Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Email von Telekom-Abuse-Team | Log-File anbei (https://www.trojaner-board.de/130822-email-telekom-abuse-team-log-file-anbei.html)

ApricotX 09.02.2013 00:14
Email von Telekom-Abuse-Team | Log-File anbei
 
Hallo zusammen,
ich habe mich nun mal durch etliche Seiten gelesen und hoffe, dass ich nun alles korrekt mache.

Ich hatte eine Email von der Telekom bekommen mit folgenden Inhalt (gekürzt):

Code:
wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Hinweise erhalten, dass von Ihrem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind ("Hacking"). Das bedeutet konkret:
Unbekannte Personen nutzen möglicherweise Ihren Internet-Zugang missbräuchlich. Eventuell sind diesen auch bereits Passwörter, Kreditkarten-, Bank- und sonstige Daten bekannt!
.....
Zur Präzisierung, was passiert ist: An Ihrem Internetzugang wurde ein sogenannter "Open Resolver" festgestellt. Hierbei handelt es sich um einen auf einem Ihrer Geräte betriebenen Nameserver.
Die Echtheit der Mail vom Telekom-Abuse Team wurde mir telefonisch bestätigt.
Ich stehe auch aktuell im Kontakt zu denen per Email.

Ich hoffe jedoch, von hier auch Hilfe zu bekommen.
So, hier nun die nötigen Log-Files:

DeFogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:20 on 08/02/2013 (GG)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL (wobei bei mir nur die OTL.TXT generiert wird und keine Extra.txt):
Code:
OTL logfile created on: 08.02.2013 23:35:00 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,65% Memory free
7,99 Gb Paging File | 6,93 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 60,95 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 65,33 Gb Total Space | 21,14 Gb Free Space | 32,36% Space Free | Partition Type: NTFS
Drive E: | 400,33 Gb Total Space | 55,54 Gb Free Space | 13,87% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 104,95 Gb Free Space | 35,21% Space Free | Partition Type: NTFS
 
Computer Name: GG-PC | User Name: GG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (OKI OPHJ DCS Loader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHJLDCS.EXE (Oki Data Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OKI OPHJ DCS Loader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHJLDCS.EXE (Oki Data Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 15 16 22 5C 04 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.01.15 22:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.08 19:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.08 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GG\AppData\Roaming\mozilla\Extensions
[2013.01.08 19:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.8_1\
CHR - Extension: YouTube = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: SearchPreview = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.8_0\
CHR - Extension: LastPass = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\
CHR - Extension: TabJump - Intelligenter Tab-Navigator = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9_0\
CHR - Extension: Downloads = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: Bubble Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf\1.5_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: dict-cc = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.87_0\
CHR - Extension: Google Plus News, Blogs, Tips & Updates = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifkacmmanhigddiffpdffnfnmjdiho\3_0\
CHR - Extension: Robot Theme, inspired by Android\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\11.1_0\
CHR - Extension: Google Mail = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [StrokeIt] C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe ()
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{857752D2-D8AB-416B-80CC-BF532662B4BE}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.08 23:08:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2013.02.07 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Malwarebytes
[2013.02.07 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 12:41:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 12:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.06 11:40:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe
[2013.02.06 11:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2013.02.06 11:39:19 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
[2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Whiteboard
[2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Presenter
[2013.02.05 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013.02.05 09:09:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.04 20:33:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\HD_Speed_ENG
[2013.02.04 20:33:20 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\h2testw_1.4
[2013.02.04 15:08:48 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Tools&More
[2013.01.29 10:29:32 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013.01.29 10:29:32 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013.01.29 10:29:32 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013.01.29 10:29:30 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013.01.29 10:29:30 | 000,031,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMparport.sys
[2013.01.29 10:29:09 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013.01.29 10:29:08 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013.01.29 10:29:08 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013.01.29 10:29:04 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013.01.29 10:29:03 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013.01.29 10:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2013.01.29 10:09:04 | 000,000,000 | ---D | C] -- C:\Virtualisation
[2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\VMware
[2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\VMware
[2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013.01.29 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.28 13:36:18 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Nero
[2013.01.28 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Nero
[2013.01.28 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.01.28 12:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.01.28 12:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.01.28 12:19:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.25 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Programs
[2013.01.25 23:48:56 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Mp3tag
[2013.01.25 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.01.21 15:57:03 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Steuer-Sparbuch
[2013.01.21 15:39:16 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Buhl Data Service
[2013.01.21 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl Data Service
[2013.01.21 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl
[2013.01.21 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO
[2013.01.21 15:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.01.21 15:12:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Neuer Ordner
[2013.01.17 21:04:32 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\vlc
[2013.01.17 21:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.16 20:40:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Skype
[2013.01.16 20:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.16 20:40:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.16 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.15 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Splashtop
[2013.01.15 23:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.01.15 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.01.15 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853}
[2013.01.15 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2013.01.15 23:29:35 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.15 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.01.14 22:48:06 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\FreeFileSync
[2013.01.14 22:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2013.01.14 22:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2013.01.14 21:39:23 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\ElevatedDiagnostics
[2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician
[2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.13 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
[2013.01.13 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System
[2013.01.13 00:23:45 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
[2013.01.13 00:22:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
[2013.01.13 00:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
[2013.01.13 00:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
[2013.01.12 23:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.12 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.12 23:52:08 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2013.01.12 23:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.01.12 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Adobe
[2013.01.12 23:45:53 | 000,000,000 | R--D | C] -- C:\Users\GG\Documents
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.12 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\TeamViewer
[2013.01.12 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Okidata
[2013.01.12 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Okidata
[2013.01.12 17:37:05 | 000,158,208 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPDMN075.DLL
[2013.01.11 00:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.01.11 00:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.10 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 23:33:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.08 23:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.08 23:33:32 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.08 23:23:42 | 000,365,568 | ---- | M] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe
[2013.02.08 23:19:09 | 000,000,000 | ---- | M] () -- C:\Users\GG\defogger_reenable
[2013.02.08 23:15:18 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2013.02.08 23:08:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2013.02.08 23:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
[2013.02.08 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.08 22:41:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 21:54:50 | 001,506,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.08 21:54:50 | 000,656,612 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.08 21:54:50 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.08 21:54:50 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.08 21:54:50 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.08 11:06:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
[2013.02.07 12:41:21 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.06 11:40:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe
[2013.01.29 10:29:00 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 09:57:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013.01.25 21:23:31 | 000,001,059 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.23 19:21:42 | 000,000,026 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat
[2013.01.21 15:48:55 | 000,000,547 | ---- | M] () -- C:\Windows\wiso.ini
[2013.01.21 15:37:55 | 000,002,146 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.15 23:29:52 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\DirComp.lnk
[2013.01.15 23:20:23 | 000,415,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.14 22:47:55 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2013.01.14 16:14:13 | 000,001,763 | ---- | M] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk
[2013.01.12 23:06:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.11 00:51:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013.01.11 00:51:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.02.08 23:23:41 | 000,365,568 | ---- | C] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe
[2013.02.08 23:19:09 | 000,000,000 | ---- | C] () -- C:\Users\GG\defogger_reenable
[2013.02.08 23:15:17 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2013.02.07 12:41:21 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.29 09:57:44 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013.01.29 09:57:42 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.25 23:56:19 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
[2013.01.25 23:56:19 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
[2013.01.21 15:37:57 | 000,000,547 | ---- | C] () -- C:\Windows\wiso.ini
[2013.01.21 15:37:55 | 000,002,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.21 15:12:56 | 000,001,763 | ---- | C] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk
[2013.01.15 23:29:52 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\DirComp.lnk
[2013.01.15 22:52:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.01.15 22:42:09 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.01.14 22:47:55 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2013.01.14 22:41:44 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2013.01.13 14:58:22 | 000,002,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.01.13 14:58:22 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.01.12 23:06:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.12 17:44:39 | 000,000,026 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat
[2013.01.11 00:51:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013.01.11 00:51:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.01.10 21:47:52 | 000,001,059 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.08 18:33:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.21 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Buhl Data Service
[2013.02.08 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Dropbox
[2013.01.15 22:23:23 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\FreeFileSync
[2013.01.25 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Mp3tag
[2013.01.13 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Rainmeter
[2013.01.08 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TCB Networks
[2013.01.12 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 

< End of report >
Gmer.txt:
Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 23:51:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\GG\AppData\Local\Temp\pxddqpoc.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074c71401 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074c71419 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074c71431 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074c7144a 2 bytes [C7, 74]
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        0000000074c714dd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074c714f5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        0000000074c7150d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074c71525 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074c7153d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000074c71555 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074c7156d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074c71585 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          0000000074c7159d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074c715b5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074c715cd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074c716b2 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074c716bd 2 bytes [C7, 74]
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                                  0000000071d413b0 2 bytes [D4, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                                  0000000071d413c0 2 bytes [D4, 71]
.text  ...                                                                                                                                        * 20
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                                  0000000071d4153e 2 bytes [D4, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                                  0000000071d41553 2 bytes [D4, 71]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000074c71401 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000074c71419 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000074c71431 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            0000000074c7144a 2 bytes [C7, 74]
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                0000000074c714dd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        0000000074c714f5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                0000000074c7150d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000074c71525 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              0000000074c7153d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    0000000074c71555 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            0000000074c7156d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000074c71585 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  0000000074c7159d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              0000000074c715b5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            0000000074c715cd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        0000000074c716b2 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        0000000074c716bd 2 bytes [C7, 74]

---- EOF - GMER 2.0 ----

Mit Microsoft Security Essentials habe ich auch einen Scan durchlaufen lassen mit folgendem Ergebnis:

Code:
Exploit:JS/Blacole.HI
D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm)

Exploit:Java/Blacole.GL
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class

Exploit:Java/CVE-2012-1723
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class

Exploit:Java/Bacole.GM
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class

Exploit:Java/CVE-2012-1723.gen!A
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class

Hierzu muss ich sagen, dass alle Funde auf der D Festplatte liegen, welche ich nicht als Windows Partition verwende. Die Windows Partition ist C. Dort wurde auch nichts verdächtiges gefunden.
Zwar ist auf der D auch ein Betriebssystem vorhanden (auch Bootbar), jedoch verwende ich diese aktuell nicht.

Weiterhin handelt es sich beim Speicherort der gefundenen Exploits um Cache bzw. Temporarly-Internet-Files Verzeichnisse.

Malwarebytes hat nichts verdächtiges gefunden.

Ich bin jetzt nämlich etwas verwirrt. Ist nun was mit meinem PC? Hab ich was drauf? Ich meine, die T-Com schickt ja nicht aus Spaß solche Mails. Da muss ja dann konkret was vorgefallen sein. Sie gaben mir sogar ein Datum mit Uhrzeit wann das war. Zu der Zeit war ich nicht am Rechner (zumindest würde ich das mit 80%-iger Sicherheit sagen).

Rechner neu aufsetzen? Oder ist er nun clean? Schwierig schwierig.

Ich hoffe, ich habe alle Infos entsprechend den Vorgaben gemacht und nichts vergessen.
Ich bedanke mich schon mal recht herzlich für die Mühe und die Hilfe.

