20.01.2012		UNBEKANNT
Microsoft SQL Server 2008 R2	Microsoft Corporation	21.11.2012		UNBEKANNT
Microsoft SQL Server 2008 R2 Native Client	Microsoft Corporation	22.11.2012	6,06MB	10.50.1617.0 UNBEKANNT
Microsoft SQL Server 2008 R2 Setup (English)	Microsoft Corporation	22.11.2012	26,6MB	10.50.1617.0 UNBEKANNT
Microsoft SQL Server 2008 R2-Richtlinien	Microsoft Corporation	21.11.2012	0,99MB	10.50.1600.1 UNBEKANNT
Microsoft SQL Server Browser	Microsoft Corporation	28.01.2013	9,16MB	10.51.2500.0  UNBEKANNT
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	21.11.2012	3,69MB	3.5.8080.0  UNBEKANNT
Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU	Microsoft Corporation	21.11.2012	5,42MB	3.5.8080.0  UNBEKANNT
Microsoft SQL Server Native Client	Microsoft Corporation	20.01.2012	5,44MB	9.00.4035.00  UNBEKANNT
Microsoft SQL Server VSS Writer	Microsoft Corporation	28.01.2013	3,64MB	10.51.2500.0  UNBEKANNT
Microsoft Sync Framework Services v1.0 (x86) de	Microsoft Corporation	20.01.2012	1,65MB	1.0.1215.0  UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	07.01.2010	260KB	8.0.50727.4053  UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	250KB	8.0.50727.4053  UNBEKANNT
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	300KB	8.0.61001  UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	06.01.2010	700KB	8.0.61000 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	29.04.2011	580KB	8.0.51011  UNBEKANNT
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	23.02.2010	212KB	9.0.30729.4148  UNBEKANNT
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	05.01.2010	200KB	9.0.30729.4148  UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	29.04.2011	790KB	9.0.30729.5570  UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	29.04.2011	598KB	9.0.30729.5570 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729	Microsoft Corporation	16.12.2011	242KB	9.0.30729  UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	22.02.2010	786KB	9.0.30729  UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	29.12.2010	786KB	9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788KB	9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	17.10.2012	230KB	9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.01.2010	596KB	9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.03.2010	594KB	9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	12,2MB	10.0.40219 UNBEKANNT
Microsoft Visual Studio Tools for Applications 2.0 - ENU	Microsoft Corporation	22.11.2012	235MB	9.0.35191 UNBEKANNT
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU	Microsoft Corporation	21.11.2012	91,1MB	9.0.35191 UNBEKANNT
Microsoft Works	Microsoft Corporation	10.10.2012	1,18GB	9.7.0621 UNBEKANNT
Microsoft WSE 3.0 Runtime	Microsoft Corp.	04.01.2010	942KB	3.0.5305.0 UNBEKANNT
Mozilla Firefox 21.0 (x86 de)	Mozilla	21.05.2013	51,3MB	21.0  NOTWENDIG
