Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Log-Analyse und Auswertung: C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 02.01.2013, 19:36   #1
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hallo Leute, hier mein Problem:

beim Öffnen einer Website (27.12.2012) poppten plötzlich Fenster hoch ala "sie laden unerlaubte Software runter... bezahlen Sie ...". Ich habe das Internet abgeklemmt und neugestartet. Kann mich leider nicht mehr erinnern, wie ich die hartnäckigen Fenster wegbekommen habe. Inzwischen bekomme ich nach dem Neustart die Fehlermeldung: "Problem beim Starten von C:\Users\XXp\wgsdgsdgdsgsd.exe - Das angegebene Modul wurde nicht gefunden."
Ich habe in Autostart den Link gelöscht, der versuchte diese Datei zu starten, denke aber, daß damit der Trojaner noch nicht von meinem Rechner entfernt ist.

Der Versuch eine Systemwiederherstellung zu machen schlug fehl (Systemwdh. vom 27.12.12 führt zu blaum Bildschirm nach Login und der Benutzer wird nicht ordnungsgemäß eingeloggt).
Systemwiederherstellung habe ich rückgängig gemacht.

Malwarebytes findet 1 bösartiges Programm, was ich aber nicht verändert habe: Anbieter: Exploit.Drop.GSA File Objekt: C:\ProgrammData\dsgsdgdsgdsgw.pad

Wäre nett, wenn mir jemand beim Bereinigen meines PCs helfen könnte.
Danke
XXp

Alt 02.01.2013, 20:09   #2
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi
keine Systemwiederherstellung bei Malware befall nutzen!
Öffne bitte Malwarebytes, Logdateien, poste Berichte mit Funden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 02.01.2013, 20:50   #3
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Gaby :: XANTHIPPE [Administrator]

02.01.2013 20:12:28
MBAM-log-2013-01-02 (20-21-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305794
Laufzeit: 6 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)
OTL Log:
Code:
ATTFilter
OTL logfile created on: 1/2/2013 8:23:00 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 51.05% Memory free
5.98 Gb Paging File | 4.20 Gb Available in Paging File | 70.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 52.03 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.49 Gb Free Space | 74.76% Space Free | Partition Type: FAT32
 
Computer Name: XANTHIPPE | User Name: XXp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/02 11:48:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXp\Desktop\OTL.exe
PRC - [2012/12/03 17:11:19 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/10/04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/15 16:16:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 19:28:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/03 19:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/03 19:28:47 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 11:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 13:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/06/26 01:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 20:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2010/05/06 01:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2010/04/27 16:06:02 | 000,138,072 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
PRC - [2010/04/27 15:57:32 | 000,247,152 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
PRC - [2009/11/18 01:31:42 | 000,101,944 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2009/11/18 01:31:22 | 001,690,680 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/22 01:35:48 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009/10/22 01:35:48 | 000,101,944 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/10/20 06:18:02 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/10/20 06:17:32 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/15 18:36:42 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/10/12 23:51:52 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/10/12 23:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\stacsv.exe
PRC - [2009/10/02 13:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2009/10/02 13:51:16 | 000,312,608 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/10/02 13:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/10/02 13:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2009/09/04 20:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/08/25 17:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/03 21:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/28 15:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009/06/04 01:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/04 01:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/04 01:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/12/03 17:11:18 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/15 19:10:10 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/14 18:26:27 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/14 18:26:15 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/14 18:26:09 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 18:25:56 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/14 18:25:42 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/14 18:25:35 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/14 18:25:29 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/14 18:25:16 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/14 18:25:08 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/14 18:25:04 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/14 18:25:02 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/14 18:24:50 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/06/13 22:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/05/09 08:53:24 | 001,695,744 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3579.36926__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:24 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3579.36895__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:24 | 000,368,640 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3579.36805__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:24 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3579.36824__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:24 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3579.36876__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:24 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3579.36857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:24 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3579.36848__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:24 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3579.36819__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:24 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3579.36814__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:23 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3579.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:23 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3579.36895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:23 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3579.36863__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:23 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3579.36813__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:23 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Runtime\2.0.3579.36918__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:23 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3579.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:23 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3579.36896__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:23 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3579.36894__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:23 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3579.36911__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:22 | 001,138,688 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3579.36922__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:22 | 000,823,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3579.36850__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:22 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3579.36825__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:22 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3579.36871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:22 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3579.36856__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:22 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3579.36829__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/05/09 08:53:22 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3579.36825__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:22 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3579.36849__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:22 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3579.36855__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:22 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3579.36855__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:22 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3579.36829__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:21 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3579.36849__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:21 | 000,368,640 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3579.36844__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:21 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/09 08:53:21 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3579.36848__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:21 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3579.36849__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:21 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3579.36856__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/05/09 08:53:21 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3574.20483__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3574.20475__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3574.20511__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3574.20570__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3574.20566__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3574.20505__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3574.20565__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/05/09 08:53:21 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/05/09 08:53:20 | 000,147,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3574.20469__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3574.20459__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/05/09 08:53:20 | 000,069,632 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Shared\2.0.3574.20536__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3574.20534__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/05/09 08:53:20 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3574.20557__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3574.20454__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/05/09 08:53:20 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3574.20457__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/05/09 08:53:20 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3574.20638__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/05/09 08:53:20 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3574.20555__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3574.20492__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3574.20554__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3574.20491__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3574.20472__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3574.20501__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3574.20524__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3574.20485__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3574.20528__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/05/09 08:53:20 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3574.20495__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3579.36890__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/05/09 08:53:19 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3574.20535__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3574.20496__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3574.20530__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3574.20502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3579.36901__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/05/09 08:53:19 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3574.20489__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3574.20496__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3574.20464__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/05/09 08:53:19 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3574.20529__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3574.20525__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3574.20482__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3574.20532__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3574.20480__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/05/09 08:53:19 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3574.20506__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3574.20504__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/05/09 08:53:19 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3574.20484__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/05/09 08:53:19 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3579.36802__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/05/09 08:53:18 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3579.36819__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/05/09 08:53:18 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3579.36889__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/05/09 08:53:18 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3579.36804__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/05/09 08:53:18 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3579.36802__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/05/09 08:53:18 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3574.20509__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/05/09 08:53:18 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3574.20476__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/05/09 08:53:18 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3574.20498__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/05/09 08:53:18 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3574.20494__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/05/09 08:53:18 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3574.20499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/05/09 08:53:17 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3579.36809__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/05/09 08:53:17 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3579.36801__90ba9c70f846762e\APM.Server.dll
MOD - [2010/05/09 08:53:17 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3579.36802__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/05/09 08:53:17 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3574.20487__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/05/09 08:53:17 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/05/09 08:53:17 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3574.20537__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/05/09 08:53:17 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3579.36890__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/04/27 16:06:02 | 000,138,072 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
MOD - [2009/12/16 20:15:24 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009/12/16 20:15:24 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009/12/16 20:15:24 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2009/12/16 20:15:24 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2009/12/16 19:31:40 | 000,236,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2009/12/16 19:31:40 | 000,010,808 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.HPQWMIEXLib\1.0.0.0__67b8d1b5179ba5f8\Interop.HPQWMIEXLib.dll
MOD - [2009/11/18 01:32:10 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
MOD - [2009/11/18 01:32:06 | 000,054,328 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
MOD - [2009/10/22 01:35:50 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2009/10/22 01:35:42 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2009/06/11 00:30:18 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2012/12/03 17:11:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/12 11:42:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 19:28:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/03 19:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/19 11:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/08/20 16:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/16 13:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/05/23 13:22:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010/05/06 01:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2010/04/27 15:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/18 01:31:42 | 000,101,944 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/22 01:35:48 | 000,101,944 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/10/20 06:17:32 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/15 18:36:42 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/10/12 23:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\stacsv.exe -- (STacSV)