Viele Grüße

markusg 09.02.2013 00:16
i
1. sind das alle pcs im haushalt?
2. während du hier arbeitest, keine anderen schritte durchführen, nur das, was ich poste, danke für dein Verständniss.
3.
malwarebytes Logs mit Funden posten:
http://www.trojaner-board.de/125889-...en-posten.html
4. microsoft funde posten

ApricotX 10.02.2013 14:00
Hallo Markus,

Zitat:
Zitat von markusg (Beitrag 1008737)
i
1. sind das alle pcs im haushalt?
Es gibt noch ein notebook im Haus, der allerdings selten benutzt wird. Habe ich bereits auch schon geprüft ohne Funde.


2. während du hier arbeitest, keine anderen schritte durchführen, nur das, was ich poste, danke für dein Verständniss.
ok
3. malwarebytes Logs mit Funden posten:
http://www.trojaner-board.de/125889-...en-posten.html

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GG :: GG-PC [Administrator]

09.02.2013 00:04:43
mbam-log-2013-02-09 (00-04-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 537572
Laufzeit: 1 Stunde(n), 19 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
4. microsoft funde posten
Hier habe ich mal die Logfiles aus der Ereignisanzeige von Windows rauskopiert.
Fund 1:
Code:
Protokollname: System
Quelle:        Microsoft Antimalware
Datum:        06.02.2013 17:50:02
Ereignis-ID:  1116
Aufgabenkategorie:Keine
Ebene:        Warnung
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      GG-PC
Beschreibung:
Microsoft Antimalware has detected malware or other potentially unwanted software.
 For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.GL&threatid=2147663917
        Name: Exploit:Java/Blacole.GL
        ID: 2147663917
        Severity: Severe
        Category: Exploit
        Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class
        Detection Origin: Local machine
        Detection Type: Concrete
        Detection Source: User
        User: GG-PC\GG
        Process Name: Unknown
        Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
        Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft Antimalware" />
    <EventID Qualifiers="0">1116</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-06T16:50:02.000000000Z" />
    <EventRecordID>22421</EventRecordID>
    <Channel>System</Channel>
    <Computer>GG-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>%%860</Data>
    <Data>4.1.0522.0</Data>
    <Data>{D103C3B5-BA22-43C8-BF9B-A3FC50CEA63A}</Data>
    <Data>2013-02-06T16:49:19.657Z</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>2147663917</Data>
    <Data>Exploit:Java/Blacole.GL</Data>
    <Data>5</Data>
    <Data>Severe</Data>
    <Data>30</Data>
    <Data>Exploit</Data>
    <Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&amp;name=Exploit:Java/Blacole.GL&amp;threatid=2147663917</Data>
    <Data>1</Data>
    <Data>
    </Data>
    <Data>1</Data>
    <Data>1</Data>
    <Data>%%815</Data>
    <Data>Unknown</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d-&gt;joiua/joiub.class</Data>
    <Data>1</Data>
    <Data>%%845</Data>
    <Data>0</Data>
    <Data>%%812</Data>
    <Data>0</Data>
    <Data>%%822</Data>
    <Data>0</Data>
    <Data>9</Data>
    <Data>%%887</Data>
    <Data>
    </Data>
    <Data>0x00000000</Data>
    <Data>Der Vorgang wurde erfolgreich beendet. </Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>No additional actions required</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
    <Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
  </EventData>
</Event>
Fund 2:
Code:
Protokollname: System
Quelle:        Microsoft Antimalware
Datum:        06.02.2013 17:50:02
Ereignis-ID:  1116
Aufgabenkategorie:Keine
Ebene:        Warnung
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      GG-PC
Beschreibung:
Microsoft Antimalware has detected malware or other potentially unwanted software.
 For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2012-1723&threatid=2147659851
        Name: Exploit:Java/CVE-2012-1723
        ID: 2147659851
        Severity: Severe
        Category: Exploit
        Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class
        Detection Origin: Local machine
        Detection Type: Concrete
        Detection Source: User
        User: GG-PC\GG
        Process Name: Unknown
        Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
        Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft Antimalware" />
    <EventID Qualifiers="0">1116</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-06T16:50:02.000000000Z" />
    <EventRecordID>22420</EventRecordID>
    <Channel>System</Channel>
    <Computer>GG-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>%%860</Data>
    <Data>4.1.0522.0</Data>
    <Data>{4C459897-2F79-4322-A515-112BFA227E62}</Data>
    <Data>2013-02-06T16:49:19.657Z</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>2147659851</Data>
    <Data>Exploit:Java/CVE-2012-1723</Data>
    <Data>5</Data>
    <Data>Severe</Data>
    <Data>30</Data>
    <Data>Exploit</Data>
    <Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&amp;name=Exploit:Java/CVE-2012-1723&amp;threatid=2147659851</Data>
    <Data>1</Data>
    <Data>
    </Data>
    <Data>1</Data>
    <Data>1</Data>
    <Data>%%815</Data>
    <Data>Unknown</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d-&gt;joiua/joiua.class</Data>
    <Data>1</Data>
    <Data>%%845</Data>
    <Data>0</Data>
    <Data>%%812</Data>
    <Data>0</Data>
    <Data>%%822</Data>
    <Data>0</Data>
    <Data>9</Data>
    <Data>%%887</Data>
    <Data>
    </Data>
    <Data>0x00000000</Data>
    <Data>Der Vorgang wurde erfolgreich beendet. </Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>No additional actions required</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
    <Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
  </EventData>
</Event>
Fund 3:
Code:
Protokollname: System
Quelle:        Microsoft Antimalware
Datum:        06.02.2013 17:50:02
Ereignis-ID:  1116
Aufgabenkategorie:Keine
Ebene:        Warnung
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      GG-PC
Beschreibung:
Microsoft Antimalware has detected malware or other potentially unwanted software.
 For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2012-1723.gen!A&threatid=2147679014
        Name: Exploit:Java/CVE-2012-1723.gen!A
        ID: 2147679014
        Severity: Severe
        Category: Exploit
        Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class
        Detection Origin: Local machine
        Detection Type: Generic
        Detection Source: User
        User: GG-PC\GG
        Process Name: Unknown
        Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
        Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft Antimalware" />
    <EventID Qualifiers="0">1116</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-06T16:50:02.000000000Z" />
    <EventRecordID>22418</EventRecordID>
    <Channel>System</Channel>
    <Computer>GG-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>%%860</Data>
    <Data>4.1.0522.0</Data>
    <Data>{44FA6FFE-6BFB-4F46-8B68-E8839F313D58}</Data>
    <Data>2013-02-06T16:49:19.657Z</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>2147679014</Data>
    <Data>Exploit:Java/CVE-2012-1723.gen!A</Data>
    <Data>5</Data>
    <Data>Severe</Data>
    <Data>30</Data>
    <Data>Exploit</Data>
    <Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&amp;name=Exploit:Java/CVE-2012-1723.gen!A&amp;threatid=2147679014</Data>
    <Data>1</Data>
    <Data>
    </Data>
    <Data>1</Data>
    <Data>1</Data>
    <Data>%%815</Data>
    <Data>Unknown</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d-&gt;joiua/joiuc.class</Data>
    <Data>1</Data>
    <Data>%%845</Data>
    <Data>0</Data>
    <Data>%%812</Data>
    <Data>2</Data>
    <Data>%%823</Data>
    <Data>0</Data>
    <Data>9</Data>
    <Data>%%887</Data>
    <Data>
    </Data>
    <Data>0x00000000</Data>
    <Data>Der Vorgang wurde erfolgreich beendet. </Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>No additional actions required</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
    <Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
  </EventData>
</Event>
Fund 4:
Code:
Protokollname: System
Quelle:        Microsoft Antimalware
Datum:        06.02.2013 18:30:21
Ereignis-ID:  1117
Aufgabenkategorie:Keine
Ebene:        Informationen
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      GG-PC
Beschreibung:
Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software.
 For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:JS/Blacole.HI&threatid=2147658482
        Name: Exploit:JS/Blacole.HI
        ID: 2147658482
        Severity: Severe
        Category: Exploit
        Path: file:_D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm
        Detection Origin: Local machine
        Detection Type: Concrete
        Detection Source: User
        User: GG-PC\GG
        Process Name: Unknown
        Action: Remove
        Action Status:  No additional actions required
        Error Code: 0x00000000
        Error description: Der Vorgang wurde erfolgreich beendet.
        Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
        Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft Antimalware" />
    <EventID Qualifiers="0">1117</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-06T17:30:21.000000000Z" />
    <EventRecordID>22432</EventRecordID>
    <Channel>System</Channel>
    <Computer>GG-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>%%860</Data>
    <Data>4.1.0522.0</Data>
    <Data>{1A08FFB1-F54D-4084-83F6-316A1C10783B}</Data>
    <Data>2013-02-06T16:49:19.657Z</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>2147658482</Data>
    <Data>Exploit:JS/Blacole.HI</Data>
    <Data>5</Data>
    <Data>Severe</Data>
    <Data>30</Data>
    <Data>Exploit</Data>
    <Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&amp;name=Exploit:JS/Blacole.HI&amp;threatid=2147658482</Data>
    <Data>4</Data>
    <Data>
    </Data>
    <Data>2</Data>
    <Data>1</Data>
    <Data>%%815</Data>
    <Data>Unknown</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>file:_D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm</Data>
    <Data>1</Data>
    <Data>%%845</Data>
    <Data>0</Data>
    <Data>%%812</Data>
    <Data>0</Data>
    <Data>%%822</Data>
    <Data>0</Data>
    <Data>3</Data>
    <Data>%%808</Data>
    <Data>
    </Data>
    <Data>0x00000000</Data>
    <Data>Der Vorgang wurde erfolgreich beendet. </Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>No additional actions required</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
    <Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
  </EventData>
</Event>
Fund 5:
Code:
Protokollname: System
Quelle:        Microsoft Antimalware
Datum:        06.02.2013 18:30:21
Ereignis-ID:  1117
Aufgabenkategorie:Keine
Ebene:        Informationen
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      GG-PC
Beschreibung:
Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software.
 For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.GM&threatid=2147663918
        Name: Exploit:Java/Blacole.GM
        ID: 2147663918
        Severity: Severe
        Category: Exploit
        Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class
        Detection Origin: Local machine
        Detection Type: Concrete
        Detection Source: User
        User: GG-PC\GG
        Process Name: Unknown
        Action: Remove
        Action Status:  No additional actions required
        Error Code: 0x00000000
        Error description: Der Vorgang wurde erfolgreich beendet.
        Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
        Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft Antimalware" />
    <EventID Qualifiers="0">1117</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-06T17:30:21.000000000Z" />
    <EventRecordID>22429</EventRecordID>
    <Channel>System</Channel>
    <Computer>GG-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>%%860</Data>
    <Data>4.1.0522.0</Data>
    <Data>{A779CFBF-D6C6-4DBF-8D9E-B04D0053179B}</Data>
    <Data>2013-02-06T16:49:19.657Z</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>2147663918</Data>
    <Data>Exploit:Java/Blacole.GM</Data>
    <Data>5</Data>
    <Data>Severe</Data>
    <Data>30</Data>
    <Data>Exploit</Data>
    <Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&amp;name=Exploit:Java/Blacole.GM&amp;threatid=2147663918</Data>
    <Data>4</Data>
    <Data>
    </Data>
    <Data>2</Data>
    <Data>1</Data>
    <Data>%%815</Data>
    <Data>Unknown</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d-&gt;joiua/joiud.class</Data>
    <Data>1</Data>
    <Data>%%845</Data>
    <Data>0</Data>
    <Data>%%812</Data>
    <Data>0</Data>
    <Data>%%822</Data>
    <Data>0</Data>
    <Data>3</Data>
    <Data>%%808</Data>
    <Data>
    </Data>
    <Data>0x00000000</Data>
    <Data>Der Vorgang wurde erfolgreich beendet. </Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>No additional actions required</Data>
    <Data>GG-PC\GG</Data>
    <Data>
    </Data>
    <Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
    <Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
  </EventData>
</Event>
So, ich hoffe, ich habe nun die nötigen Infos geben können.
Danke nochmal für Deine Mühe.