Mozilla Maintenance Service	Mozilla	21.05.2013	333KB	21.0  NOTWENDIG
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	05.01.2010	1,27MB	4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	05.01.2010	1,33MB	4.20.9876.0 UNBEKANNT
MyWinLocker	Egis Technology Inc.	14.08.2009	47,9MB	3.1.72.0 UNBEKANNT
Nero 9 Essentials	Nero AG	14.08.2009		 UNBEKANNT 
NVIDIA 3D Vision Treiber 311.06	NVIDIA Corporation	15.04.2013		311.06 NOTWENDIG
NVIDIA Grafiktreiber 311.06	NVIDIA Corporation	15.04.2013		311.06 NOTWENDIG
NVIDIA PhysX	NVIDIA Corporation	28.10.2009	119MB	9.09.0428
NVIDIA Update 1.11.3	NVIDIA Corporation	15.04.2013		1.11.3
OpenOffice.org 3.4.1	Apache Software Foundation	05.04.2013	331MB	3.41.9593  NOTWENDIG
PuTTY version 0.62	Simon Tatham	15.01.2012	3,43MB	0.62   NOTWENDIG
QuickTime	Apple Inc.	04.04.2013	73,1MB	7.73.80.64   NOTWENDIG
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	14.08.2009		6.0.1.5898  NOTWENDIG
Recover My Photos	GetData Pty Ltd	07.01.2011	11,1MB	4.4.6.1421  UNNÖTIG
RedMon - Redirection Port Monitor		08.01.2010		UNBEKANNT
RENESIS® Player Browser Plugins	examotion® GmbH	04.01.2010	1,83MB	1.1.1 UNBEKANNT
Samsung Easy Printer Manager	Samsung Electronics Co., Ltd.	17.10.2012		1.01.16.02  NOTWENDIG
Samsung Network PC Fax	Samsung Electronics Co., Ltd.	17.10.2012	13,3MB	1.05.23.04 NOTWENDIG
Samsung Printer Live Update	Samsung Electronics Co., Ltd.	17.10.2012		NOTWENDIG
Samsung Scan Assistant	Samsung Electronics Co., Ltd.	17.10.2012	23,4MB	1.04.26.00 NOTWENDIG
Samsung SCX-472x Series	Samsung Electronics Co., Ltd.	17.10.2012		NOTWENDIG
SearchAnonymizer		11.01.2012		1.0.1 (de)  UNBEKANNT
SFirm	Star Finanz GmbH	25.09.2012	359MB	2.39.4.250.0 NOTWENDIG
Skype Click to Call	Skype Technologies S.A.	31.10.2012	40,7MB	6.3.11079 UNBEKANNT
Skype™ 6.3	Skype Technologies S.A.	24.05.2013	38,8MB	6.3.107 NOTWENDIG
SmartCopy	Northstar Systems Corp.	28.10.2009		UNBEKANNT
SmartLauncher	Northstar Systems Corp.	28.10.2009		UNBEKANNT
softonic-de3 Toolbar	softonic-de3	23.03.2012		6.8.5.1 UNBEKANNT
TurboCAD Deluxe V.10	IMSI	04.01.2010	127MB	10.1.56.0    NOTWENDIG
TurboCAD Symbole	Ihr Firmenname	04.01.2010	166MB	10.0  NOTWENDIG
Uniblue RegistryBooster	Uniblue Systems Ltd	20.01.2011		5.0.0.14
Unterstützungsdateien für Microsoft SQL Server 2008-Setup 	Microsoft Corporation	21.02.2012	30,0MB	10.3.5500.0 UNBEKANNT
Welcome Center	Acer Incorporated	28.10.2009		1.00.3005 UNBEKANNT
Windows Home Server-Connector	Microsoft Corporation	27.01.2011	20,3MB	6.0.3436.0  UNBEKANNT
Windows Live Anmelde-Assistent	Microsoft Corporation	28.10.2009	1,93MB	5.000.818.5  UNBEKANNT
Windows Live Essentials	Microsoft Corporation	28.10.2009		14.0.8064.0206     UNBEKANNT
Windows Live Sync	Microsoft Corporation	28.10.2009	2,79MB	14.0.8064.206     UNBEKANNT
Windows Live-Uploadtool	Microsoft Corporation	28.10.2009	224KB	14.0.8014.1029   UNBEKANNT
         