SRV - [2009/10/06 17:51:36 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/10/06 03:43:54 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/10/02 13:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2009/10/02 13:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/10/02 13:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2009/09/28 09:22:00 | 000,364,544 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/09/04 20:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/08/03 21:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/28 15:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/13 06:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/04 01:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/11/01 21:52:48 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/03 19:28:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/03 19:28:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/06/27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/04/24 11:17:07 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/21 11:52:06 | 000,144,896 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11rdr.SYS -- (ui11rdr)
DRV - [2011/10/11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/20 13:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 13:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 11:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/26 17:03:03 | 000,230,736 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/26 17:47:34 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2010/03/18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010/01/05 10:31:26 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/05 10:31:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/05 10:31:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/05 10:31:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/29 02:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 23:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/10/20 06:49:32 | 005,089,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/10/15 18:37:38 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/10/15 18:37:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/10/15 18:37:24 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/10/15 18:37:22 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/12 23:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/10/02 13:47:10 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/09/30 18:33:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/28 23:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/18 03:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/09/17 21:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 18:14:10 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/08/03 21:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 01:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 01:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 01:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/02/20 18:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2007/12/12 12:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {009652DF-1177-499A-872B-B3D00B1A74F8}
IE - HKLM\..\SearchScopes\{009652DF-1177-499A-872B-B3D00B1A74F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\..\SearchScopes,DefaultScope = {009652DF-1177-499A-872B-B3D00B1A74F8}
IE - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\..\SearchScopes\{009652DF-1177-499A-872B-B3D00B1A74F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: maps%40ovi.com:5.9.2.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: otis%40digitalpersona.com:5.0.0.4254
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205
FF - prefs.js..extensions.enabledAddons: %7B2d4271b9-cc9f-4f37-8b1e-340293eacd5c%7D:0.9.9.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4179
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/26 22:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/10/12 10:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/03 17:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/24 12:53:04 | 000,000,000 | ---D | M]
 
[2010/05/23 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXp\AppData\Roaming\Mozilla\Extensions
[2010/05/23 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXp\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/12/15 12:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions
[2012/11/30 07:53:51 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/10/06 10:56:32 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/12/06 00:31:43 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\donottrackplus@abine.com
[2012/04/09 10:30:02 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\maps@ovi.com
[2012/12/15 12:35:33 | 000,037,832 | ---- | M] () (No name found) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\{2d4271b9-cc9f-4f37-8b1e-340293eacd5c}.xpi
[2012/12/05 16:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2012/03/05 15:40:50 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\maps@ovi.com\plugins\package.XPI
[2011/10/08 09:09:47 | 000,002,289 | ---- | M] () -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\searchplugins\ecosia.xml
[2011/10/08 09:15:32 | 000,002,647 | ---- | M] () -- C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\searchplugins\ixquick-ssl.xml
[2012/03/22 10:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/10/12 10:30:57 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
[2012/12/03 17:11:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/11 16:31:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/11/12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/10/12 10:22:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/12 10:22:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 10:22:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/12 10:22:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/12 10:22:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/12 10:22:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003..\Run: []  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1066535224-2566255850-1686074581-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529599EC-5F8D-4676-8588-51DB21FDCAE4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23c0713b-9cc6-11df-bdbf-705ab6aa41ee}\Shell - "" = AutoRun
O33 - MountPoints2\{23c0713b-9cc6-11df-bdbf-705ab6aa41ee}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: File Sanitizer - hkey= - key= - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SansaDispatch - hkey= - key= - C:\Users\XXp\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/02 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Malwarebytes
[2013/01/02 18:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/02 18:13:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/02 18:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/02 18:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/02 11:48:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXp\Desktop\OTL.exe
[2012/12/28 12:34:02 | 000,000,000 | R--D | C] -- C:\Users\XXp\Dropbox
[2012/12/28 12:31:11 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/12/28 12:30:36 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Dropbox
[2012/12/26 23:02:53 | 000,000,000 | ---D | C] -- C:\Users\XXp\Eigene Dokumente\Productions
[2012/12/24 17:11:02 | 000,000,000 | ---D | C] -- C:\Users\XXp\Eigene Dokumente\Lexware
[2012/12/24 12:53:04 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/12/24 12:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012/12/24 12:44:28 | 000,000,000 | ---D | C] -- C:\Users\XXp\Local Settings
[2012/12/20 19:49:06 | 000,000,000 | ---D | C] -- C:\MyTools
[2012/12/20 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2012/12/20 18:13:08 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2012/12/17 09:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2012/12/17 09:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HDX4
[2012/12/15 23:43:06 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\pdfforge
[2012/12/15 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/12/15 23:43:04 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012/12/15 23:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2012/12/15 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\PDF Architect
[2012/12/15 23:08:42 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\APP_NAME_NON_STRING
[2012/12/15 11:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\DriveCleanup
[2012/12/15 11:46:38 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriveCleanup
[2012/12/15 11:39:06 | 000,000,000 | ---D | C] -- C:\Users\XXp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB-Dev-View
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/02 20:03:01 | 000,670,018 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/01/02 20:03:01 | 000,628,218 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/01/02 20:03:01 | 000,136,414 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/01/02 20:03:01 | 000,111,796 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/01/02 19:34:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/02 18:26:43 | 000,050,672 | ---- | M] () -- C:\Users\XXp\Desktop\malwarbytes.jpg
[2013/01/02 18:13:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/02 18:01:37 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 18:01:37 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 17:53:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/02 17:53:35 | 2407,952,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/02 13:46:42 | 000,107,108 | ---- | M] () -- C:\Users\XXp\Eigene Dokumente\2013-01-02-Rechner-Setup-Delta.JPG
[2013/01/02 12:30:22 | 000,856,731 | ---- | M] () -- C:\Users\XXp\Desktop\SecurityCheck.exe
[2013/01/02 11:59:57 | 000,021,276 | ---- | M] () -- C:\Users\XXp\Desktop\trojaner.jpg
[2013/01/02 11:48:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXp\Desktop\OTL.exe
[2012/12/29 18:32:43 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/28 13:40:56 | 000,033,588 | ---- | M] () -- C:\Users\XXp\Desktop\cover.jpg
[2012/12/28 13:17:55 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/12/24 23:02:20 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/12/24 18:44:59 | 000,945,254 | ---- | M] () -- C:\Users\XXp\AppData\Local\recently-used.xbel
[2012/12/24 17:24:28 | 000,001,078 | ---- | M] () -- C:\Users\XXp\Desktop\EBook-Downloads.lnk
[2012/12/24 11:09:11 | 000,008,476 | -HS- | M] () -- C:\Users\XXp\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/24 11:09:11 | 000,008,476 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/21 16:14:19 | 000,543,392 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/20 19:50:27 | 000,001,455 | ---- | M] () -- C:\Users\XXp\Desktop\ExifToolGUI.lnk
[2012/12/20 18:18:43 | 000,003,029 | ---- | M] () -- C:\Users\XXp\Desktop\Microsoft ICE.lnk
[2012/12/15 18:54:44 | 029,787,821 | ---- | M] () -- C:\Users\XXp\Eigene Dokumente\2012-09 Rechner-Setup.rtf
[2012/12/15 12:45:35 | 000,045,584 | ---- | M] () -- C:\Users\XXp\Eigene Dokumente\2006-10-Installation.rtf
[2012/12/15 10:25:03 | 000,052,981 | ---- | M] () -- C:\Users\XXp\Desktop\pearson-Gutschein-4.jpg
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/12/14 11:41:27 | 000,030,333 | ---- | M] () -- C:\Users\XXp\Desktop\Voelkner-Gutschein-17.JPG
[2012/12/12 10:15:56 | 000,054,799 | ---- | M] () -- C:\Users\XXp\Desktop\pearson-Gutschein-3.jpg
[2012/12/12 09:29:31 | 000,047,305 | ---- | M] () -- C:\Users\XXp\Desktop\pearson-Gutschein-2.jpg
[2012/12/10 17:51:24 | 000,000,972 | ---- | M] () -- C:\Users\XXp\Desktop\IrfanView.lnk
[2012/12/06 13:58:51 | 000,050,996 | ---- | M] () -- C:\Users\XXp\Desktop\bookshop.pearson.de-Gutschein.JPG
 
========== Files Created - No Company Name ==========
 
[2013/01/02 18:26:43 | 000,050,672 | ---- | C] () -- C:\Users\XXp\Desktop\malwarbytes.jpg
[2013/01/02 18:13:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/02 13:46:41 | 000,107,108 | ---- | C] () -- C:\Users\XXp\Eigene Dokumente\2013-01-02-Rechner-Setup-Delta.JPG
[2013/01/02 12:30:10 | 000,856,731 | ---- | C] () -- C:\Users\XXp\Desktop\SecurityCheck.exe
[2013/01/02 11:59:56 | 000,021,276 | ---- | C] () -- C:\Users\XXp\Desktop\trojaner.jpg
[2012/12/27 15:37:08 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/24 23:02:20 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/12/24 18:44:59 | 000,945,254 | ---- | C] () -- C:\Users\XXp\AppData\Local\recently-used.xbel
[2012/12/24 17:24:28 | 000,001,078 | ---- | C] () -- C:\Users\XXp\Desktop\EBook-Downloads.lnk
[2012/12/24 11:24:31 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/12/24 11:02:03 | 000,008,476 | -HS- | C] () -- C:\Users\XXp\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/24 11:02:03 | 000,008,476 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/20 18:18:43 | 000,003,029 | ---- | C] () -- C:\Users\XXp\Desktop\Microsoft ICE.lnk
[2012/12/15 10:25:02 | 000,052,981 | ---- | C] () -- C:\Users\XXp\Desktop\pearson-Gutschein-4.jpg
[2012/12/14 11:41:27 | 000,030,333 | ---- | C] () -- C:\Users\XXp\Desktop\Voelkner-Gutschein-17.JPG
[2012/12/12 10:15:56 | 000,054,799 | ---- | C] () -- C:\Users\XXp\Desktop\pearson-Gutschein-3.jpg
[2012/12/12 09:29:31 | 000,047,305 | ---- | C] () -- C:\Users\XXp\Desktop\pearson-Gutschein-2.jpg
[2012/12/06 13:58:50 | 000,050,996 | ---- | C] () -- C:\Users\XXp\Desktop\bookshop.pearson.de-Gutschein.JPG
[2012/08/22 15:24:02 | 000,020,531 | -H-- | C] () -- C:\ProgramData\M33KI
[2012/08/22 14:09:01 | 000,196,608 | ---- | C] () -- C:\windows\System32\PSlide.dll
[2012/08/22 14:09:01 | 000,094,208 | ---- | C] () -- C:\windows\System32\PF1800U.dll
[2012/08/22 14:09:01 | 000,049,152 | ---- | C] () -- C:\windows\System32\PWiaExt.dll
[2012/08/22 14:01:35 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/08/13 12:10:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/01/14 19:38:08 | 000,010,599 | R--- | C] () -- C:\Users\XXp\GaZi01_elster_2048.pfx
[2012/01/11 17:27:44 | 000,007,603 | ---- | C] () -- C:\Users\XXp\AppData\Local\resmon.resmoncfg
[2012/01/03 01:16:07 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/12/27 14:52:35 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/10/12 10:56:12 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdbbagh.sys
[2011/07/02 23:22:06 | 000,000,023 | ---- | C] () -- C:\windows\System32\sysmwwod.dll
[2011/05/19 07:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 07:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/01/17 20:14:18 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/12/27 12:05:04 | 000,189,104 | ---- | C] () -- C:\Users\XXp\AppData\Roaming\mdbu.bin
[2010/05/24 16:21:55 | 000,013,824 | ---- | C] () -- C:\Users\XXp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 11:24:39 | 000,004,096 | -H-- | C] () -- C:\Users\XXp\AppData\Local\keyfile3.drm
[2010/05/23 12:54:25 | 000,000,092 | ---- | C] () -- C:\Users\XXp\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/08/29 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\Doof\AppData\Roaming\DigitalPersona
[2011/10/12 11:26:45 | 000,000,000 | ---D | M] -- C:\Users\Doof\AppData\Roaming\Infineon
[2010/08/29 20:18:08 | 000,000,000 | ---D | M] -- C:\Users\Doof\AppData\Roaming\Lexware
[2011/09/16 15:45:36 | 000,000,000 | ---D | M] -- C:\Users\Doof\AppData\Roaming\PC Suite
[2011/03/07 10:27:42 | 000,000,000 | ---D | M] -- C:\Users\Doof\AppData\Roaming\TrueCrypt
[2010/10/31 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\1&1
[2012/12/15 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\APP_NAME_NON_STRING
[2012/11/23 14:19:33 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\BitTorrent
[2012/12/24 13:46:16 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\calibre
[2011/12/29 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2010/05/23 13:10:00 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\DataDesign
[2010/05/23 08:21:47 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\DigitalPersona
[2013/01/02 17:51:51 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Dropbox
[2011/10/26 11:34:01 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Egmo
[2011/11/04 22:24:46 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\elsterformular
[2012/12/17 14:31:23 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Engelmann Media
[2012/11/20 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\EurekaLog
[2010/07/31 12:57:52 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\FileZilla
[2011/10/13 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Fingerfox (SE)
[2012/10/20 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\freac
[2010/10/21 21:35:49 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\FreeAudioPack
[2010/05/26 22:24:30 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\FRITZ!