Gruß

markusg 11.02.2013 13:07
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

ApricotX 11.02.2013 15:51
Erledigt.
TDSSKiller Log-File:
Code:
15:35:03.0897 2376  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:35:04.0847 2376  ============================================================
15:35:04.0847 2376  Current date / time: 2013/02/11 15:35:04.0847
15:35:04.0847 2376  SystemInfo:
15:35:04.0847 2376 
15:35:04.0847 2376  OS Version: 6.1.7601 ServicePack: 1.0
15:35:04.0847 2376  Product type: Workstation
15:35:04.0847 2376  ComputerName: GG-PC
15:35:04.0847 2376  UserName: GG
15:35:04.0847 2376  Windows directory: C:\Windows
15:35:04.0847 2376  System windows directory: C:\Windows
15:35:04.0847 2376  Running under WOW64
15:35:04.0847 2376  Processor architecture: Intel x64
15:35:04.0847 2376  Number of processors: 3
15:35:04.0847 2376  Page size: 0x1000
15:35:04.0847 2376  Boot type: Normal boot
15:35:04.0847 2376  ============================================================
15:35:05.0357 2376  Drive \Device\Harddisk2\DR2 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3C915, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:35:05.0367 2376  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:35:05.0382 2376  Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97692, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:35:05.0387 2376  ============================================================
15:35:05.0387 2376  \Device\Harddisk2\DR2:
15:35:05.0387 2376  MBR partitions:
15:35:05.0387 2376  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:05.0387 2376  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
15:35:05.0387 2376  \Device\Harddisk0\DR0:
15:35:05.0387 2376  MBR partitions:
15:35:05.0387 2376  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:05.0387 2376  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x82AA000
15:35:05.0387 2376  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x82DC800, BlocksNum 0x320A7800
15:35:05.0387 2376  \Device\Harddisk1\DR1:
15:35:05.0387 2376  MBR partitions:
15:35:05.0387 2376  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
15:35:05.0387 2376  ============================================================
15:35:05.0392 2376  C: <-> \Device\Harddisk2\DR2\Partition2
15:35:05.0417 2376  D: <-> \Device\Harddisk0\DR0\Partition2
15:35:05.0452 2376  E: <-> \Device\Harddisk0\DR0\Partition3
15:35:05.0472 2376  F: <-> \Device\Harddisk1\DR1\Partition1
15:35:05.0472 2376  ============================================================
15:35:05.0472 2376  Initialize success
15:35:05.0472 2376  ============================================================
15:35:35.0372 4556  ============================================================
15:35:35.0372 4556  Scan started
15:35:35.0372 4556  Mode: Manual; SigCheck; TDLFS;
15:35:35.0372 4556  ============================================================
15:35:35.0512 4556  ================ Scan system memory ========================
15:35:35.0512 4556  System memory - ok
15:35:35.0517 4556  ================ Scan services =============================
15:35:35.0552 4556  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:35:35.0587 4556  1394ohci - ok
15:35:35.0597 4556  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:35:35.0612 4556  ACPI - ok
15:35:35.0617 4556  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:35:35.0637 4556  AcpiPmi - ok
15:35:35.0642 4556  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:35:35.0652 4556  AdobeARMservice - ok
15:35:35.0672 4556  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:35:35.0682 4556  AdobeFlashPlayerUpdateSvc - ok
15:35:35.0692 4556  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
15:35:35.0712 4556  adp94xx - ok
15:35:35.0717 4556  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
15:35:35.0732 4556  adpahci - ok
15:35:35.0737 4556  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
15:35:35.0752 4556  adpu320 - ok
15:35:35.0757 4556  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:35:35.0787 4556  AeLookupSvc - ok
15:35:35.0797 4556  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
15:35:35.0812 4556  AFD - ok
15:35:35.0817 4556  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:35:35.0827 4556  agp440 - ok
15:35:35.0832 4556  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
15:35:35.0842 4556  ALG - ok
15:35:35.0847 4556  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:35:35.0857 4556  aliide - ok
15:35:35.0862 4556  [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:35:35.0882 4556  AMD External Events Utility - ok
15:35:35.0887 4556  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:35:35.0892 4556  amdide - ok
15:35:35.0897 4556  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
15:35:35.0912 4556  AmdK8 - ok
15:35:35.0917 4556  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:35:35.0927 4556  AmdPPM - ok
15:35:35.0932 4556  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:35:35.0942 4556  amdsata - ok
15:35:35.0947 4556  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:35:35.0962 4556  amdsbs - ok
15:35:35.0967 4556  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:35:35.0972 4556  amdxata - ok
15:35:35.0977 4556  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
15:35:36.0007 4556  AppID - ok
15:35:36.0012 4556  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:35:36.0037 4556  AppIDSvc - ok
15:35:36.0042 4556  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
15:35:36.0072 4556  Appinfo - ok
15:35:36.0077 4556  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
15:35:36.0087 4556  AppMgmt - ok
15:35:36.0092 4556  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
15:35:36.0102 4556  arc - ok
15:35:36.0107 4556  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:35:36.0117 4556  arcsas - ok
15:35:36.0122 4556  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:36.0152 4556  AsyncMac - ok
15:35:36.0152 4556  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
15:35:36.0162 4556  atapi - ok
15:35:36.0222 4556  [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:35:36.0312 4556  atikmdag - ok
15:35:36.0327 4556  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:35:36.0362 4556  AudioEndpointBuilder - ok
15:35:36.0372 4556  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:35:36.0402 4556  AudioSrv - ok
15:35:36.0407 4556  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:35:36.0422 4556  AxInstSV - ok
15:35:36.0432 4556  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
15:35:36.0447 4556  b06bdrv - ok
15:35:36.0457 4556  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:35:36.0467 4556  b57nd60a - ok
15:35:36.0477 4556  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:35:36.0487 4556  BDESVC - ok
15:35:36.0487 4556  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:35:36.0517 4556  Beep - ok
15:35:36.0532 4556  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
15:35:36.0567 4556  BFE - ok
15:35:36.0582 4556  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:35:36.0622 4556  BITS - ok
15:35:36.0627 4556  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:35:36.0637 4556  blbdrive - ok
15:35:36.0642 4556  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:35:36.0652 4556  bowser - ok
15:35:36.0652 4556  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:35:36.0672 4556  BrFiltLo - ok
15:35:36.0677 4556  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:35:36.0687 4556  BrFiltUp - ok
15:35:36.0692 4556  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
15:35:36.0702 4556  Browser - ok
15:35:36.0712 4556  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:35:36.0727 4556  Brserid - ok
15:35:36.0732 4556  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:35:36.0742 4556  BrSerWdm - ok
15:35:36.0747 4556  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:35:36.0757 4556  BrUsbMdm - ok
15:35:36.0762 4556  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:35:36.0772 4556  BrUsbSer - ok
15:35:36.0777 4556  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:35:36.0787 4556  BTHMODEM - ok
15:35:36.0792 4556  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
15:35:36.0822 4556  bthserv - ok
15:35:36.0827 4556  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:35:36.0857 4556  cdfs - ok
15:35:36.0862 4556  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
15:35:36.0872 4556  cdrom - ok
15:35:36.0877 4556  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
15:35:36.0907 4556  CertPropSvc - ok
15:35:36.0912 4556  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:35:36.0922 4556  circlass - ok
15:35:36.0932 4556  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:35:36.0947 4556  CLFS - ok
15:35:36.0957 4556  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:36.0967 4556  clr_optimization_v2.0.50727_32 - ok
15:35:36.0972 4556  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:35:36.0982 4556  clr_optimization_v2.0.50727_64 - ok
15:35:36.0992 4556  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:35:37.0002 4556  clr_optimization_v4.0.30319_32 - ok
15:35:37.0007 4556  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:35:37.0017 4556  clr_optimization_v4.0.30319_64 - ok
15:35:37.0022 4556  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:35:37.0032 4556  CmBatt - ok
15:35:37.0037 4556  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:35:37.0042 4556  cmdide - ok
15:35:37.0052 4556  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG            C:\Windows\system32\Drivers\cng.sys
15:35:37.0077 4556  CNG - ok
15:35:37.0077 4556  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:35:37.0087 4556  Compbatt - ok
15:35:37.0092 4556  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:35:37.0107 4556  CompositeBus - ok
15:35:37.0107 4556  COMSysApp - ok
15:35:37.0112 4556  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
15:35:37.0122 4556  crcdisk - ok
15:35:37.0137 4556  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:35:37.0147 4556  CryptSvc - ok
15:35:37.0157 4556  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\Windows\system32\drivers\csc.sys
15:35:37.0172 4556  CSC - ok
15:35:37.0182 4556  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:35:37.0202 4556  CscService - ok
15:35:37.0207 4556  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
15:35:37.0217 4556  dc3d - ok
15:35:37.0227 4556  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:35:37.0262 4556  DcomLaunch - ok
15:35:37.0267 4556  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
15:35:37.0302 4556  defragsvc - ok
15:35:37.0307 4556  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:35:37.0337 4556  DfsC - ok
15:35:37.0342 4556  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:35:37.0357 4556  Dhcp - ok
15:35:37.0362 4556  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:35:37.0387 4556  discache - ok
15:35:37.0392 4556  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:35:37.0402 4556  Disk - ok
15:35:37.0407 4556  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:35:37.0422 4556  Dnscache - ok
15:35:37.0427 4556  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:35:37.0457 4556  dot3svc - ok
15:35:37.0462 4556  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
15:35:37.0492 4556  DPS - ok
15:35:37.0497 4556  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:35:37.0507 4556  drmkaud - ok
15:35:37.0522 4556  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:35:37.0547 4556  DXGKrnl - ok
15:35:37.0552 4556  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
15:35:37.0582 4556  EapHost - ok
15:35:37.0617 4556  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
15:35:37.0672 4556  ebdrv - ok
15:35:37.0677 4556  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
15:35:37.0687 4556  EFS - ok
15:35:37.0702 4556  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:35:37.0717 4556  ehRecvr - ok
15:35:37.0722 4556  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
15:35:37.0732 4556  ehSched - ok
15:35:37.0752 4556  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
15:35:37.0767 4556  elxstor - ok
15:35:37.0772 4556  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:35:37.0782 4556  ErrDev - ok
15:35:37.0792 4556  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
15:35:37.0827 4556  EventSystem - ok
15:35:37.0832 4556  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
15:35:37.0862 4556  exfat - ok
15:35:37.0867 4556  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:35:37.0897 4556  fastfat - ok