LG Helge

Alt 13.06.2013, 12:31   #29
markusg
/// Malware-holic
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



allgemein, lade Programme nur vom hersteller, instaliere immer benutzerdefiniert, wähle toolbars eetc ab.
und informiere dich über Software, die du instalierst.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
eBay
Freeware.de
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
Nero
SearchAnonymizer
softonic
Uniblue : finger weg von solchem schrott wie Registry boster, bringt nichts und kann dem pc schaden
Windows Live : alle für dich unnötigen

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 13:43   #30
HeBer
 
GVU Trojaner auf Windows7 64bit - Standard

GVU Trojaner auf Windows7 64bit



Vielen Dank erstmal für die vielen guten Ratschläge. Ich habe alle Punkte nach ANleitung abgehakt und hier ist die logdatei:

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 13/06/2013 um 14:27:18 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : BE.ST - ACER_HB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\BE.ST\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\BE.ST\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\BE.ST\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\BE.ST\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\BE.ST\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\BE.ST\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\BE.ST\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\BE.ST\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\Conduit
Ordner Gelöscht : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\ConduitEngine
Ordner Gelöscht : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\wi2ccqdc.Server2Go\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\BE.ST\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\ndnt1uvh.default\prefs.js

Gelöscht : user_pref("CT2431245..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Gelöscht : user_pref("CT2431245.CurrentServerDate", "9-1-2011");
Gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2431245.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Sun Jan 09 2011 10:55:06 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 673);
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Sun Jan 09 2011 08:18:56 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Sun Jan 09 2011 08:18:58 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Sun Jan 09 2011 08:18:58 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Sun Jan 09 2011 08:18:58 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Sun Jan 09 2011 08:18:56 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Sun Jan 09 2011 08:18:56 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Sun Jan 09 2011 08:18:58 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Sun Jan 09 2011 08:18:58 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Sun Jan 09 2011 08:19:00 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Sun Jan 09 2011 08:18:59 GMT+0100");
Gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Gelöscht : user_pref("CT2431245.FirstServerDate", "8-1-2011");
Gelöscht : user_pref("CT2431245.FirstTime", true);
Gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2431245.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2431245.Initialize", true);
Gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2431245.InstallationId", "Unknown");
Gelöscht : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Gelöscht : user_pref("CT2431245.InstalledDate", "Sat Jan 08 2011 14:12:49 GMT+0100");
Gelöscht : user_pref("CT2431245.InvalidateCache", false);
Gelöscht : user_pref("CT2431245.IsGrouping", false);
Gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Sat Jan 08 2011 14:12:49 GMT+0100");
Gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2431245.LastLogin_3.2.5.2", "Sun Jan 09 2011 08:18:56 GMT+0100");
Gelöscht : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2431245.Locale", "de-de");
Gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Sat Jan 08 2011 14:12:50 GMT+0100");
Gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Gelöscht : user_pref("CT2431245.RadioMediaID", "20503672");
Gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Sat Jan 08 2011 14:12:49 GMT+0100");
Gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2431245.ServiceMapLastCheckTime", "Sat Jan 08 2011 14:12:47 GMT+0100");
Gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Sun Jan 09 2011 08:18:54 GMT+0100");
Gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1294251587");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 14:12:47 GMT+0100");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2431245.UserID", "UN41559849686012858");
Gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Gelöscht : user_pref("CT2431245.WeatherPollDate", "Sun Jan 09 2011 10:50:07 GMT+0100");
Gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2431245.testingCtid", "");
Gelöscht : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Sat Jan 08 2011 14:12:48 GMT+0100");
Gelöscht : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 14:12:49 GMT+0100");
Gelöscht : user_pref("CT2431245.usagesFlag", 1);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT2431245.xml", "\"07ba0[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jan 08 2011 18:28:50 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jan 08 2011 14:12:46 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "1959351c-5d58-4d6d-b3f4-8c80bcf4d5d3");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "01/08/2011 16");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Jan 08 2011 14:12:48 GMT+0100");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jan 08 2011 14:12:48 GMT+0100");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jan 09 2011 08:18:57 GMT+0100");
Gelöscht : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jan 09 2011 08:18:57 GMT+0100");
Gelöscht : user_pref("ConduitEngine.UserID", "UN69993681442227320");
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jan 08 2011 14:12:48 GMT+0100");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 1);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.dfltSrch", true);
Gelöscht : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Gelöscht : user_pref("extensions.facemoods.dnsErr", true);
Gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.first_time", false);
Gelöscht : user_pref("extensions.facemoods.hmpg", true);
Gelöscht : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Gelöscht : user_pref("extensions.facemoods.id", "_#2adc291800000000000000016c7013a6");
Gelöscht : user_pref("extensions.facemoods.instlDay", "_#15336");
Gelöscht : user_pref("extensions.facemoods.mntz", "");
Gelöscht : user_pref("extensions.facemoods.newTab", true);
Gelöscht : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gelöscht : user_pref("extensions.facemoods.searchProviderAdded", true);
Gelöscht : user_pref("extensions.facemoods.sid", "_#69a1abf2a9bc41e6b7f247e7dbca31ea");
Gelöscht : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Gelöscht : user_pref("extensions.facemoods.uninst", true);
Gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBG&o=15132&locale=d[...]