[2012/11/12 15:20:42 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\GalileoPress
[2012/06/25 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Garmin
[2011/10/12 11:26:45 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Infineon
[2012/01/11 17:37:36 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\IrfanView
[2010/09/18 11:14:36 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\JAM Software
[2012/12/19 10:43:22 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Lasersoft Imaging
[2010/07/31 12:58:48 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Leadertech
[2010/06/11 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Lexware
[2011/07/22 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\MAGIX
[2012/10/20 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\MediaType Converter2
[2012/07/23 08:34:25 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Mp3tag
[2011/10/26 11:35:41 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Muvele
[2012/04/09 09:51:12 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Nokia
[2011/06/13 18:24:33 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Nokia Ovi Suite
[2011/11/22 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Nokia Suite
[2011/06/13 17:54:32 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\PC Suite
[2012/12/15 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\PDF Architect
[2012/12/15 23:43:06 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\pdfforge
[2012/01/29 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\pdftoepub
[2012/08/22 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\PIE
[2012/10/25 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\SanDisk
[2010/11/03 00:04:58 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\Thunderbird
[2012/08/09 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\TrueCrypt
[2012/12/15 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\TV-Browser
[2012/06/03 13:33:22 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\XMedia Recode
[2012/07/23 08:18:17 | 000,000,000 | ---D | M] -- C:\Users\XXp\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/01/02 17:52:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/27 09:31:13 | 000,000,000 | -HSD | M] -- C:\boot
[2012/12/28 13:18:11 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009/12/16 18:29:21 | 000,000,000 | ---D | M] -- C:\EFI
[2009/12/16 20:12:13 | 000,000,000 | -H-D | M] -- C:\hp
[2012/01/16 18:39:01 | 000,000,000 | ---D | M] -- C:\Intel
[2010/05/24 13:28:20 | 000,000,000 | ---D | M] -- C:\KPCMS
[2010/05/23 12:53:24 | 000,000,000 | ---D | M] -- C:\Lexware
[2011/03/08 14:57:18 | 000,000,000 | ---D | M] -- C:\Lib
[2010/05/24 10:59:42 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/12/20 19:49:52 | 000,000,000 | ---D | M] -- C:\MyTools
[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/01/02 18:13:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/01/02 18:13:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/10/21 16:40:32 | 000,000,000 | ---D | M] -- C:\Samsung
[2012/01/16 18:38:58 | 000,000,000 | ---D | M] -- C:\swsetup
[2013/01/02 20:25:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/05/23 08:54:38 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2013/01/02 17:51:57 | 000,000,000 | ---D | M] -- C:\Users
[2013/01/02 17:52:27 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2011/11/24 17:22:18 | 000,495,616 | ---- | M] (Gigaset Communications GmbH) -- C:\Windows\system32\Gqstsp.tsp
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 05:53:46 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012/05/14 20:18:10 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_dda3f0f09bf1f8b2\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/05/12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2010/05/12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010/05/12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/10/15 18:37:22 | 000,110,520 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\SafeBoot.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/01/14 19:38:19 | 000,010,599 | R--- | M] () -- C:\Users\XXp\GaZi01_elster_2048.pfx
[2013/01/02 20:40:29 | 008,126,464 | -HS- | M] () -- C:\Users\XXp\ntuser.dat
[2013/01/02 20:40:29 | 000,262,144 | -HS- | M] () -- C:\Users\XXp\ntuser.dat.LOG1
[2011/07/01 16:31:25 | 000,262,144 | -HS- | M] () -- C:\Users\XXp\ntuser.dat.LOG2
[2012/08/15 15:30:34 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{091b03ef-e538-11e1-a838-705ab6aa41ee}.TM.blf
[2012/08/15 15:30:34 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{091b03ef-e538-11e1-a838-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2012/08/15 15:30:34 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{091b03ef-e538-11e1-a838-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2013/01/02 17:11:39 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{4345932c-54f2-11e2-8c8d-705ab6aa41ee}.TM.blf
[2013/01/02 17:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{4345932c-54f2-11e2-8c8d-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2013/01/02 17:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{4345932c-54f2-11e2-8c8d-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2013/01/02 11:19:28 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{4527e3f0-534f-11e2-a984-705ab6aa41ee}.TM.blf
[2013/01/02 11:19:28 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{4527e3f0-534f-11e2-a984-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2013/01/02 11:19:28 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{4527e3f0-534f-11e2-a984-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2013/01/02 16:36:18 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{5a1efcbb-54c9-11e2-8cf6-705ab6aa41ee}.TM.blf
[2013/01/02 16:36:18 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{5a1efcbb-54c9-11e2-8cf6-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2013/01/02 16:36:18 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{5a1efcbb-54c9-11e2-8cf6-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2010/05/23 09:04:29 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/23 09:04:29 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/23 09:04:29 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012/02/20 10:31:45 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{7b16620d-587a-11e1-b37c-705ab6aa41ee}.TM.blf
[2012/02/20 10:31:45 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{7b16620d-587a-11e1-b37c-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2012/02/20 10:31:45 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{7b16620d-587a-11e1-b37c-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2012/12/24 20:38:55 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{881bd6b2-4db1-11e2-abc8-705ab6aa41ee}.TM.blf
[2012/12/24 20:38:55 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{881bd6b2-4db1-11e2-abc8-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2012/12/24 20:38:55 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{881bd6b2-4db1-11e2-abc8-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2012/12/31 14:42:24 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{8962de49-5338-11e2-ac99-9195cb7bc381}.TM.blf
[2012/12/31 14:42:24 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{8962de49-5338-11e2-ac99-9195cb7bc381}.TMContainer00000000000000000001.regtrans-ms
[2012/12/31 14:42:24 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{8962de49-5338-11e2-ac99-9195cb7bc381}.TMContainer00000000000000000002.regtrans-ms
[2012/07/23 08:49:22 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{9d4ba41b-d369-11e1-8b12-705ab6aa41ee}.TM.blf
[2012/07/23 08:49:22 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{9d4ba41b-d369-11e1-8b12-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2012/07/23 08:49:22 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{9d4ba41b-d369-11e1-8b12-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2013/01/02 17:54:29 | 000,065,536 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{eefd65fd-54fc-11e2-b411-705ab6aa41ee}.TM.blf
[2013/01/02 17:54:29 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{eefd65fd-54fc-11e2-b411-705ab6aa41ee}.TMContainer00000000000000000001.regtrans-ms
[2013/01/02 17:54:29 | 000,524,288 | -HS- | M] () -- C:\Users\XXp\ntuser.dat{eefd65fd-54fc-11e2-b411-705ab6aa41ee}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 08:37:06 | 000,000,020 | -HS- | M] () -- C:\Users\XXp\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164

< End of report >
Eine Extras.txt wurde nicht erzeugt.
__________________
Alt 03.01.2013, 16:18   #4
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 16:32   #5
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,
hier das log von TDSkiller:
Code:
ATTFilter
16:28:27.0025 7704  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:28:27.0243 7704  ============================================================
16:28:27.0243 7704  Current date / time: 2013/01/03 16:28:27.0243
16:28:27.0243 7704  SystemInfo:
16:28:27.0243 7704  
16:28:27.0243 7704  OS Version: 6.1.7601 ServicePack: 1.0
16:28:27.0243 7704  Product type: Workstation
16:28:27.0243 7704  ComputerName: XANTHIPPE
16:28:27.0243 7704  UserName: XXp
16:28:27.0243 7704  Windows directory: C:\windows
16:28:27.0243 7704  System windows directory: C:\windows
16:28:27.0243 7704  Processor architecture: Intel x86
16:28:27.0243 7704  Number of processors: 4
16:28:27.0243 7704  Page size: 0x1000
16:28:27.0243 7704  Boot type: Normal boot
16:28:27.0243 7704  ============================================================
16:28:27.0898 7704  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:28:27.0914 7704  ============================================================
16:28:27.0914 7704  \Device\Harddisk0\DR0:
16:28:27.0914 7704  MBR partitions:
16:28:27.0914 7704  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
16:28:27.0914 7704  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23196800
16:28:27.0914 7704  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D000, BlocksNum 0x1E00000
16:28:27.0914 7704  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D000, BlocksNum 0x3FD800
16:28:27.0914 7704  ============================================================
16:28:27.0929 7704  C: <-> \Device\Harddisk0\DR0\Partition2
16:28:27.0961 7704  F: <-> \Device\Harddisk0\DR0\Partition4
16:28:27.0961 7704  ============================================================
16:28:27.0961 7704  Initialize success
16:28:27.0961 7704  ============================================================
16:28:35.0261 7300  ============================================================
16:28:35.0261 7300  Scan started
16:28:35.0261 7300  Mode: Manual; SigCheck; TDLFS; 
16:28:35.0261 7300  ============================================================
16:28:35.0729 7300  ================ Scan system memory ========================
16:28:35.0729 7300  System memory - ok
16:28:35.0729 7300  ================ Scan services =============================
16:28:35.0932 7300  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:28:36.0119 7300  1394ohci - ok
16:28:36.0197 7300  [ 00659E56339389469473AEC41587E706 ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:28:36.0229 7300  ac.sharedstore - ok
16:28:36.0291 7300  [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
16:28:36.0307 7300  Accelerometer - ok
16:28:36.0338 7300  [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:28:36.0743 7300  ACDaemon - ok
16:28:36.0821 7300  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:28:36.0853 7300  ACPI - ok
16:28:36.0946 7300  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:28:37.0024 7300  AcpiPmi - ok
16:28:37.0149 7300  AdobeActiveFileMonitor - ok
16:28:37.0274 7300  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:28:37.0289 7300  AdobeARMservice - ok
16:28:37.0414 7300  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
16:28:37.0430 7300  AdobeFlashPlayerUpdateSvc - ok
16:28:37.0461 7300  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