15:35:37.0912 4556  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
15:35:37.0927 4556  Fax - ok
15:35:37.0932 4556  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:35:37.0942 4556  fdc - ok
15:35:37.0957 4556  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
15:35:37.0982 4556  fdPHost - ok
15:35:37.0987 4556  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:35:38.0017 4556  FDResPub - ok
15:35:38.0022 4556  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:35:38.0032 4556  FileInfo - ok
15:35:38.0037 4556  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:35:38.0062 4556  Filetrace - ok
15:35:38.0067 4556  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:35:38.0077 4556  flpydisk - ok
15:35:38.0082 4556  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:35:38.0097 4556  FltMgr - ok
15:35:38.0112 4556  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
15:35:38.0137 4556  FontCache - ok
15:35:38.0152 4556  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:35:38.0157 4556  FontCache3.0.0.0 - ok
15:35:38.0162 4556  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:35:38.0172 4556  FsDepends - ok
15:35:38.0177 4556  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:35:38.0187 4556  Fs_Rec - ok
15:35:38.0192 4556  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:35:38.0207 4556  fvevol - ok
15:35:38.0212 4556  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:35:38.0222 4556  gagp30kx - ok
15:35:38.0232 4556  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
15:35:38.0272 4556  gpsvc - ok
15:35:38.0277 4556  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:35:38.0287 4556  gupdate - ok
15:35:38.0287 4556  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:35:38.0297 4556  gupdatem - ok
15:35:38.0302 4556  [ 3CC07DAD48FA53193AE2F85DD8200B5E ] hcmon          C:\Windows\system32\drivers\hcmon.sys
15:35:38.0312 4556  hcmon - ok
15:35:38.0317 4556  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:35:38.0327 4556  hcw85cir - ok
15:35:38.0337 4556  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:35:38.0357 4556  HdAudAddService - ok
15:35:38.0362 4556  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:35:38.0372 4556  HDAudBus - ok
15:35:38.0377 4556  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
15:35:38.0387 4556  HidBatt - ok
15:35:38.0392 4556  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:35:38.0407 4556  HidBth - ok
15:35:38.0407 4556  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:35:38.0422 4556  HidIr - ok
15:35:38.0427 4556  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
15:35:38.0452 4556  hidserv - ok
15:35:38.0457 4556  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:35:38.0467 4556  HidUsb - ok
15:35:38.0472 4556  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:35:38.0502 4556  hkmsvc - ok
15:35:38.0507 4556  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:35:38.0517 4556  HomeGroupListener - ok
15:35:38.0527 4556  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:35:38.0537 4556  HomeGroupProvider - ok
15:35:38.0542 4556  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:35:38.0552 4556  HpSAMD - ok
15:35:38.0562 4556  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:35:38.0602 4556  HTTP - ok
15:35:38.0607 4556  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:35:38.0617 4556  hwpolicy - ok
15:35:38.0622 4556  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:35:38.0632 4556  i8042prt - ok
15:35:38.0637 4556  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:35:38.0657 4556  iaStorV - ok
15:35:38.0667 4556  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:35:38.0692 4556  idsvc - ok
15:35:38.0697 4556  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
15:35:38.0707 4556  iirsp - ok
15:35:38.0717 4556  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:35:38.0762 4556  IKEEXT - ok
15:35:38.0767 4556  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:35:38.0777 4556  intelide - ok
15:35:38.0782 4556  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:35:38.0792 4556  intelppm - ok
15:35:38.0797 4556  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:35:38.0822 4556  IPBusEnum - ok
15:35:38.0827 4556  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:38.0857 4556  IpFilterDriver - ok
15:35:38.0867 4556  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:35:38.0887 4556  iphlpsvc - ok
15:35:38.0892 4556  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
15:35:38.0902 4556  IPMIDRV - ok
15:35:38.0907 4556  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:35:38.0937 4556  IPNAT - ok
15:35:38.0937 4556  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:35:38.0952 4556  IRENUM - ok
15:35:38.0962 4556  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:35:38.0972 4556  isapnp - ok
15:35:38.0982 4556  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:35:38.0992 4556  iScsiPrt - ok
15:35:38.0997 4556  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:35:39.0007 4556  kbdclass - ok
15:35:39.0012 4556  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:35:39.0022 4556  kbdhid - ok
15:35:39.0027 4556  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:35:39.0037 4556  KeyIso - ok
15:35:39.0042 4556  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:35:39.0052 4556  KSecDD - ok
15:35:39.0057 4556  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:35:39.0067 4556  KSecPkg - ok
15:35:39.0072 4556  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:35:39.0102 4556  ksthunk - ok
15:35:39.0112 4556  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:35:39.0142 4556  KtmRm - ok
15:35:39.0152 4556  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:35:39.0182 4556  LanmanServer - ok
15:35:39.0187 4556  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:35:39.0217 4556  LanmanWorkstation - ok
15:35:39.0222 4556  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:35:39.0252 4556  lltdio - ok
15:35:39.0257 4556  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:35:39.0292 4556  lltdsvc - ok
15:35:39.0292 4556  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:35:39.0322 4556  lmhosts - ok
15:35:39.0327 4556  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:35:39.0337 4556  LSI_FC - ok
15:35:39.0342 4556  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
15:35:39.0352 4556  LSI_SAS - ok
15:35:39.0367 4556  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:35:39.0377 4556  LSI_SAS2 - ok
15:35:39.0382 4556  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:35:39.0392 4556  LSI_SCSI - ok
15:35:39.0397 4556  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
15:35:39.0427 4556  luafv - ok
15:35:39.0432 4556  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:35:39.0442 4556  Mcx2Svc - ok
15:35:39.0447 4556  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
15:35:39.0452 4556  megasas - ok
15:35:39.0462 4556  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:35:39.0477 4556  MegaSR - ok
15:35:39.0482 4556  Microsoft SharePoint Workspace Audit Service - ok
15:35:39.0487 4556  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
15:35:39.0517 4556  MMCSS - ok
15:35:39.0522 4556  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
15:35:39.0552 4556  Modem - ok
15:35:39.0552 4556  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:35:39.0567 4556  monitor - ok
15:35:39.0572 4556  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:35:39.0582 4556  mouclass - ok
15:35:39.0587 4556  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:35:39.0607 4556  mouhid - ok
15:35:39.0612 4556  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:35:39.0622 4556  mountmgr - ok
15:35:39.0627 4556  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:35:39.0637 4556  MozillaMaintenance - ok
15:35:39.0642 4556  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:35:39.0657 4556  MpFilter - ok
15:35:39.0667 4556  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:35:39.0677 4556  mpio - ok
15:35:39.0682 4556  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:35:39.0712 4556  mpsdrv - ok
15:35:39.0722 4556  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:35:39.0762 4556  MpsSvc - ok
15:35:39.0772 4556  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:35:39.0787 4556  MRxDAV - ok
15:35:39.0792 4556  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:39.0802 4556  mrxsmb - ok
15:35:39.0812 4556  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:39.0822 4556  mrxsmb10 - ok
15:35:39.0827 4556  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:39.0842 4556  mrxsmb20 - ok
15:35:39.0847 4556  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:35:39.0852 4556  msahci - ok
15:35:39.0857 4556  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:35:39.0867 4556  MSCamSvc - ok
15:35:39.0872 4556  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:35:39.0887 4556  msdsm - ok
15:35:39.0892 4556  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
15:35:39.0902 4556  MSDTC - ok
15:35:39.0912 4556  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:35:39.0937 4556  Msfs - ok
15:35:39.0942 4556  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:35:39.0972 4556  mshidkmdf - ok
15:35:39.0977 4556  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:35:39.0987 4556  msisadrv - ok
15:35:39.0992 4556  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:35:40.0022 4556  MSiSCSI - ok
15:35:40.0027 4556  msiserver - ok
15:35:40.0032 4556  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:35:40.0057 4556  MSKSSRV - ok
15:35:40.0062 4556  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:35:40.0072 4556  MsMpSvc - ok
15:35:40.0077 4556  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:40.0107 4556  MSPCLOCK - ok
15:35:40.0112 4556  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:35:40.0137 4556  MSPQM - ok
15:35:40.0147 4556  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:35:40.0162 4556  MsRPC - ok
15:35:40.0172 4556  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:35:40.0182 4556  mssmbios - ok
15:35:40.0187 4556  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:35:40.0217 4556  MSTEE - ok
15:35:40.0217 4556  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:35:40.0227 4556  MTConfig - ok
15:35:40.0232 4556  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:35:40.0242 4556  Mup - ok
15:35:40.0252 4556  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:35:40.0287 4556  napagent - ok
15:35:40.0292 4556  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:35:40.0312 4556  NativeWifiP - ok
15:35:40.0322 4556  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
15:35:40.0342 4556  NAUpdate - ok
15:35:40.0357 4556  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:35:40.0382 4556  NDIS - ok
15:35:40.0387 4556  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:35:40.0417 4556  NdisCap - ok
15:35:40.0417 4556  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:40.0447 4556  NdisTapi - ok
15:35:40.0452 4556  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:40.0477 4556  Ndisuio - ok
15:35:40.0487 4556  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:40.0512 4556  NdisWan - ok
15:35:40.0517 4556  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:35:40.0542 4556  NDProxy - ok
15:35:40.0547 4556  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:35:40.0577 4556  NetBIOS - ok
15:35:40.0587 4556  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:35:40.0617 4556  NetBT - ok
15:35:40.0622 4556  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:35:40.0632 4556  Netlogon - ok
15:35:40.0637 4556  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:35:40.0672 4556  Netman - ok
15:35:40.0677 4556  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:35:40.0712 4556  netprofm - ok
15:35:40.0717 4556  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:40.0727 4556  NetTcpPortSharing - ok
15:35:40.0732 4556  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
15:35:40.0742 4556  nfrd960 - ok
15:35:40.0747 4556  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:35:40.0757 4556  NisDrv - ok
15:35:40.0767 4556  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
15:35:40.0787 4556  NisSrv - ok
15:35:40.0792 4556  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:35:40.0807 4556  NlaSvc - ok
15:35:40.0812 4556  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:35:40.0842 4556  Npfs - ok
15:35:40.0847 4556  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
15:35:40.0877 4556  nsi - ok
15:35:40.0882 4556  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:35:40.0907 4556  nsiproxy - ok