Datei : C:\Users\BE.ST\AppData\Roaming\Mozilla\Firefox\Profiles\wi2ccqdc.Server2Go\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\BE.ST\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [27961 octets] - [13/06/2013 14:26:00]
AdwCleaner[R2].txt - [28022 octets] - [13/06/2013 14:27:09]
AdwCleaner[S1].txt - [27583 octets] - [13/06/2013 14:27:18]

########## EOF - C:\AdwCleaner[S1].txt - [27644 octets] ##########
         
Auch ohne konkretes Problem sollte ich wohl auch meine anderen Rechner einmal säubern.
Ist die Reihenfolge ab Mawarebytes dafür gut geeignet?

Gruß Helge

Antwort

Themen zu GVU Trojaner auf Windows7 64bit
64bit, anhang, durchgeführt, gvu trojaner, log, otlpe, scan, scanner, start, troja, trojaner, trotz, virenscan, virenscanner, windows, windows7



Ähnliche Themen: GVU Trojaner auf Windows7 64bit


  1. Windows7 (64bit) : "Ads by TheTorntvs V11-1" Adware-Infektion
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (11)
  2. Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update
    Plagegeister aller Art und deren Bekämpfung - 21.02.2015 (21)
  3. Windows7 64Bit: mit malwarebyts schädliche Elemente gefunden, außerdem wurde eine "Telekom-Rechnung" mit Anhang geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (5)
  4. Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe
    Log-Analyse und Auswertung - 23.09.2014 (18)
  5. Windows7 64bit, Virus:JS/GFilter.ba, Firefox Startseite Problem
    Log-Analyse und Auswertung - 12.09.2014 (18)
  6. Windows7 64Bit: Computer startet nicht mehr, hängt sich bei "Windows wird gestartet" auf und startet neu.
    Log-Analyse und Auswertung - 17.08.2014 (3)
  7. Trojan.ADH.2 unter Windows7-64Bit Log-Analyse fehlgeschlagen wegen NortonAntiVirus
    Log-Analyse und Auswertung - 10.08.2014 (3)
  8. Windows7/64bit: extrem langsam
    Log-Analyse und Auswertung - 15.07.2014 (11)
  9. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 12.02.2014 (17)
  10. Windows7 64bit / Avira findet Trojaner TR/Mediyes.Gen6 und TR/Kryptik.avp.20
    Log-Analyse und Auswertung - 28.12.2013 (8)
  11. Windows7, Trojaner
    Log-Analyse und Auswertung - 14.12.2013 (9)
  12. Windows7 64bit - Seriöse Programme laden Spam herunter?
    Log-Analyse und Auswertung - 01.11.2013 (4)
  13. Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm
    Log-Analyse und Auswertung - 09.10.2013 (3)
  14. GVU-Trojaner Windows7
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (25)
  15. Gvu Trojaner windows7
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  16. GVU-Trojaner entfernen Windows7 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (7)
  17. GVU Trojaner mit Webcam - Windows7 Pro. 64bit
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (23)

Zum Thema GVU Trojaner auf Windows7 64bit - Sorry hatte ich überlesen. Hier also noch einmal der log scan für alle user Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 6/11/2013 9:41:32 PM - Run OTLPE by - GVU Trojaner auf Windows7 64bit...
Archiv
Du betrachtest: GVU Trojaner auf Windows7 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.