16:28:37.0492 7300  adp94xx - ok
16:28:37.0523 7300  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
16:28:37.0555 7300  adpahci - ok
16:28:37.0570 7300  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
16:28:37.0601 7300  adpu320 - ok
16:28:37.0617 7300  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:28:37.0695 7300  AeLookupSvc - ok
16:28:37.0759 7300  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\aestsrv.exe
16:28:37.0837 7300  AESTFilters - ok
16:28:37.0869 7300  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\windows\system32\drivers\Afc.sys
16:28:37.0884 7300  Afc - ok
16:28:37.0947 7300  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
16:28:38.0025 7300  AFD - ok
16:28:38.0056 7300  [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
16:28:38.0118 7300  AgereModemAudio - ok
16:28:38.0165 7300  [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
16:28:38.0243 7300  AgereSoftModem - ok
16:28:38.0321 7300  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
16:28:38.0337 7300  agp440 - ok
16:28:38.0368 7300  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
16:28:38.0383 7300  aic78xx - ok
16:28:38.0415 7300  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
16:28:38.0461 7300  ALG - ok
16:28:38.0493 7300  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
16:28:38.0493 7300  aliide - ok
16:28:38.0555 7300  [ 66B11EF9FC95B42BA65D38687C0988D7 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:28:38.0602 7300  AMD External Events Utility - ok
16:28:38.0617 7300  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
16:28:38.0649 7300  amdagp - ok
16:28:38.0649 7300  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
16:28:38.0680 7300  amdide - ok
16:28:38.0695 7300  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
16:28:38.0742 7300  AmdK8 - ok
16:28:38.0742 7300  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
16:28:38.0789 7300  AmdPPM - ok
16:28:38.0836 7300  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:28:38.0851 7300  amdsata - ok
16:28:38.0883 7300  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
16:28:38.0914 7300  amdsbs - ok
16:28:38.0945 7300  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:28:38.0961 7300  amdxata - ok
16:28:39.0101 7300  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:28:39.0117 7300  AntiVirSchedulerService - ok
16:28:39.0210 7300  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:28:39.0226 7300  AntiVirService - ok
16:28:39.0273 7300  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
16:28:39.0335 7300  AppID - ok
16:28:39.0382 7300  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:28:39.0429 7300  AppIDSvc - ok
16:28:39.0507 7300  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
16:28:39.0553 7300  Appinfo - ok
16:28:39.0600 7300  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\windows\System32\appmgmts.dll
16:28:39.0647 7300  AppMgmt - ok
16:28:39.0678 7300  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
16:28:39.0694 7300  arc - ok
16:28:39.0709 7300  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
16:28:39.0725 7300  arcsas - ok
16:28:39.0787 7300  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:28:39.0803 7300  aspnet_state - ok
16:28:39.0819 7300  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:28:39.0943 7300  AsyncMac - ok
16:28:40.0006 7300  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
16:28:40.0021 7300  atapi - ok
16:28:40.0068 7300  [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService  C:\windows\system32\drivers\AtiHdmi.sys
16:28:40.0084 7300  AtiHdmiService - ok
16:28:40.0193 7300  [ 4EA924FCF60AC2AC06EEF6F074BC1FD5 ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
16:28:40.0365 7300  atikmdag - ok
16:28:40.0443 7300  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:28:40.0505 7300  AudioEndpointBuilder - ok
16:28:40.0505 7300  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
16:28:40.0552 7300  Audiosrv - ok
16:28:40.0599 7300  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
16:28:40.0630 7300  avgntflt - ok
16:28:40.0692 7300  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
16:28:40.0708 7300  avipbb - ok
16:28:40.0755 7300  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
16:28:40.0755 7300  avkmgr - ok
16:28:40.0817 7300  [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio        C:\windows\system32\DRIVERS\avmaudio.sys
16:28:40.0864 7300  avmaudio - ok
16:28:40.0895 7300  [ 728C4A6C722535C16D1025F51AA31E22 ] avmaura         C:\windows\system32\DRIVERS\avmaura.sys
16:28:40.0911 7300  avmaura - ok
16:28:40.0957 7300  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:28:41.0035 7300  AxInstSV - ok
16:28:41.0067 7300  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
16:28:41.0145 7300  b06bdrv - ok
16:28:41.0160 7300  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
16:28:41.0191 7300  b57nd60x - ok
16:28:41.0238 7300  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
16:28:41.0301 7300  BDESVC - ok
16:28:41.0316 7300  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
16:28:41.0363 7300  Beep - ok
16:28:41.0441 7300  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
16:28:41.0519 7300  BFE - ok
16:28:41.0550 7300  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
16:28:41.0613 7300  BITS - ok
16:28:41.0628 7300  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:28:41.0675 7300  blbdrive - ok
16:28:41.0706 7300  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:28:41.0753 7300  bowser - ok
16:28:41.0784 7300  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
16:28:41.0847 7300  BrFiltLo - ok
16:28:41.0862 7300  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
16:28:41.0909 7300  BrFiltUp - ok
16:28:41.0940 7300  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
16:28:42.0018 7300  Browser - ok
16:28:42.0034 7300  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:28:42.0112 7300  Brserid - ok
16:28:42.0112 7300  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:28:42.0143 7300  BrSerWdm - ok
16:28:42.0159 7300  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:28:42.0205 7300  BrUsbMdm - ok
16:28:42.0205 7300  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:28:42.0237 7300  BrUsbSer - ok
16:28:42.0299 7300  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:28:42.0408 7300  BthEnum - ok
16:28:42.0408 7300  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:28:42.0455 7300  BTHMODEM - ok
16:28:42.0486 7300  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:28:42.0549 7300  BthPan - ok
16:28:42.0596 7300  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:28:42.0643 7300  BTHPORT - ok
16:28:42.0674 7300  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
16:28:42.0752 7300  bthserv - ok
16:28:42.0799 7300  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:28:42.0830 7300  BTHUSB - ok
16:28:42.0862 7300  [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
16:28:42.0877 7300  btwaudio - ok
16:28:42.0908 7300  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
16:28:42.0924 7300  btwavdt - ok
16:28:42.0971 7300  [ F55C99818FD1EACFC7784958A8592536 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:28:43.0002 7300  btwdins - ok
16:28:43.0018 7300  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
16:28:43.0018 7300  btwl2cap - ok
16:28:43.0049 7300  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
16:28:43.0064 7300  btwrchid - ok
16:28:43.0096 7300  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:28:43.0142 7300  cdfs - ok
16:28:43.0220 7300  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:28:43.0252 7300  cdrom - ok
16:28:43.0330 7300  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
16:28:43.0392 7300  CertPropSvc - ok
16:28:43.0423 7300  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
16:28:43.0470 7300  circlass - ok
16:28:43.0517 7300  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
16:28:43.0564 7300  CLFS - ok
16:28:43.0595 7300  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:43.0626 7300  clr_optimization_v2.0.50727_32 - ok
16:28:43.0704 7300  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:43.0735 7300  clr_optimization_v4.0.30319_32 - ok
16:28:43.0766 7300  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:28:43.0782 7300  CmBatt - ok
16:28:43.0782 7300  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:28:43.0798 7300  cmdide - ok
16:28:43.0860 7300  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\windows\system32\Drivers\cng.sys
16:28:43.0938 7300  CNG - ok
16:28:44.0000 7300  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:28:44.0032 7300  Com4QLBEx - ok
16:28:44.0063 7300  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:28:44.0078 7300  Compbatt - ok
16:28:44.0141 7300  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:28:44.0203 7300  CompositeBus - ok
16:28:44.0234 7300  COMSysApp - ok
16:28:44.0266 7300  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
16:28:44.0281 7300  crcdisk - ok
16:28:44.0344 7300  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:28:44.0406 7300  CryptSvc - ok
16:28:44.0468 7300  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\windows\system32\drivers\csc.sys
16:28:44.0578 7300  CSC - ok
16:28:44.0640 7300  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\windows\System32\cscsvc.dll
16:28:44.0687 7300  CscService - ok
16:28:44.0734 7300  [ A05433F6218DCB8F0DEC232DE65F8B26 ] DAMDrv          C:\windows\system32\DRIVERS\DAMDrv.sys
16:28:44.0749 7300  DAMDrv - ok
16:28:44.0796 7300  [ 0C527B30712D735D8CB61B5187C36587 ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
16:28:44.0827 7300  dc3d - ok
16:28:44.0858 7300  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
16:28:44.0921 7300  DcomLaunch - ok
16:28:44.0936 7300  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
16:28:45.0014 7300  defragsvc - ok
16:28:45.0046 7300  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:28:45.0092 7300  DfsC - ok
16:28:45.0139 7300  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:28:45.0202 7300  Dhcp - ok
16:28:45.0233 7300  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
16:28:45.0295 7300  discache - ok
16:28:45.0358 7300  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
16:28:45.0389 7300  Disk - ok
16:28:45.0436 7300  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:28:45.0467 7300  Dnscache - ok
16:28:45.0514 7300  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
16:28:45.0576 7300  dot3svc - ok
16:28:45.0654 7300  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
16:28:45.0716 7300  Dot4 - ok
16:28:45.0779 7300  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
16:28:45.0826 7300  Dot4Print - ok
16:28:45.0841 7300  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
16:28:45.0888 7300  dot4usb - ok
16:28:45.0950 7300  [ CACE0FDD5D1EA41A36AC8CE590330834 ] DpHost          C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
16:28:45.0982 7300  DpHost - ok
16:28:46.0028 7300  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
16:28:46.0122 7300  DPS - ok
16:28:46.0153 7300  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:28:46.0200 7300  drmkaud - ok
16:28:46.0247 7300  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:28:46.0294 7300  DXGKrnl - ok
16:28:46.0325 7300  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
16:28:46.0387 7300  EapHost - ok
16:28:46.0481 7300  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
16:28:46.0590 7300  ebdrv - ok
16:28:46.0637 7300  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
16:28:46.0699 7300  EFS - ok
16:28:46.0793 7300  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:28:46.0886 7300  ehRecvr - ok
16:28:46.0902 7300  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
16:28:46.0980 7300  ehSched - ok
16:28:46.0996 7300  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
16:28:47.0027 7300  elxstor - ok