15:35:40.0932 4556  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:35:40.0967 4556  Ntfs - ok
15:35:40.0972 4556  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:35:41.0002 4556  Null - ok
15:35:41.0007 4556  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:35:41.0017 4556  nvraid - ok
15:35:41.0022 4556  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:35:41.0037 4556  nvstor - ok
15:35:41.0042 4556  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:35:41.0052 4556  nv_agp - ok
15:35:41.0057 4556  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:35:41.0067 4556  ohci1394 - ok
15:35:41.0072 4556  [ 4965B005492CBA7719E82B71E3245495 ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:41.0082 4556  ose64 - ok
15:35:41.0132 4556  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:35:41.0227 4556  osppsvc - ok
15:35:41.0237 4556  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:35:41.0252 4556  p2pimsvc - ok
15:35:41.0262 4556  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:35:41.0277 4556  p2psvc - ok
15:35:41.0282 4556  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
15:35:41.0292 4556  Parport - ok
15:35:41.0292 4556  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:35:41.0302 4556  partmgr - ok
15:35:41.0312 4556  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:35:41.0327 4556  PcaSvc - ok
15:35:41.0332 4556  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
15:35:41.0342 4556  pci - ok
15:35:41.0347 4556  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:35:41.0357 4556  pciide - ok
15:35:41.0362 4556  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:41.0377 4556  pcmcia - ok
15:35:41.0377 4556  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
15:35:41.0392 4556  pcw - ok
15:35:41.0402 4556  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:35:41.0442 4556  PEAUTH - ok
15:35:41.0457 4556  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
15:35:41.0487 4556  PeerDistSvc - ok
15:35:41.0507 4556  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:35:41.0517 4556  PerfHost - ok
15:35:41.0537 4556  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
15:35:41.0582 4556  pla - ok
15:35:41.0602 4556  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:35:41.0617 4556  PlugPlay - ok
15:35:41.0622 4556  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:35:41.0632 4556  PNRPAutoReg - ok
15:35:41.0637 4556  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:35:41.0647 4556  PNRPsvc - ok
15:35:41.0652 4556  [ 6F5DDC52A9103CC8E1ED5892C1D15613 ] Point64        C:\Windows\system32\DRIVERS\point64.sys
15:35:41.0662 4556  Point64 - ok
15:35:41.0672 4556  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:35:41.0707 4556  PolicyAgent - ok
15:35:41.0712 4556  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
15:35:41.0742 4556  Power - ok
15:35:41.0747 4556  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:35:41.0777 4556  PptpMiniport - ok
15:35:41.0782 4556  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:35:41.0797 4556  Processor - ok
15:35:41.0802 4556  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
15:35:41.0817 4556  ProfSvc - ok
15:35:41.0822 4556  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:35:41.0827 4556  ProtectedStorage - ok
15:35:41.0832 4556  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:35:41.0862 4556  Psched - ok
15:35:41.0882 4556  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:35:41.0917 4556  ql2300 - ok
15:35:41.0922 4556  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:35:41.0932 4556  ql40xx - ok
15:35:41.0937 4556  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
15:35:41.0957 4556  QWAVE - ok
15:35:41.0962 4556  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:35:41.0972 4556  QWAVEdrv - ok
15:35:41.0977 4556  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:35:42.0007 4556  RasAcd - ok
15:35:42.0012 4556  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:35:42.0042 4556  RasAgileVpn - ok
15:35:42.0047 4556  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
15:35:42.0077 4556  RasAuto - ok
15:35:42.0082 4556  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:42.0107 4556  Rasl2tp - ok
15:35:42.0117 4556  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:35:42.0152 4556  RasMan - ok
15:35:42.0157 4556  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:42.0182 4556  RasPppoe - ok
15:35:42.0187 4556  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:35:42.0222 4556  RasSstp - ok
15:35:42.0227 4556  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:35:42.0257 4556  rdbss - ok
15:35:42.0262 4556  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:35:42.0277 4556  rdpbus - ok
15:35:42.0282 4556  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:42.0307 4556  RDPCDD - ok
15:35:42.0317 4556  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
15:35:42.0327 4556  RDPDR - ok
15:35:42.0332 4556  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:35:42.0357 4556  RDPENCDD - ok
15:35:42.0362 4556  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:35:42.0392 4556  RDPREFMP - ok
15:35:42.0397 4556  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:35:42.0407 4556  RdpVideoMiniport - ok
15:35:42.0417 4556  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:35:42.0427 4556  RDPWD - ok
15:35:42.0432 4556  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:35:42.0447 4556  rdyboost - ok
15:35:42.0452 4556  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:35:42.0482 4556  RemoteAccess - ok
15:35:42.0487 4556  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:35:42.0517 4556  RemoteRegistry - ok
15:35:42.0522 4556  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:35:42.0552 4556  RpcEptMapper - ok
15:35:42.0552 4556  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:35:42.0562 4556  RpcLocator - ok
15:35:42.0572 4556  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
15:35:42.0607 4556  RpcSs - ok
15:35:42.0612 4556  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:35:42.0642 4556  rspndr - ok
15:35:42.0652 4556  [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64        C:\Windows\system32\DRIVERS\netr6164.sys
15:35:42.0667 4556  rt61x64 - ok
15:35:42.0672 4556  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
15:35:42.0692 4556  RTL8167 - ok
15:35:42.0697 4556  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
15:35:42.0707 4556  s3cap - ok
15:35:42.0712 4556  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
15:35:42.0717 4556  SamSs - ok
15:35:42.0722 4556  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:35:42.0732 4556  sbp2port - ok
15:35:42.0742 4556  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:35:42.0772 4556  SCardSvr - ok
15:35:42.0777 4556  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:35:42.0802 4556  scfilter - ok
15:35:42.0827 4556  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:35:42.0867 4556  Schedule - ok
15:35:42.0872 4556  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:35:42.0897 4556  SCPolicySvc - ok
15:35:42.0907 4556  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:35:42.0917 4556  SDRSVC - ok
15:35:42.0922 4556  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:35:42.0947 4556  secdrv - ok
15:35:42.0952 4556  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:35:42.0982 4556  seclogon - ok
15:35:42.0982 4556  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:35:43.0017 4556  SENS - ok
15:35:43.0022 4556  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:35:43.0032 4556  SensrSvc - ok
15:35:43.0032 4556  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
15:35:43.0042 4556  Serenum - ok
15:35:43.0052 4556  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:35:43.0062 4556  Serial - ok
15:35:43.0062 4556  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:35:43.0072 4556  sermouse - ok
15:35:43.0082 4556  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:35:43.0112 4556  SessionEnv - ok
15:35:43.0117 4556  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
15:35:43.0127 4556  sffdisk - ok
15:35:43.0132 4556  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:35:43.0137 4556  sffp_mmc - ok
15:35:43.0142 4556  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
15:35:43.0157 4556  sffp_sd - ok
15:35:43.0157 4556  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:43.0167 4556  sfloppy - ok
15:35:43.0177 4556  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:35:43.0207 4556  SharedAccess - ok
15:35:43.0227 4556  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:35:43.0257 4556  ShellHWDetection - ok
15:35:43.0262 4556  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:35:43.0272 4556  SiSRaid2 - ok
15:35:43.0277 4556  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:35:43.0287 4556  SiSRaid4 - ok
15:35:43.0292 4556  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
15:35:43.0302 4556  SkypeUpdate - ok
15:35:43.0307 4556  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:35:43.0337 4556  Smb - ok
15:35:43.0347 4556  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:35:43.0357 4556  SNMPTRAP - ok
15:35:43.0367 4556  [ 777B4A39A65854C39C581DD129F946B3 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
15:35:43.0382 4556  SplashtopRemoteService - ok
15:35:43.0387 4556  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:35:43.0397 4556  spldr - ok
15:35:43.0407 4556  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
15:35:43.0427 4556  Spooler - ok
15:35:43.0462 4556  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:35:43.0537 4556  sppsvc - ok
15:35:43.0542 4556  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:35:43.0572 4556  sppuinotify - ok
15:35:43.0582 4556  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:35:43.0597 4556  srv - ok
15:35:43.0607 4556  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:35:43.0622 4556  srv2 - ok
15:35:43.0632 4556  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:35:43.0642 4556  srvnet - ok
15:35:43.0647 4556  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:35:43.0677 4556  SSDPSRV - ok
15:35:43.0682 4556  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:35:43.0712 4556  SstpSvc - ok
15:35:43.0722 4556  [ F9AEDD871E1CD759B95728C9B935D203 ] SSUService      C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
15:35:43.0742 4556  SSUService - ok
15:35:43.0752 4556  [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
15:35:43.0767 4556  StarMoney 8.0 OnlineUpdate - ok
15:35:43.0772 4556  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:35:43.0782 4556  stexstor - ok
15:35:43.0792 4556  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:35:43.0817 4556  stisvc - ok
15:35:43.0827 4556  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
15:35:43.0837 4556  storflt - ok
15:35:43.0842 4556  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
15:35:43.0852 4556  storvsc - ok
15:35:43.0857 4556  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:35:43.0862 4556  swenum - ok
15:35:43.0872 4556  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
15:35:43.0907 4556  swprv - ok
15:35:43.0912 4556  Synth3dVsc - ok
15:35:43.0932 4556  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
15:35:43.0972 4556  SysMain - ok
15:35:43.0977 4556  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:35:43.0992 4556  TabletInputService - ok
15:35:43.0997 4556  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:35:44.0027 4556  TapiSrv - ok
15:35:44.0042 4556  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
15:35:44.0072 4556  TBS - ok
15:35:44.0097 4556  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:35:44.0137 4556  Tcpip - ok
15:35:44.0157 4556  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:35:44.0187 4556  TCPIP6 - ok
15:35:44.0197 4556  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:35:44.0207 4556  tcpipreg - ok
15:35:44.0212 4556  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:35:44.0222 4556  TDPIPE - ok
15:35:44.0232 4556  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:35:44.0242 4556  TDTCP - ok
15:35:44.0247 4556  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:35:44.0277 4556  tdx - ok
15:35:44.0322 4556  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:35:44.0372 4556  TeamViewer8 - ok
15:35:44.0382 4556  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:35:44.0392 4556  TermDD - ok
15:35:44.0402 4556  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
15:35:44.0442 4556  TermService - ok