16:28:47.0074 7300  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:28:47.0120 7300  ErrDev - ok
16:28:47.0167 7300  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
16:28:47.0230 7300  EventSystem - ok
16:28:47.0276 7300  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
16:28:47.0323 7300  exfat - ok
16:28:47.0354 7300  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:28:47.0401 7300  fastfat - ok
16:28:47.0479 7300  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
16:28:47.0557 7300  Fax - ok
16:28:47.0573 7300  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
16:28:47.0620 7300  fdc - ok
16:28:47.0651 7300  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
16:28:47.0713 7300  fdPHost - ok
16:28:47.0729 7300  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
16:28:47.0760 7300  FDResPub - ok
16:28:47.0776 7300  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:28:47.0791 7300  FileInfo - ok
16:28:47.0791 7300  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:28:47.0822 7300  Filetrace - ok
16:28:47.0854 7300  [ 58B43566FF67F2255AF1CA916D2FDACB ] FLCDLOCK        c:\Windows\system32\flcdlock.exe
16:28:47.0885 7300  FLCDLOCK - ok
16:28:47.0885 7300  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
16:28:47.0932 7300  flpydisk - ok
16:28:47.0963 7300  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:28:47.0978 7300  FltMgr - ok
16:28:48.0041 7300  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
16:28:48.0134 7300  FontCache - ok
16:28:48.0181 7300  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:28:48.0197 7300  FontCache3.0.0.0 - ok
16:28:48.0212 7300  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:28:48.0228 7300  FsDepends - ok
16:28:48.0275 7300  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:28:48.0290 7300  Fs_Rec - ok
16:28:48.0353 7300  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:28:48.0384 7300  fvevol - ok
16:28:48.0415 7300  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
16:28:48.0431 7300  gagp30kx - ok
16:28:48.0462 7300  [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\windows\system32\DRIVERS\GigasetGenericUSB.sys
16:28:48.0524 7300  GigasetGenericUSB - ok
16:28:48.0556 7300  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
16:28:48.0602 7300  gpsvc - ok
16:28:48.0649 7300  [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb         C:\windows\system32\drivers\grmnusb.sys
16:28:48.0665 7300  grmnusb - ok
16:28:48.0774 7300  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:28:48.0805 7300  gupdate - ok
16:28:48.0821 7300  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:28:48.0836 7300  gupdatem - ok
16:28:48.0899 7300  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:48.0914 7300  gusvc - ok
16:28:48.0946 7300  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:28:49.0008 7300  hcw85cir - ok
16:28:49.0070 7300  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:28:49.0148 7300  HdAudAddService - ok
16:28:49.0180 7300  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:28:49.0226 7300  HDAudBus - ok
16:28:49.0242 7300  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\windows\system32\DRIVERS\HECI.sys
16:28:49.0320 7300  HECI - ok
16:28:49.0336 7300  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
16:28:49.0351 7300  HidBatt - ok
16:28:49.0382 7300  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:28:49.0429 7300  HidBth - ok
16:28:49.0460 7300  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
16:28:49.0476 7300  HidIr - ok
16:28:49.0492 7300  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
16:28:49.0570 7300  hidserv - ok
16:28:49.0601 7300  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:28:49.0632 7300  HidUsb - ok
16:28:49.0679 7300  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:28:49.0726 7300  hkmsvc - ok
16:28:49.0788 7300  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:28:49.0866 7300  HomeGroupListener - ok
16:28:49.0913 7300  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:28:49.0960 7300  HomeGroupProvider - ok
16:28:50.0022 7300  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:28:50.0038 7300  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
16:28:50.0038 7300  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
16:28:50.0053 7300  [ 9374C0E511F8763B56567E2E80B2DB6E ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
16:28:50.0069 7300  HP Power Assistant Service - ok
16:28:50.0116 7300  [ 657E81DF0625198C97F91C09AE9611FC ] HP ProtectTools Service C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
16:28:50.0131 7300  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
16:28:50.0131 7300  HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
16:28:50.0162 7300  [ AEAD49B76830B89EBD5E079BD5209186 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:28:50.0178 7300  HP Wireless Assistant Service - ok
16:28:50.0225 7300  [ A48A151D3FA7CB032A51453F087221C7 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:28:50.0240 7300  HPDrvMntSvc.exe - ok
16:28:50.0272 7300  [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
16:28:50.0272 7300  hpdskflt - ok
16:28:50.0318 7300  [ 5B254F65973D4958D2BB5B153961891C ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
16:28:50.0350 7300  HpFkCryptService - ok
16:28:50.0396 7300  [ E123B122D5217F724B1D2641010C9D3C ] HPFSService     C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
16:28:50.0428 7300  HPFSService ( UnsignedFile.Multi.Generic ) - warning
16:28:50.0428 7300  HPFSService - detected UnsignedFile.Multi.Generic (1)
16:28:50.0568 7300  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:28:50.0584 7300  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:28:50.0584 7300  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:28:50.0599 7300  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:28:50.0630 7300  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:28:50.0630 7300  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:28:50.0677 7300  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
16:28:50.0740 7300  HpqKbFiltr - ok
16:28:50.0771 7300  [ 71BD8A611E0677175D3938C9CEA7339A ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:28:50.0802 7300  hpqwmiex - ok
16:28:50.0864 7300  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:28:50.0880 7300  HpSAMD - ok
16:28:50.0958 7300  [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:28:51.0005 7300  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
16:28:51.0005 7300  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
16:28:51.0052 7300  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv           C:\windows\system32\Hpservice.exe
16:28:51.0052 7300  hpsrv - ok
16:28:51.0130 7300  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:28:51.0208 7300  HTTP - ok
16:28:51.0239 7300  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:28:51.0254 7300  hwpolicy - ok
16:28:51.0286 7300  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:28:51.0317 7300  i8042prt - ok
16:28:51.0410 7300  [ F54B3DB096ABD6E9BBBD052FD3878A48 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:28:51.0442 7300  IAANTMON - ok
16:28:51.0457 7300  [ 01446278D4563B3013C92830AE6CBB26 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:28:51.0473 7300  iaStor - ok
16:28:51.0504 7300  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:28:51.0520 7300  iaStorV - ok
16:28:51.0582 7300  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:28:51.0644 7300  idsvc - ok
16:28:51.0754 7300  [ 455FE9A193385ED81396322678F28C4C ] IFXSpMgtSrv     C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
16:28:51.0816 7300  IFXSpMgtSrv - ok
16:28:51.0863 7300  [ 59D8A7933AC75A2E2823DDD5DA4A2182 ] IFXTCS          C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
16:28:51.0910 7300  IFXTCS - ok
16:28:51.0941 7300  [ 506801C7D47BE8CD1CF342BF28EB17EC ] IGDCTRL         C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
16:28:51.0956 7300  IGDCTRL - ok
16:28:52.0066 7300  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
16:28:52.0222 7300  igfx - ok
16:28:52.0253 7300  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
16:28:52.0268 7300  iirsp - ok
16:28:52.0315 7300  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
16:28:52.0409 7300  IKEEXT - ok
16:28:52.0487 7300  [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
16:28:52.0518 7300  Impcd - ok
16:28:52.0565 7300  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
16:28:52.0580 7300  intelide - ok
16:28:52.0596 7300  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:28:52.0612 7300  intelppm - ok
16:28:52.0627 7300  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:28:52.0690 7300  IPBusEnum - ok
16:28:52.0705 7300  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:28:52.0783 7300  IpFilterDriver - ok
16:28:52.0830 7300  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:28:52.0892 7300  iphlpsvc - ok
16:28:52.0939 7300  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:28:52.0986 7300  IPMIDRV - ok
16:28:53.0017 7300  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:28:53.0080 7300  IPNAT - ok
16:28:53.0111 7300  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:28:53.0189 7300  IRENUM - ok
16:28:53.0251 7300  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:28:53.0282 7300  isapnp - ok
16:28:53.0298 7300  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:28:53.0329 7300  iScsiPrt - ok
16:28:53.0360 7300  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:28:53.0376 7300  kbdclass - ok
16:28:53.0423 7300  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:28:53.0470 7300  kbdhid - ok
16:28:53.0501 7300  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
16:28:53.0516 7300  KeyIso - ok
16:28:53.0563 7300  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:28:53.0594 7300  KSecDD - ok
16:28:53.0641 7300  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:28:53.0672 7300  KSecPkg - ok
16:28:53.0704 7300  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
16:28:53.0782 7300  KtmRm - ok
16:28:53.0844 7300  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
16:28:53.0922 7300  LanmanServer - ok
16:28:53.0984 7300  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:28:54.0031 7300  LanmanWorkstation - ok
16:28:54.0156 7300  [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:28:54.0187 7300  LBTServ - ok
16:28:54.0265 7300  [ B68309F25C5787385DA842EB5B496958 ] LHidFilt        C:\windows\system32\DRIVERS\LHidFilt.Sys
16:28:54.0281 7300  LHidFilt - ok
16:28:54.0312 7300  [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:28:54.0328 7300  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:28:54.0328 7300  LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:28:54.0359 7300  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:28:54.0421 7300  lltdio - ok
16:28:54.0452 7300  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:28:54.0515 7300  lltdsvc - ok
16:28:54.0530 7300  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
16:28:54.0562 7300  lmhosts - ok
16:28:54.0577 7300  [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt        C:\windows\system32\DRIVERS\LMouFilt.Sys
16:28:54.0577 7300  LMouFilt - ok
16:28:54.0624 7300  [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:28:54.0655 7300  LMS - ok
16:28:54.0686 7300  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
16:28:54.0718 7300  LSI_FC - ok
16:28:54.0733 7300  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
16:28:54.0749 7300  LSI_SAS - ok
16:28:54.0749 7300  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
16:28:54.0764 7300  LSI_SAS2 - ok
16:28:54.0780 7300  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
16:28:54.0796 7300  LSI_SCSI - ok
16:28:54.0811 7300  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
16:28:54.0874 7300  luafv - ok
16:28:54.0920 7300  [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt        C:\windows\system32\Drivers\LUsbFilt.Sys
16:28:54.0920 7300  LUsbFilt - ok
16:28:54.0998 7300  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\windows\system32\drivers\massfilter.sys
16:28:55.0045 7300  massfilter - ok
16:28:55.0092 7300  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:28:55.0139 7300  Mcx2Svc - ok
16:28:55.0170 7300  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
16:28:55.0186 7300  megasas - ok
16:28:55.0201 7300  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
16:28:55.0217 7300  MegaSR - ok
16:28:55.0248 7300  [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK         C:\windows\system32\drivers\MfeAVFK.sys
16:28:55.0264 7300  MfeAVFK - ok
16:28:55.0264 7300  [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK         C:\windows\system32\drivers\MfeBOPK.sys
16:28:55.0279 7300  MfeBOPK - ok
16:28:55.0295 7300  [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
16:28:55.0326 7300  mfehidk - ok
16:28:55.0326 7300  [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK         C:\windows\system32\drivers\MfeRKDK.sys
16:28:55.0342 7300  MfeRKDK - ok
16:28:55.0357 7300  [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik         C:\windows\system32\drivers\mfetdik.sys
16:28:55.0373 7300  mfetdik - ok
16:28:55.0451 7300  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:28:55.0482 7300  Microsoft Office Groove Audit Service - ok
16:28:55.0498 7300  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
16:28:55.0544 7300  MMCSS - ok
16:28:55.0560 7300  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
16:28:55.0622 7300  Modem - ok
16:28:55.0654 7300  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:28:55.0685 7300  monitor - ok
16:28:55.0732 7300  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:28:55.0732 7300  mouclass - ok
16:28:55.0747 7300  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:28:55.0794 7300  mouhid - ok
16:28:55.0856 7300  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:28:55.0888 7300  mountmgr - ok
16:28:55.0981 7300  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:28:56.0028 7300  MozillaMaintenance - ok
16:28:56.0044 7300  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
16:28:56.0075 7300  mpio - ok
16:28:56.0075 7300  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:28:56.0137 7300  mpsdrv - ok
16:28:56.0184 7300  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:28:56.0278 7300  MpsSvc - ok
16:28:56.0293 7300  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:28:56.0356 7300  MRxDAV - ok
16:28:56.0387 7300  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:28:56.0480 7300  mrxsmb - ok
16:28:56.0496 7300  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:28:56.0527 7300  mrxsmb10 - ok
16:28:56.0558 7300  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:28:56.0590 7300  mrxsmb20 - ok
16:28:56.0636 7300  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
16:28:56.0652 7300  msahci - ok
16:28:56.0699 7300  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:28:56.0730 7300  msdsm - ok
16:28:56.0746 7300  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
16:28:56.0808 7300  MSDTC - ok
16:28:56.0855 7300  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:28:56.0917 7300  Msfs - ok
16:28:56.0948 7300  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:28:56.0995 7300  mshidkmdf - ok
16:28:57.0011 7300  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:28:57.0026 7300  msisadrv - ok
16:28:57.0058 7300  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:28:57.0136 7300  MSiSCSI - ok
16:28:57.0136 7300  msiserver - ok
16:28:57.0167 7300  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:28:57.0229 7300  MSKSSRV - ok
16:28:57.0276 7300  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:28:57.0338 7300  MSPCLOCK - ok
16:28:57.0354 7300  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:28:57.0401 7300  MSPQM - ok
16:28:57.0432 7300  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:28:57.0448 7300  MsRPC - ok
16:28:57.0463 7300  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:28:57.0463 7300  mssmbios - ok
16:28:57.0479 7300  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:28:57.0526 7300  MSTEE - ok
16:28:57.0557 7300  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
16:28:57.0572 7300  MTConfig - ok
16:28:57.0572 7300  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
16:28:57.0588 7300  Mup - ok
16:28:57.0650 7300  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
16:28:57.0697 7300  napagent - ok
16:28:57.0728 7300  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:28:57.0760 7300  NativeWifiP - ok
16:28:57.0822 7300  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:28:57.0884 7300  NDIS - ok
16:28:57.0884 7300  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:28:57.0916 7300  NdisCap - ok
16:28:57.0931 7300  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:28:57.0978 7300  NdisTapi - ok
16:28:58.0040 7300  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:28:58.0118 7300  Ndisuio - ok
16:28:58.0150 7300  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:28:58.0212 7300  NdisWan - ok
16:28:58.0259 7300  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:28:58.0306 7300  NDProxy - ok
16:28:58.0368 7300  [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
16:28:58.0368 7300  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:28:58.0368 7300  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:28:58.0384 7300  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:28:58.0446 7300  NetBIOS - ok
16:28:58.0493 7300  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:28:58.0571 7300  NetBT - ok
16:28:58.0586 7300  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
16:28:58.0602 7300  Netlogon - ok
16:28:58.0633 7300  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
16:28:58.0664 7300  Netman - ok
16:28:58.0680 7300  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
16:28:58.0742 7300  netprofm - ok
16:28:58.0758 7300  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:28:58.0774 7300  NetTcpPortSharing - ok
16:28:58.0961 7300  [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32        C:\windows\system32\DRIVERS\NETw5s32.sys
16:28:59.0195 7300  NETw5s32 - ok
16:28:59.0210 7300  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
16:28:59.0257 7300  nfrd960 - ok
16:28:59.0320 7300  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
16:28:59.0366 7300  NlaSvc - ok
16:28:59.0460 7300  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\windows\system32\drivers\ccdcmb.sys
16:28:59.0569 7300  nmwcd - ok
16:28:59.0632 7300  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\windows\system32\drivers\ccdcmbo.sys
16:28:59.0694 7300  nmwcdc - ok
16:28:59.0725 7300  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:28:59.0756 7300  Npfs - ok
16:28:59.0788 7300  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
16:28:59.0819 7300  nsi - ok
16:28:59.0834 7300  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:28:59.0881 7300  nsiproxy - ok
16:28:59.0975 7300  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:29:00.0037 7300  Ntfs - ok
16:29:00.0053 7300  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
16:29:00.0084 7300  Null - ok
16:29:00.0100 7300  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:29:00.0115 7300  nvraid - ok
16:29:00.0162 7300  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:29:00.0193 7300  nvstor - ok
16:29:00.0209 7300  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:29:00.0224 7300  nv_agp - ok
16:29:00.0318 7300  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:29:00.0349 7300  odserv - ok
16:29:00.0396 7300  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:29:00.0458 7300  ohci1394 - ok
16:29:00.0521 7300  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:29:00.0552 7300  ose - ok
16:29:00.0568 7300  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:29:00.0646 7300  p2pimsvc - ok
16:29:00.0677 7300  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
16:29:00.0692 7300  p2psvc - ok
16:29:00.0724 7300  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
16:29:00.0739 7300  Parport - ok
16:29:00.0786 7300  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:29:00.0817 7300  partmgr - ok
16:29:00.0817 7300  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
16:29:00.0864 7300  Parvdm - ok
16:29:00.0880 7300  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:29:00.0911 7300  PcaSvc - ok
16:29:00.0958 7300  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\windows\system32\DRIVERS\pccsmcfd.sys
16:29:01.0036 7300  pccsmcfd - ok
16:29:01.0145 7300  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
16:29:01.0176 7300  pci - ok
16:29:01.0192 7300  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
16:29:01.0223 7300  pciide - ok
16:29:01.0270 7300  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
16:29:01.0301 7300  pcmcia - ok
16:29:01.0363 7300  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
16:29:01.0379 7300  pcw - ok
16:29:01.0441 7300  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:29:01.0504 7300  PEAUTH - ok
16:29:01.0582 7300  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
16:29:01.0675 7300  PeerDistSvc - ok
16:29:01.0753 7300  [ B6FAEDF5356A5C0954487F7381C88CC3 ] PersonalSecureDrive C:\windows\System32\drivers\psd.sys
16:29:01.0784 7300  PersonalSecureDrive - ok
16:29:01.0800 7300  [ 01C1F728874BAFFB02C7DAF682BFD562 ] PersonalSecureDriveService C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
16:29:01.0831 7300  PersonalSecureDriveService - ok
16:29:01.0909 7300  PhotoshopElementsDeviceConnect - ok
16:29:01.0987 7300  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
16:29:02.0065 7300  pla - ok
16:29:02.0143 7300  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:29:02.0206 7300  PlugPlay - ok
16:29:02.0252 7300  [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
16:29:02.0268 7300  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:29:02.0268 7300  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:29:02.0299 7300  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:29:02.0346 7300  PNRPAutoReg - ok
16:29:02.0362 7300  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:29:02.0393 7300  PNRPsvc - ok
16:29:02.0440 7300  [ 0648C9DB881557749039CFEE5E97E1A3 ] Point32         C:\windows\system32\DRIVERS\point32.sys
16:29:02.0471 7300  Point32 - ok
16:29:02.0518 7300  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:29:02.0596 7300  PolicyAgent - ok
16:29:02.0627 7300  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
16:29:02.0705 7300  Power - ok
16:29:02.0736 7300  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:29:02.0798 7300  PptpMiniport - ok
16:29:02.0830 7300  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
16:29:02.0876 7300  Processor - ok
16:29:02.0939 7300  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
16:29:03.0001 7300  ProfSvc - ok
16:29:03.0032 7300  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:29:03.0048 7300  ProtectedStorage - ok
16:29:03.0064 7300  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:29:03.0110 7300  Psched - ok
16:29:03.0126 7300  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
16:29:03.0142 7300  PxHelp20 - ok
16:29:03.0173 7300  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
16:29:03.0235 7300  ql2300 - ok
16:29:03.0266 7300  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
16:29:03.0266 7300  ql40xx - ok
16:29:03.0298 7300  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
16:29:03.0313 7300  QWAVE - ok
16:29:03.0329 7300  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:29:03.0344 7300  QWAVEdrv - ok
16:29:03.0407 7300  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\windows\WindowsMobile\rapimgr.dll
16:29:03.0438 7300  RapiMgr - ok
16:29:03.0454 7300  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:29:03.0532 7300  RasAcd - ok
16:29:03.0563 7300  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:29:03.0641 7300  RasAgileVpn - ok