15:35:44.0442 4556  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:35:44.0457 4556  Themes - ok
15:35:44.0462 4556  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
15:35:44.0492 4556  THREADORDER - ok
15:35:44.0497 4556  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:35:44.0527 4556  TrkWks - ok
15:35:44.0532 4556  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:35:44.0562 4556  TrustedInstaller - ok
15:35:44.0567 4556  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:44.0592 4556  tssecsrv - ok
15:35:44.0597 4556  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:35:44.0607 4556  TsUsbFlt - ok
15:35:44.0612 4556  tsusbhub - ok
15:35:44.0617 4556  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:35:44.0647 4556  tunnel - ok
15:35:44.0652 4556  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:35:44.0662 4556  uagp35 - ok
15:35:44.0672 4556  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:35:44.0702 4556  udfs - ok
15:35:44.0707 4556  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:35:44.0722 4556  UI0Detect - ok
15:35:44.0727 4556  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:35:44.0737 4556  uliagpkx - ok
15:35:44.0737 4556  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
15:35:44.0747 4556  umbus - ok
15:35:44.0752 4556  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:35:44.0762 4556  UmPass - ok
15:35:44.0767 4556  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:35:44.0782 4556  UmRdpService - ok
15:35:44.0787 4556  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:35:44.0822 4556  upnphost - ok
15:35:44.0827 4556  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:35:44.0842 4556  usbaudio - ok
15:35:44.0847 4556  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:44.0857 4556  usbccgp - ok
15:35:44.0862 4556  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:35:44.0877 4556  usbcir - ok
15:35:44.0882 4556  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
15:35:44.0887 4556  usbehci - ok
15:35:44.0897 4556  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:35:44.0912 4556  usbhub - ok
15:35:44.0917 4556  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
15:35:44.0922 4556  usbohci - ok
15:35:44.0927 4556  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:35:44.0947 4556  usbprint - ok
15:35:44.0952 4556  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:44.0972 4556  USBSTOR - ok
15:35:44.0977 4556  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
15:35:44.0987 4556  usbuhci - ok
15:35:44.0992 4556  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
15:35:45.0022 4556  UxSms - ok
15:35:45.0022 4556  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:35:45.0032 4556  VaultSvc - ok
15:35:45.0037 4556  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:35:45.0047 4556  vdrvroot - ok
15:35:45.0062 4556  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
15:35:45.0097 4556  vds - ok
15:35:45.0102 4556  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:45.0117 4556  vga - ok
15:35:45.0117 4556  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:35:45.0147 4556  VgaSave - ok
15:35:45.0152 4556  VGPU - ok
15:35:45.0157 4556  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
15:35:45.0167 4556  vhdmp - ok
15:35:45.0172 4556  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:35:45.0182 4556  viaide - ok
15:35:45.0187 4556  [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
15:35:45.0192 4556  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
15:35:45.0192 4556  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
15:35:45.0202 4556  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\Windows\system32\drivers\vmbus.sys
15:35:45.0212 4556  vmbus - ok
15:35:45.0217 4556  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:35:45.0227 4556  VMBusHID - ok
15:35:45.0232 4556  [ 6203C901DEFF10631AAD919B3BD1489B ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
15:35:45.0242 4556  vmci - ok
15:35:45.0247 4556  [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:35:45.0252 4556  VMnetAdapter - ok
15:35:45.0257 4556  [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge    C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:35:45.0267 4556  VMnetBridge - ok
15:35:45.0272 4556  VMnetDHCP - ok
15:35:45.0272 4556  [ 36EDBFE2C2405081620ADEF7B691ED89 ] VMnetuserif    C:\Windows\system32\drivers\vmnetuserif.sys
15:35:45.0282 4556  VMnetuserif - ok
15:35:45.0287 4556  [ 55D5AFEB5FE5F3B111317A421E5F3666 ] VMparport      C:\Windows\system32\drivers\VMparport.sys
15:35:45.0292 4556  VMparport - ok
15:35:45.0297 4556  [ 415B167695C4B5960A13098622EF3D80 ] vmusb          C:\Windows\system32\Drivers\vmusb.sys
15:35:45.0307 4556  vmusb - ok
15:35:45.0322 4556  [ B55A8DADA1D825B73C811101B06E012F ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:35:45.0342 4556  VMUSBArbService - ok
15:35:45.0347 4556  VMware NAT Service - ok
15:35:45.0487 4556  [ 5661E99CC628C53530B7A500930DF984 ] VMwareHostd    C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
15:35:45.0687 4556  VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
15:35:45.0687 4556  VMwareHostd - detected UnsignedFile.Multi.Generic (1)
15:35:45.0697 4556  [ 0E6ACC0257C6EFBB41E9FF4CD2A88B7F ] vmx86          C:\Windows\system32\drivers\vmx86.sys
15:35:45.0707 4556  vmx86 - ok
15:35:45.0712 4556  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:35:45.0722 4556  volmgr - ok
15:35:45.0732 4556  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:35:45.0747 4556  volmgrx - ok
15:35:45.0752 4556  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:35:45.0767 4556  volsnap - ok
15:35:45.0772 4556  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
15:35:45.0782 4556  vsmraid - ok
15:35:45.0787 4556  [ EF1E48D431223F670CFFD6169B1A136F ] vsock          C:\Windows\system32\drivers\vsock.sys
15:35:45.0797 4556  vsock - ok
15:35:45.0817 4556  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
15:35:45.0867 4556  VSS - ok
15:35:45.0872 4556  [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
15:35:45.0877 4556  vstor2-mntapi10-shared - ok
15:35:45.0882 4556  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:35:45.0892 4556  vwifibus - ok
15:35:45.0897 4556  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:35:45.0912 4556  vwififlt - ok
15:35:45.0917 4556  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:35:45.0927 4556  vwifimp - ok
15:35:45.0952 4556  [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
15:35:45.0992 4556  VX1000 - ok
15:35:46.0002 4556  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
15:35:46.0032 4556  W32Time - ok
15:35:46.0037 4556  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:35:46.0052 4556  WacomPen - ok
15:35:46.0057 4556  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:35:46.0087 4556  WANARP - ok
15:35:46.0087 4556  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:35:46.0117 4556  Wanarpv6 - ok
15:35:46.0137 4556  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:35:46.0167 4556  wbengine - ok
15:35:46.0172 4556  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:35:46.0187 4556  WbioSrvc - ok
15:35:46.0197 4556  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:35:46.0217 4556  wcncsvc - ok
15:35:46.0217 4556  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:35:46.0227 4556  WcsPlugInService - ok
15:35:46.0232 4556  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:35:46.0242 4556  Wd - ok
15:35:46.0257 4556  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:35:46.0282 4556  Wdf01000 - ok
15:35:46.0287 4556  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:35:46.0302 4556  WdiServiceHost - ok
15:35:46.0302 4556  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:35:46.0317 4556  WdiSystemHost - ok
15:35:46.0327 4556  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
15:35:46.0342 4556  WebClient - ok
15:35:46.0347 4556  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:35:46.0382 4556  Wecsvc - ok
15:35:46.0387 4556  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:35:46.0417 4556  wercplsupport - ok
15:35:46.0422 4556  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:35:46.0447 4556  WerSvc - ok
15:35:46.0452 4556  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:35:46.0482 4556  WfpLwf - ok
15:35:46.0487 4556  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:35:46.0497 4556  WIMMount - ok
15:35:46.0502 4556  WinDefend - ok
15:35:46.0507 4556  WinHttpAutoProxySvc - ok
15:35:46.0517 4556  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:35:46.0552 4556  Winmgmt - ok
15:35:46.0572 4556  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
15:35:46.0627 4556  WinRM - ok
15:35:46.0637 4556  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:35:46.0657 4556  WinUsb - ok
15:35:46.0672 4556  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:35:46.0697 4556  Wlansvc - ok
15:35:46.0702 4556  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
15:35:46.0712 4556  WmiAcpi - ok
15:35:46.0722 4556  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:35:46.0732 4556  wmiApSrv - ok
15:35:46.0737 4556  WMPNetworkSvc - ok
15:35:46.0742 4556  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:35:46.0752 4556  WPCSvc - ok
15:35:46.0757 4556  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:35:46.0767 4556  WPDBusEnum - ok
15:35:46.0772 4556  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:35:46.0802 4556  ws2ifsl - ok
15:35:46.0807 4556  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:35:46.0822 4556  wscsvc - ok
15:35:46.0822 4556  WSearch - ok
15:35:46.0852 4556  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:35:46.0907 4556  wuauserv - ok
15:35:46.0912 4556  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:35:46.0922 4556  WudfPf - ok
15:35:46.0927 4556  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:46.0937 4556  WUDFRd - ok
15:35:46.0942 4556  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:35:46.0957 4556  wudfsvc - ok
15:35:46.0962 4556  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:35:46.0977 4556  WwanSvc - ok
15:35:46.0992 4556  ================ Scan global ===============================
15:35:46.0992 4556  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:35:46.0997 4556  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:35:47.0007 4556  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:35:47.0012 4556  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:35:47.0017 4556  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:35:47.0022 4556  [Global] - ok
15:35:47.0022 4556  ================ Scan MBR ==================================
15:35:47.0027 4556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
15:35:47.0122 4556  \Device\Harddisk2\DR2 - ok
15:35:47.0127 4556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:35:47.0312 4556  \Device\Harddisk0\DR0 - ok
15:35:47.0322 4556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:35:47.0392 4556  \Device\Harddisk1\DR1 - ok
15:35:47.0392 4556  ================ Scan VBR ==================================
15:35:47.0397 4556  [ 225857737DAE7129A310B5473D35A5B0 ] \Device\Harddisk2\DR2\Partition1
15:35:47.0397 4556  \Device\Harddisk2\DR2\Partition1 - ok
15:35:47.0402 4556  [ 94732A1CDC4FF0DA75DA1ED2055EFCFC ] \Device\Harddisk2\DR2\Partition2
15:35:47.0402 4556  \Device\Harddisk2\DR2\Partition2 - ok
15:35:47.0407 4556  [ 5EB4BBD0680303052DBD7558983F875C ] \Device\Harddisk0\DR0\Partition1
15:35:47.0407 4556  \Device\Harddisk0\DR0\Partition1 - ok
15:35:47.0412 4556  [ 383644D0305D1B1AC5E85C39F2608190 ] \Device\Harddisk0\DR0\Partition2
15:35:47.0417 4556  \Device\Harddisk0\DR0\Partition2 - ok
15:35:47.0417 4556  [ 24E8CDC26CB9C00786ECCABB66ABE73B ] \Device\Harddisk0\DR0\Partition3
15:35:47.0422 4556  \Device\Harddisk0\DR0\Partition3 - ok
15:35:47.0422 4556  [ C7FDC9549F9B2FF93AFDE71864A8EB34 ] \Device\Harddisk1\DR1\Partition1
15:35:47.0427 4556  \Device\Harddisk1\DR1\Partition1 - ok
15:35:47.0427 4556  ============================================================
15:35:47.0427 4556  Scan finished
15:35:47.0427 4556  ============================================================
15:35:47.0432 4168  Detected object count: 2
15:35:47.0432 4168  Actual detected object count: 2
15:36:05.0977 4168  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:05.0977 4168  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:05.0982 4168  VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:05.0982 4168  VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:11.0002 4312  Deinitialize success
Warte auf weitere Instruktionen.
Gruß

markusg 13.02.2013 11:30
frage:
ist das der einzige PC im Haus?
bzw war zum infektionszeitpunkt evtl. n Bekannter mit Rechner bei dir?
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ApricotX 14.02.2013 18:57
Zitat:
Zitat von markusg (Beitrag 1010979)
frage:
ist das der einzige PC im Haus?
bzw war zum infektionszeitpunkt evtl. n Bekannter mit Rechner bei dir?
Es war niemand anderer da. Ich hab zwar noch ein Notebook aber der war an dem Tag ausgeschaltet.

Kannst Du mir ein kurzes Feedback geben, wo wir gerade stehen? Ich führe ja deine Anweisungen gerne durch aber würde gerne auch wissen, ob es irgendwelche Erkenntnisse aus den Logfiles gibt. Nur so als Info für mich.
Gefühlt läuft der Rechner ohne Probleme.

Combofix habe ich nun ausgeführt (was genau hab ich damit nun gemacht?):
Code:
ComboFix 13-02-13.02 - GG 14.02.2013  18:40:36.1.3 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4092.2570 [GMT 1:00]
ausgeführt von:: e:\eigene dateien\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-14 bis 2013-02-14  ))))))))))))))))))))))))))))))
.
.
2013-02-14 17:43 . 2013-02-14 17:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-14 11:34 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:34 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 10:18 . 2013-02-14 10:18        --------        d-----w-        c:\users\GG\AppData\Roaming\Babylon
2013-02-14 10:18 . 2013-02-14 10:18        --------        d-----w-        c:\programdata\Babylon
2013-02-14 10:16 . 2013-01-08 05:32        9161176        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17BF10E-56CB-45A3-8D7D-ECD57C677E58}\mpengine.dll
2013-02-14 08:45 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 08:45 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-14 08:45 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-02-14 08:45 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-02-14 08:45 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-02-14 08:45 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-02-14 08:45 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-02-14 08:45 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-02-14 08:45 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-14 08:45 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 21:48 . 2013-02-12 21:48        310688        ----a-w-        c:\windows\system32\javaws.exe
2013-02-12 21:48 . 2013-02-12 21:48        963488        ----a-w-        c:\windows\system32\deployJava1.dll
2013-02-12 21:48 . 2013-02-12 21:48        1085344        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-02-12 21:48 . 2013-02-12 21:48        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-12 21:48 . 2013-02-12 21:48        188832        ----a-w-        c:\windows\system32\javaw.exe
2013-02-12 21:48 . 2013-02-12 21:48        188320        ----a-w-        c:\windows\system32\java.exe
2013-02-12 21:47 . 2013-02-12 21:48        --------        d-----w-        c:\program files\Java
2013-02-12 20:50 . 2013-01-08 05:32        9161176        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 11:41 . 2013-02-07 11:41        --------        d-----w-        c:\users\GG\AppData\Roaming\Malwarebytes
2013-02-07 11:41 . 2013-02-07 11:41        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-07 11:41 . 2013-02-07 11:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-07 11:41 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-06 10:39 . 2013-02-06 10:39        --------        d-----w-        c:\users\GG\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
2013-02-05 17:16 . 2013-02-05 17:16        --------        d-----w-        c:\program files (x86)\HD Tune
2013-02-05 08:09 . 2013-02-14 10:22        --------        d-----w-        c:\windows\system32\appmgmt
2013-02-04 14:18 . 2012-03-09 21:23        132096        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Media\File Renamer\Rename32.dll
2013-02-04 14:18 . 2012-03-09 21:23        132096        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programme\Media\File Renamer\Rename32.dll
2013-02-04 14:18 . 2012-02-19 14:17        247808        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Media\File Renamer\Rename.exe
2013-02-04 14:18 . 2012-02-19 14:17        247808        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programme\Media\File Renamer\Rename.exe
2013-02-04 14:18 . 2012-02-18 11:26        680050        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Media\File Renamer\Rename64.dll
2013-02-04 14:18 . 2012-02-18 11:26        680050        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programme\Media\File Renamer\Rename64.dll
2013-02-04 14:08 . 2013-02-04 14:08        --------        d-----w-        c:\users\GG\AppData\Local\Tools&More
2013-01-29 09:29 . 2012-10-24 13:17        67224        ----a-w-        c:\windows\system32\vsocklib.dll
2013-01-29 09:29 . 2012-10-24 13:17        70296        ----a-w-        c:\windows\system32\drivers\vsock.sys
2013-01-29 09:29 . 2012-10-24 13:17        63128        ----a-w-        c:\windows\SysWow64\vsocklib.dll
2013-01-29 09:29 . 2012-11-01 01:34        31384        ----a-w-        c:\windows\system32\drivers\VMparport.sys
2013-01-29 09:29 . 2012-11-01 01:34        67224        ----a-w-        c:\windows\system32\drivers\vmx86.sys
2013-01-29 09:29 . 2012-11-01 01:35        357016        ----a-w-        c:\windows\SysWow64\vmnetdhcp.exe
2013-01-29 09:29 . 2012-11-01 01:34        435864        ----a-w-        c:\windows\SysWow64\vmnat.exe
2013-01-29 09:29 . 2012-11-01 01:34        30360        ----a-w-        c:\windows\system32\drivers\vmnetuserif.sys
2013-01-29 09:29 . 2012-11-01 01:35        933528        ----a-w-        c:\windows\system32\vnetlib64.dll
2013-01-29 09:29 . 2012-10-11 16:15        52376        ----a-w-        c:\windows\system32\drivers\hcmon.sys
2013-01-29 09:28 . 2013-01-29 09:28        --------        d-----w-        c:\program files\Common Files\VMware
2013-01-29 09:28 . 2013-01-29 09:28        --------        d-----w-        c:\program files (x86)\Common Files\VMware
2013-01-29 09:09 . 2013-01-29 10:09        --------        d-----w-        C:\Virtualisation
2013-01-29 09:03 . 2013-02-04 13:13        --------        d-----w-        c:\users\GG\AppData\Roaming\VMware
2013-01-29 09:03 . 2013-02-04 13:13        --------        d-----w-        c:\users\GG\AppData\Local\VMware
2013-01-29 08:57 . 2013-02-14 17:44        --------        d-----w-        c:\programdata\VMware
2013-01-29 08:57 . 2013-01-29 09:28        --------        d-----w-        c:\program files (x86)\VMware
2013-01-29 08:29 . 2013-01-29 08:29        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2013-01-28 12:39 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\SysWow64\d3dx11_43.dll
2013-01-28 12:39 . 2010-05-26 10:41        470880        ----a-w-        c:\windows\SysWow64\d3dx10_43.dll
2013-01-28 12:39 . 2010-05-26 10:41        1998168        ----a-w-        c:\windows\SysWow64\D3DX9_43.dll
2013-01-28 12:39 . 2010-05-26 10:41        1868128        ----a-w-        c:\windows\SysWow64\d3dcsx_43.dll
2013-01-28 12:38 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\SysWow64\D3DCompiler_43.dll
2013-01-28 11:50 . 2013-01-28 11:50        --------        d-----w-        c:\users\GG\AppData\Roaming\Nero
2013-01-28 11:47 . 2013-01-28 12:42        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2013-01-28 11:47 . 2013-01-28 12:42        --------        d-----w-        c:\program files (x86)\Nero
2013-01-28 11:47 . 2013-01-28 11:48        --------        d-----w-        c:\programdata\Nero
2013-01-25 22:56 . 2013-02-07 11:41        --------        d-----w-        c:\users\GG\AppData\Local\Programs
2013-01-25 22:48 . 2013-01-25 22:54        --------        d-----w-        c:\users\GG\AppData\Roaming\Mp3tag
2013-01-25 22:48 . 2013-01-25 22:48        --------        d-----w-        c:\program files (x86)\Mp3tag
2013-01-21 14:39 . 2013-01-21 14:39        --------        d-----w-        c:\users\GG\AppData\Roaming\Buhl Data Service
2013-01-21 14:39 . 2013-01-21 14:39        --------        d-----w-        c:\users\GG\AppData\Local\Buhl Data Service
2013-01-21 14:37 . 2013-01-21 14:38        --------        d-----w-        c:\users\GG\AppData\Local\Buhl
2013-01-21 14:37 . 2013-01-21 14:37        --------        d-----w-        c:\program files (x86)\WISO
2013-01-21 14:36 . 2013-01-21 14:49        --------        d-----w-        c:\programdata\Buhl Data Service GmbH
2013-01-17 20:04 . 2013-02-14 10:14        --------        d-----w-        c:\users\GG\AppData\Roaming\vlc
2013-01-17 20:04 . 2013-01-17 20:04        --------        d-----w-        c:\program files\VideoLAN
2013-01-16 19:40 . 2013-01-16 19:53        --------        d-----w-        c:\users\GG\AppData\Roaming\Skype
2013-01-16 19:40 . 2013-01-16 19:40        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-01-16 19:40 . 2013-01-16 19:40        --------        d-----r-        c:\program files (x86)\Skype
2013-01-16 19:40 . 2013-01-16 19:40        --------        d-----w-        c:\programdata\Skype
2013-01-15 22:45 . 2013-01-15 22:45        --------        d-----w-        c:\users\GG\AppData\Local\Splashtop
2013-01-15 22:42 . 2013-01-15 22:42        --------        d-----w-        c:\programdata\Splashtop
2013-01-15 22:41 . 2013-01-15 22:42        --------        d-----w-        c:\program files (x86)\Splashtop
2013-01-15 22:41 . 2013-01-15 22:41        --------        d-----w-        c:\users\GG\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853}
2013-01-15 22:29 . 2013-01-15 22:30        --------        d-----w-        c:\program files (x86)\Tools&More
2013-01-15 22:29 . 2013-01-15 22:30        --------        d-----w-        c:\windows\Downloaded Installations
2013-01-15 21:42 . 2013-01-15 21:42        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 11:36 . 2013-01-09 10:07        70004024        ----a-w-        c:\windows\system32\MRT.exe
2013-02-08 13:47 . 2013-01-08 18:37        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 13:47 . 2013-01-08 18:37        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53 . 2013-01-08 18:18        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-09 10:03 . 2013-01-09 10:03        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-09 10:03 . 2013-01-09 10:03        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-01-09 10:03 . 2013-01-09 10:03        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-09 10:03 . 2013-01-09 10:03        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-01-09 10:03 . 2013-01-09 10:03        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-01-09 10:03 . 2013-01-09 10:03        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-01-09 10:03 . 2013-01-09 10:03        367104        ----a-w-        c:\windows\SysWow64\html.iec
2013-01-09 10:03 . 2013-01-09 10:03        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-01-09 10:03 . 2013-01-09 10:03        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-01-09 10:03 . 2013-01-09 10:03        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-01-09 10:03 . 2013-01-09 10:03        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-01-09 10:03 . 2013-01-09 10:03        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-01-09 10:03 . 2013-01-09 10:03        222208        ----a-w-        c:\windows\system32\msls31.dll
2013-01-09 10:03 . 2013-01-09 10:03        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-01-09 10:03 . 2013-01-09 10:03        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-01-09 10:03 . 2013-01-09 10:03        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-01-09 10:03 . 2013-01-09 10:03        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2013-01-09 10:03 . 2013-01-09 10:03        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-01-09 10:03 . 2013-01-09 10:03        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-01-09 10:03 . 2013-01-09 10:03        85504        ----a-w-        c:\windows\system32\iesetup.dll
2013-01-09 10:03 . 2013-01-09 10:03        82432        ----a-w-        c:\windows\system32\icardie.dll
2013-01-09 10:03 . 2013-01-09 10:03        76800        ----a-w-        c:\windows\system32\tdc.ocx
2013-01-09 10:03 . 2013-01-09 10:03        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2013-01-09 10:03 . 2013-01-09 10:03        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-01-09 10:03 . 2013-01-09 10:03        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-01-09 10:03 . 2013-01-09 10:03        49664        ----a-w-        c:\windows\system32\imgutil.dll
2013-01-09 10:03 . 2013-01-09 10:03        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-01-09 10:03 . 2013-01-09 10:03        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-01-09 10:03 . 2013-01-09 10:03        448512        ----a-w-        c:\windows\system32\html.iec
2013-01-09 10:03 . 2013-01-09 10:03        39936        ----a-w-        c:\windows\system32\iernonce.dll
2013-01-09 10:03 . 2013-01-09 10:03        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-01-09 10:03 . 2013-01-09 10:03        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2013-01-09 10:03 . 2013-01-09 10:03        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2013-01-09 10:03 . 2013-01-09 10:03        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-01-09 10:03 . 2013-01-09 10:03        163840        ----a-w-        c:\windows\system32\ieakui.dll
2013-01-09 10:03 . 2013-01-09 10:03        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2013-01-09 10:03 . 2013-01-09 10:03        149504        ----a-w-        c:\windows\system32\occache.dll
2013-01-09 10:03 . 2013-01-09 10:03        145920        ----a-w-        c:\windows\system32\iepeers.dll
2013-01-09 10:03 . 2013-01-09 10:03        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-01-09 10:03 . 2013-01-09 10:03        12288        ----a-w-        c:\windows\system32\mshta.exe
2013-01-09 10:03 . 2013-01-09 10:03        114176        ----a-w-        c:\windows\system32\admparse.dll
2013-01-09 10:03 . 2013-01-09 10:03        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2013-01-09 10:03 . 2013-01-09 10:03        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-01-09 10:03 . 2013-01-09 10:03        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-01-09 10:03 . 2013-01-09 10:03        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2013-01-09 10:03 . 2013-01-09 10:03        249344        ----a-w-        c:\windows\system32\webcheck.dll
2013-01-09 10:03 . 2013-01-09 10:03        165888        ----a-w-        c:\windows\system32\iexpress.exe
2013-01-09 10:03 . 2013-01-09 10:03        160256        ----a-w-        c:\windows\system32\wextract.exe
2013-01-09 10:03 . 2013-01-09 10:03        103936        ----a-w-        c:\windows\system32\inseng.dll
2013-01-09 09:58 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2013-01-09 09:58 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2013-01-08 19:12 . 2013-01-08 19:12        972264        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{196C04E3-1A66-4F20-B516-75FAEE94491C}\gapaengine.dll
2013-01-05 10:22 . 2013-01-05 10:22        50800        ----a-w-        c:\windows\system32\drivers\point64.sys
2013-01-04 04:43 . 2013-02-14 08:45        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-18 12:14 . 2013-01-12 23:16        114368        ----a-w-        c:\windows\SysWow64\acaptuser32.dll
2012-12-16 17:11 . 2013-01-08 18:48        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 18:48        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 18:48        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 18:48        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-08 18:43        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 18:43        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 18:43        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 18:43        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 18:43        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 18:43        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 18:43        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 18:43        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 18:43        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 18:43        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 18:43        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 18:43        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 18:43        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 18:43        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 18:43        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 18:43        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 18:43        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 18:43        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 18:43        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 18:43        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 18:43        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 18:43        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 18:43        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 18:43        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 18:43        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 18:43        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 18:43        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 18:43        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 18:43        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 18:43        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 18:43        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 18:43        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-08 18:43        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 18:43        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 18:43        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-08 18:43        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 18:43        424448        ----a-w-        c:\windows\system32\KernelBase.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-11-01 104088]
.
c:\users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\GG\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-1-21 1397480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-01-28 551264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-01-25 583456]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-01 13234176]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 18:41        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 13:47]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 18:36]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 18:36]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
- c:\users\GG\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-25 22:56]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
- c:\users\GG\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-25 22:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=dce0422000000000000000241d867d72
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{857752D2-D8AB-416B-80CC-BF532662B4BE}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\GG\AppData\Roaming\Mozilla\Firefox\Profiles\ota3u26w.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=dce0422000000000000000241d867d72
FF - ExtSQL: 2013-01-15 22:56; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - dce0422000000000000000241d867d72
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15750
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:18
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-StrokeIt - c:\users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-14  18:45:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-14 17:45
.
Vor Suchlauf: 8 Verzeichnis(se), 60.680.097.792 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 60.455.141.376 Bytes frei
.
- - End Of File - - 736B6B0F988AA30A9BECE359B1484252