16:29:03.0656 7300  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
16:29:03.0688 7300  RasAuto - ok
16:29:03.0703 7300  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:29:03.0734 7300  Rasl2tp - ok
16:29:03.0797 7300  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
16:29:03.0844 7300  RasMan - ok
16:29:03.0859 7300  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:29:03.0906 7300  RasPppoe - ok
16:29:03.0937 7300  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:29:03.0968 7300  RasSstp - ok
16:29:04.0031 7300  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:29:04.0062 7300  rdbss - ok
16:29:04.0109 7300  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:29:04.0109 7300  rdpbus - ok
16:29:04.0156 7300  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:29:04.0234 7300  RDPCDD - ok
16:29:04.0280 7300  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
16:29:04.0312 7300  RDPDR - ok
16:29:04.0327 7300  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:29:04.0374 7300  RDPENCDD - ok
16:29:04.0374 7300  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:29:04.0421 7300  RDPREFMP - ok
16:29:04.0499 7300  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:29:04.0530 7300  RdpVideoMiniport - ok
16:29:04.0577 7300  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:29:04.0624 7300  RDPWD - ok
16:29:04.0686 7300  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:29:04.0702 7300  rdyboost - ok
16:29:04.0733 7300  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
16:29:04.0780 7300  RemoteAccess - ok
16:29:04.0811 7300  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:29:04.0858 7300  RemoteRegistry - ok
16:29:04.0889 7300  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:29:04.0920 7300  RFCOMM - ok
16:29:04.0936 7300  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\windows\system32\DRIVERS\rimmptsk.sys
16:29:04.0998 7300  rimmptsk - ok
16:29:05.0029 7300  [ E891F07815AF88075705EF6A248711F6 ] rimspci         C:\windows\system32\DRIVERS\rimspe86.sys
16:29:05.0092 7300  rimspci - ok
16:29:05.0123 7300  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\windows\system32\DRIVERS\rimsptsk.sys
16:29:05.0185 7300  rimsptsk - ok
16:29:05.0201 7300  [ D853D35F792A3A44726A794BF9A0BBC3 ] risdpcie        C:\windows\system32\DRIVERS\risdpe86.sys
16:29:05.0248 7300  risdpcie - ok
16:29:05.0279 7300  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\windows\system32\DRIVERS\rixdptsk.sys
16:29:05.0341 7300  rismxdp - ok
16:29:05.0357 7300  [ 6A60626412129C713CC30C81870A8095 ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe86.sys
16:29:05.0372 7300  rixdpcie - ok
16:29:05.0466 7300  [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10    c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
16:29:05.0528 7300  RoxMediaDB10 - ok
16:29:05.0560 7300  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:29:05.0622 7300  RpcEptMapper - ok
16:29:05.0669 7300  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
16:29:05.0669 7300  RpcLocator - ok
16:29:05.0731 7300  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
16:29:05.0794 7300  RpcSs - ok
16:29:05.0825 7300  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:29:05.0872 7300  rspndr - ok
16:29:05.0903 7300  [ 8CDC9BB9153CE42AEB3D5781A043B4F9 ] RsvLock         C:\windows\system32\drivers\RsvLock.sys
16:29:05.0918 7300  RsvLock - ok
16:29:05.0965 7300  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
16:29:05.0996 7300  s3cap - ok
16:29:06.0012 7300  [ 5C8BC26DF69A16F3226A77C738CC44AB ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
16:29:06.0012 7300  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 5C8BC26DF69A16F3226A77C738CC44AB
16:29:06.0012 7300  SafeBoot ( LockedFile.Multi.Generic ) - warning
16:29:06.0012 7300  SafeBoot - detected LockedFile.Multi.Generic (1)
16:29:06.0028 7300  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
16:29:06.0043 7300  SamSs - ok
16:29:06.0059 7300  [ EA15D2B45681E7D951791810C77F3530 ] SbAlg           C:\windows\system32\drivers\SbAlg.sys
16:29:06.0074 7300  SbAlg - ok
16:29:06.0074 7300  [ A8F24962054A1B711FC7B27EBC6AF798 ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
16:29:06.0090 7300  SbFsLock - ok
16:29:06.0137 7300  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:29:06.0168 7300  sbp2port - ok
16:29:06.0184 7300  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:29:06.0215 7300  SCardSvr - ok
16:29:06.0262 7300  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:29:06.0308 7300  scfilter - ok
16:29:06.0340 7300  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
16:29:06.0386 7300  Schedule - ok
16:29:06.0433 7300  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:29:06.0480 7300  SCPolicySvc - ok
16:29:06.0511 7300  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\windows\system32\drivers\sdbus.sys
16:29:06.0542 7300  sdbus - ok
16:29:06.0574 7300  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:29:06.0636 7300  SDRSVC - ok
16:29:06.0667 7300  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:29:06.0730 7300  secdrv - ok
16:29:06.0761 7300  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
16:29:06.0792 7300  seclogon - ok
16:29:06.0808 7300  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
16:29:06.0839 7300  SENS - ok
16:29:06.0870 7300  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:29:06.0932 7300  SensrSvc - ok
16:29:06.0932 7300  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:29:06.0964 7300  Serenum - ok
16:29:06.0964 7300  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:29:07.0010 7300  Serial - ok
16:29:07.0026 7300  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
16:29:07.0073 7300  sermouse - ok
16:29:07.0229 7300  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:29:07.0276 7300  ServiceLayer - ok
16:29:07.0322 7300  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
16:29:07.0385 7300  SessionEnv - ok
16:29:07.0432 7300  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:29:07.0447 7300  sffdisk - ok
16:29:07.0463 7300  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:29:07.0510 7300  sffp_mmc - ok
16:29:07.0510 7300  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:29:07.0556 7300  sffp_sd - ok
16:29:07.0572 7300  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
16:29:07.0588 7300  sfloppy - ok
16:29:07.0619 7300  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:29:07.0681 7300  SharedAccess - ok
16:29:07.0728 7300  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:29:07.0775 7300  ShellHWDetection - ok
16:29:07.0837 7300  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
16:29:07.0853 7300  sisagp - ok
16:29:07.0900 7300  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
16:29:07.0915 7300  SiSRaid2 - ok
16:29:07.0931 7300  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
16:29:07.0946 7300  SiSRaid4 - ok
16:29:07.0978 7300  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:29:07.0978 7300  SkypeUpdate - ok
16:29:08.0024 7300  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:29:08.0071 7300  Smb - ok
16:29:08.0118 7300  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:29:08.0149 7300  SNMPTRAP - ok
16:29:08.0212 7300  [ 4D8A49526AA035B1A8FF3FE6807783F5 ] SNP2UVC         C:\windows\system32\DRIVERS\snp2uvc.sys
16:29:08.0274 7300  SNP2UVC - ok
16:29:08.0290 7300  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
16:29:08.0290 7300  spldr - ok
16:29:08.0352 7300  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
16:29:08.0430 7300  Spooler - ok
16:29:08.0539 7300  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
16:29:08.0680 7300  sppsvc - ok
16:29:08.0726 7300  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:29:08.0773 7300  sppuinotify - ok
16:29:08.0851 7300  [ 1C63FE706AB797BC3C24813FF969B4DE ] Spyder3         C:\windows\system32\DRIVERS\Spyder3.sys
16:29:08.0882 7300  Spyder3 - ok
16:29:08.0929 7300  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:29:09.0023 7300  srv - ok
16:29:09.0070 7300  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:29:09.0116 7300  srv2 - ok
16:29:09.0148 7300  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:29:09.0194 7300  srvnet - ok
16:29:09.0226 7300  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:29:09.0272 7300  SSDPSRV - ok
16:29:09.0335 7300  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
16:29:09.0350 7300  ssmdrv - ok
16:29:09.0366 7300  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:29:09.0428 7300  SstpSvc - ok
16:29:09.0522 7300  [ 1816C34D3DC9A0F1745FB455506C7B58 ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\STacSV.exe
16:29:09.0569 7300  STacSV - ok
16:29:09.0616 7300  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
16:29:09.0631 7300  stexstor - ok
16:29:09.0678 7300  [ 96CB9FD21207AF4456D37957441F6001 ] STHDA           C:\windows\system32\DRIVERS\stwrt.sys
16:29:09.0725 7300  STHDA - ok
16:29:09.0772 7300  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
16:29:09.0834 7300  StiSvc - ok
16:29:09.0881 7300  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:29:09.0896 7300  stllssvr - ok
16:29:09.0959 7300  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
16:29:09.0974 7300  storflt - ok
16:29:10.0006 7300  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\windows\system32\storsvc.dll
16:29:10.0037 7300  StorSvc - ok
16:29:10.0052 7300  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\windows\system32\drivers\storvsc.sys
16:29:10.0068 7300  storvsc - ok
16:29:10.0084 7300  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
16:29:10.0099 7300  swenum - ok
16:29:10.0130 7300  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
16:29:10.0162 7300  swprv - ok
16:29:10.0240 7300  [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:29:10.0318 7300  SynTP - ok
16:29:10.0380 7300  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
16:29:10.0474 7300  SysMain - ok
16:29:10.0505 7300  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:29:10.0552 7300  TabletInputService - ok
16:29:10.0583 7300  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
16:29:10.0614 7300  TapiSrv - ok
16:29:10.0630 7300  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
16:29:10.0692 7300  TBS - ok
16:29:10.0754 7300  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:29:10.0832 7300  Tcpip - ok
16:29:10.0864 7300  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:29:10.0926 7300  TCPIP6 - ok
16:29:10.0973 7300  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:29:11.0004 7300  tcpipreg - ok
16:29:11.0051 7300  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:29:11.0098 7300  TDPIPE - ok
16:29:11.0144 7300  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:29:11.0176 7300  TDTCP - ok
16:29:11.0207 7300  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:29:11.0254 7300  tdx - ok
16:29:11.0300 7300  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
16:29:11.0316 7300  TermDD - ok
16:29:11.0363 7300  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
16:29:11.0441 7300  TermService - ok
16:29:11.0472 7300  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
16:29:11.0503 7300  Themes - ok
16:29:11.0550 7300  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
16:29:11.0581 7300  THREADORDER - ok
16:29:11.0612 7300  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\windows\system32\drivers\tpm.sys
16:29:11.0644 7300  TPM - ok
16:29:11.0675 7300  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
16:29:11.0737 7300  TrkWks - ok
16:29:11.0784 7300  [ 075B938565A580E0A880EB0E403A356B ] truecrypt       C:\windows\system32\drivers\truecrypt.sys
16:29:11.0815 7300  truecrypt - ok
16:29:11.0893 7300  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:29:11.0924 7300  TrustedInstaller - ok
16:29:11.0987 7300  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:29:12.0018 7300  tssecsrv - ok
16:29:12.0065 7300  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:29:12.0096 7300  TsUsbFlt - ok