markusg 14.02.2013 22:14
Also, bisher sieht alles gut aus.
noch 2 Fragen:
1. was hast du mit dem Telekom Mitarbeiter mit welchem Ergebniss gemacht?
2. ich sehe vmware, nutzt du diese, evtl. wurde auch dort Malware instaliert.

ApricotX 14.02.2013 22:44
Na dann bin ich erst mal beruhigt...

VMWare nutze ich. Hatte ich aber schon länger nicht mehr aktiv. Zur Sicherheit werde ich mal das Testsystem dort löschen und neu installieren. War eh nur Win 7 zu Testzwecken drauf.

Der T-Com Mitarbeiter hat mich einen DNS Test machen lassen:
hxxp://www.thinkbroadband.com/tools/dnscheck.html

Dort kam erst eine Alarmmeldung. Nachdem ich nun (Tipp vom T-Com Mitarbeiter) den UDP Port 53 weitergeleitet hab auf eine interne IP bringt der oben genannte Test auch eine "alles in Ordnung" Meldung. Er meinte auch, dass die Meldung von der T-Com auch eben was mit diesem UDP 53 Port zu tun hätte (jedenfalls glaube ich mich an diese Aussage erinnern zu können).
Ansonsten waren die Tipps halt alle Antiviren- und Malwareapps durchlaufen zu lassen, was ich ja ohnehin schon gemacht hatte.

Jetzt hab ich aber bemerkt, dass die letzte Aktion mit Combofix mir mein strokeit irgendwie gelöscht oder zerschossen hat. Geht nicht mehr.
Stroke it ist dafür da, Mausgesten zu erkennen. Startete immer mit win 7 - nun ist es ganz verschwunden.

Kann man das, was mit combofix verändert wurde wieder rückgängig machen. Denn ich denke, so weit war ja nichts auffälliges. Jedoch hatte combofix dennoch einige Sachen wohl gelöscht (soweit ich das aus der LOG interpretieren kann).

markusg 14.02.2013 22:54
Hi,
Stroke i:
StrokeIt - Mouse Gestures for Windows
reinstalieren.
Wir müssten trotzdem noch einiges löschen, an Adware.
Wenn das Programm läuft:
lade den CCleaner standard:
http://filepony.de/download-ccleaner/
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

ApricotX 14.02.2013 23:08
Hi Markus,

also, anbei die Liste. Ich habe aber jetzt nicht hinter jedes Programm was geschrieben, denn ich kenne und benötige ausnahmslos alle von denen:

Code:
Adobe Acrobat 9 Pro Extended 64-bit Add-On        Adobe Systems Incorporated        12.01.2013        38,0KB        9.0.0
Adobe Acrobat XI Pro        Adobe Systems        15.01.2013        2,80GB        11.0.01
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.02.2013        6,00MB        11.5.502.149
CanoScan Toolbox Ver4.9                12.01.2013               
CCleaner        Piriform        23.01.2013                3.27
DirComp        Wirth IT Design        15.01.2013        1,37MB        2.08.0000
Dropbox        Dropbox, Inc.        25.01.2013                1.6.16
FreeFileSync 5.11        Zenju        14.01.2013                5.11
Google Chrome        Google Inc.        08.01.2013                24.0.1312.57
HD Tune 2.55        EFD Software        05.02.2013               
Java 7 Update 13 (64-bit)        Oracle        12.02.2013        128MB        7.0.130
Java SE Development Kit 7 Update 13 (64-bit)        Oracle        12.02.2013        189MB        1.7.0.130
JDownloader 2        AppWork GmbH        13.01.2013                2
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        07.02.2013        18,4MB        1.70.0.1100
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        09.01.2013        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        09.01.2013        2,93MB        4.0.30319
Microsoft LifeCam        Microsoft Corporation        08.01.2013        60,5MB        3.22.270.0
Microsoft Office Professional Plus 2010        Microsoft Corporation        09.01.2013                14.0.6029.1000
Microsoft Security Essentials        Microsoft Corporation        08.01.2013                4.1.522.0
Microsoft Silverlight        Microsoft Corporation        08.01.2013        50,6MB        5.1.10411.0
Microsoft Sync Framework 2.0 Core Components (x64) ENU        Microsoft Corporation        14.01.2013        1,33MB        2.0.1578.0
Microsoft Sync Framework 2.0 Provider Services (x64) ENU        Microsoft Corporation        14.01.2013        3,20MB        2.0.1578.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        29.01.2013        780KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        30.01.2013        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        21.01.2013        594KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        29.01.2013        224KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        22.01.2013        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        09.01.2013        15,2MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        22.01.2013        15,0MB        10.0.40219
Microsoft-Maus- und Tastatur-Center        Microsoft Corporation        11.01.2013                2.0.162.0
Mozilla Firefox 18.0 (x86 de)        Mozilla        08.01.2013        43,2MB        18.0
Mozilla Maintenance Service        Mozilla        08.01.2013        217KB        18.0
Mp3tag v2.54        Florian Heidenreich        25.01.2013                v2.54
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        29.01.2013        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        29.01.2013        1,33MB        4.20.9876.0
Music Manager        Google, Inc.        25.01.2013               
Nero 12        Nero AG        28.01.2013        1,33GB        12.0.02900
Nero BurningROM 12        Nero AG        28.01.2013        253MB        12.0.00300
Nero CoverDesigner        Nero AG        28.01.2013        142MB        12.0.00900
Rainmeter                08.01.2013                2.4 r1678
Samsung SSD Magician        Samsung Electronics        13.01.2013        45,8MB        3.2
Skype™ 6.1        Skype Technologies S.A.        16.01.2013        21,1MB        6.1.129
Splashtop Software Updater        Splashtop Inc.        06.02.2013                1.5.6.10
Splashtop Streamer        Splashtop Inc.        06.02.2013        25,3MB        2.2.5.1
StarMoney 8.0        Star Finanz GmbH        09.01.2013                8.0
StrokeIt                08.01.2013               
StrokeIt (Deutsch)                08.01.2013               
SyncToy 2.1 (x64)        Microsoft        14.01.2013        1,45MB        2.1.0
TeamViewer 8        TeamViewer        09.01.2013                8.0.16642
VLC media player 2.0.5        VideoLAN        17.01.2013                2.0.5
VMware Workstation        VMware, Inc        29.01.2013        3,25GB        9.0.1
WinRAR 4.20 (64-Bit)        win.rar GmbH        08.01.2013                4.20.0
WISO Steuer-Sparbuch 2013        Buhl Data Service GmbH        21.01.2013                20.00.8137

markusg 14.02.2013 23:30
TeamViewer würd ich nur bei Bedarf instalieren.
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131