16:29:12.0174 7300  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:29:12.0205 7300  tunnel - ok
16:29:12.0221 7300  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
16:29:12.0236 7300  uagp35 - ok
16:29:12.0283 7300  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:29:12.0314 7300  udfs - ok
16:29:12.0424 7300  [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service C:\Program Files\Join Air\AssistantServices.exe
16:29:12.0439 7300  UI Assistant Service - ok
16:29:12.0455 7300  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:29:12.0486 7300  UI0Detect - ok
16:29:12.0564 7300  [ 124668ECAC0EFE6E9312B4A4A797EFB8 ] ui11rdr         C:\windows\system32\DRIVERS\ui11rdr.sys
16:29:12.0595 7300  ui11rdr ( UnsignedFile.Multi.Generic ) - warning
16:29:12.0595 7300  ui11rdr - detected UnsignedFile.Multi.Generic (1)
16:29:12.0626 7300  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:29:12.0642 7300  uliagpkx - ok
16:29:12.0689 7300  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
16:29:12.0704 7300  umbus - ok
16:29:12.0720 7300  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:29:12.0736 7300  UmPass - ok
16:29:12.0798 7300  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\windows\System32\umrdp.dll
16:29:12.0814 7300  UmRdpService - ok
16:29:12.0923 7300  [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:29:13.0016 7300  UNS - ok
16:29:13.0048 7300  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
16:29:13.0094 7300  upnphost - ok
16:29:13.0141 7300  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\windows\system32\DRIVERS\usbser_lowerflt.sys
16:29:13.0172 7300  upperdev - ok
16:29:13.0219 7300  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:29:13.0282 7300  usbccgp - ok
16:29:13.0328 7300  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:29:13.0344 7300  usbcir - ok
16:29:13.0391 7300  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:29:13.0406 7300  usbehci - ok
16:29:13.0438 7300  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:29:13.0469 7300  usbhub - ok
16:29:13.0500 7300  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:29:13.0516 7300  usbohci - ok
16:29:13.0547 7300  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:29:13.0578 7300  usbprint - ok
16:29:13.0609 7300  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
16:29:13.0656 7300  usbscan - ok
16:29:13.0687 7300  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\windows\system32\drivers\usbser.sys
16:29:13.0750 7300  usbser - ok
16:29:13.0796 7300  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
16:29:13.0828 7300  UsbserFilt - ok
16:29:13.0874 7300  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:29:13.0937 7300  USBSTOR - ok
16:29:13.0952 7300  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:29:13.0968 7300  usbuhci - ok
16:29:13.0984 7300  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:29:13.0999 7300  usbvideo - ok
16:29:14.0030 7300  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
16:29:14.0077 7300  UxSms - ok
16:29:14.0077 7300  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
16:29:14.0093 7300  VaultSvc - ok
16:29:14.0155 7300  [ 66E37F038CF9067BA8FA02423CCA6DAB ] vcsFPService    C:\windows\system32\vcsFPService.exe
16:29:14.0249 7300  vcsFPService - ok
16:29:14.0264 7300  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:29:14.0280 7300  vdrvroot - ok
16:29:14.0342 7300  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
16:29:14.0389 7300  vds - ok
16:29:14.0405 7300  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:29:14.0420 7300  vga - ok
16:29:14.0436 7300  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:29:14.0498 7300  VgaSave - ok
16:29:14.0530 7300  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:29:14.0545 7300  vhdmp - ok
16:29:14.0576 7300  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
16:29:14.0592 7300  viaagp - ok
16:29:14.0608 7300  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
16:29:14.0639 7300  ViaC7 - ok
16:29:14.0670 7300  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
16:29:14.0686 7300  viaide - ok
16:29:14.0748 7300  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\windows\system32\drivers\vmbus.sys
16:29:14.0764 7300  vmbus - ok
16:29:14.0779 7300  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
16:29:14.0810 7300  VMBusHID - ok
16:29:14.0842 7300  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:29:14.0857 7300  volmgr - ok
16:29:14.0873 7300  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:29:14.0888 7300  volmgrx - ok
16:29:14.0951 7300  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:29:14.0966 7300  volsnap - ok
16:29:14.0998 7300  [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus          C:\windows\system32\DRIVERS\vpchbus.sys
16:29:15.0013 7300  vpcbus - ok
16:29:15.0076 7300  [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr        C:\windows\system32\DRIVERS\vpcnfltr.sys
16:29:15.0154 7300  vpcnfltr - ok
16:29:15.0169 7300  [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb          C:\windows\system32\DRIVERS\vpcusb.sys
16:29:15.0185 7300  vpcusb - ok
16:29:15.0263 7300  [ B487191FE18D6863381A1AC55482469A ] vpcvmm          C:\windows\system32\drivers\vpcvmm.sys
16:29:15.0294 7300  vpcvmm - ok
16:29:15.0310 7300  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
16:29:15.0325 7300  vsmraid - ok
16:29:15.0356 7300  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
16:29:15.0403 7300  VSS - ok
16:29:15.0434 7300  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:29:15.0481 7300  vwifibus - ok
16:29:15.0497 7300  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:29:15.0512 7300  vwififlt - ok
16:29:15.0544 7300  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:29:15.0559 7300  vwifimp - ok
16:29:15.0590 7300  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
16:29:15.0637 7300  W32Time - ok
16:29:15.0653 7300  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
16:29:15.0684 7300  WacomPen - ok
16:29:15.0715 7300  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:29:15.0793 7300  WANARP - ok
16:29:15.0793 7300  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:29:15.0824 7300  Wanarpv6 - ok
16:29:15.0887 7300  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:29:15.0980 7300  WatAdminSvc - ok
16:29:16.0043 7300  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
16:29:16.0152 7300  wbengine - ok
16:29:16.0183 7300  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:29:16.0214 7300  WbioSrvc - ok
16:29:16.0324 7300  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\windows\WindowsMobile\wcescomm.dll
16:29:16.0355 7300  WcesComm - ok
16:29:16.0402 7300  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:29:16.0464 7300  wcncsvc - ok
16:29:16.0495 7300  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:29:16.0526 7300  WcsPlugInService - ok
16:29:16.0542 7300  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
16:29:16.0558 7300  Wd - ok
16:29:16.0620 7300  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:29:16.0651 7300  Wdf01000 - ok
16:29:16.0667 7300  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:29:16.0714 7300  WdiServiceHost - ok
16:29:16.0729 7300  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:29:16.0745 7300  WdiSystemHost - ok
16:29:16.0792 7300  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
16:29:16.0838 7300  WebClient - ok
16:29:16.0870 7300  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:29:16.0916 7300  Wecsvc - ok
16:29:16.0963 7300  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:29:17.0010 7300  wercplsupport - ok
16:29:17.0072 7300  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
16:29:17.0119 7300  WerSvc - ok
16:29:17.0182 7300  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:29:17.0228 7300  WfpLwf - ok
16:29:17.0228 7300  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:29:17.0244 7300  WIMMount - ok
16:29:17.0306 7300  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:29:17.0353 7300  WinDefend - ok
16:29:17.0369 7300  WinHttpAutoProxySvc - ok
16:29:17.0416 7300  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:29:17.0478 7300  Winmgmt - ok
16:29:17.0525 7300  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
16:29:17.0618 7300  WinRM - ok
16:29:17.0696 7300  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\windows\system32\DRIVERS\WinUsb.sys
16:29:17.0728 7300  WinUSB - ok
16:29:17.0759 7300  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:29:17.0821 7300  Wlansvc - ok
16:29:17.0852 7300  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:29:17.0868 7300  WmiAcpi - ok
16:29:17.0884 7300  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:29:17.0899 7300  wmiApSrv - ok
16:29:18.0008 7300  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:29:18.0102 7300  WMPNetworkSvc - ok
16:29:18.0118 7300  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:29:18.0149 7300  WPCSvc - ok
16:29:18.0196 7300  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:29:18.0227 7300  WPDBusEnum - ok
16:29:18.0258 7300  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:29:18.0305 7300  ws2ifsl - ok
16:29:18.0336 7300  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
16:29:18.0383 7300  wscsvc - ok
16:29:18.0383 7300  WSearch - ok
16:29:18.0461 7300  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
16:29:18.0586 7300  wuauserv - ok
16:29:18.0632 7300  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:29:18.0710 7300  WudfPf - ok
16:29:18.0742 7300  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:29:18.0788 7300  WUDFRd - ok
16:29:18.0820 7300  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:29:18.0835 7300  wudfsvc - ok
16:29:18.0866 7300  [ 69D5B92C5A787E405534DCE9054B3922 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:29:18.0898 7300  WwanSvc - ok
16:29:18.0991 7300  [ 253AFE12E831F28F9D745E25E6333DA2 ] yksvc           C:\windows\System32\yk62x86.dll
16:29:19.0038 7300  yksvc - ok
16:29:19.0069 7300  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
16:29:19.0100 7300  yukonw7 - ok
16:29:19.0178 7300  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:29:19.0210 7300  ZTEusbmdm6k - ok
16:29:19.0225 7300  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
16:29:19.0241 7300  ZTEusbnmea - ok
16:29:19.0272 7300  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
16:29:19.0288 7300  ZTEusbser6k - ok
16:29:19.0319 7300  ================ Scan global ===============================
16:29:19.0366 7300  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:29:19.0412 7300  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\windows\system32\winsrv.dll
16:29:19.0428 7300  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\windows\system32\winsrv.dll
16:29:19.0459 7300  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:29:19.0490 7300  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:29:19.0490 7300  [Global] - ok
16:29:19.0506 7300  ================ Scan MBR ==================================
16:29:19.0506 7300  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:29:19.0912 7300  \Device\Harddisk0\DR0 - ok
16:29:19.0912 7300  ================ Scan VBR ==================================
16:29:19.0912 7300  [ DAD5035771576784088C78B6F9EADAC7 ] \Device\Harddisk0\DR0\Partition1
16:29:19.0912 7300  \Device\Harddisk0\DR0\Partition1 - ok
16:29:19.0943 7300  [ 884C21594441C30E03C8BF9ED42F6DA1 ] \Device\Harddisk0\DR0\Partition2
16:29:19.0943 7300  \Device\Harddisk0\DR0\Partition2 - ok
16:29:19.0974 7300  [ 0953A2C5366B1EB73E79412F417AED70 ] \Device\Harddisk0\DR0\Partition3
16:29:19.0974 7300  \Device\Harddisk0\DR0\Partition3 - ok
16:29:19.0990 7300  [ D0947716EAF5F9E0D9251AEA541B48AD ] \Device\Harddisk0\DR0\Partition4
16:29:19.0990 7300  \Device\Harddisk0\DR0\Partition4 - ok
16:29:19.0990 7300  ============================================================
16:29:19.0990 7300  Scan finished
16:29:19.0990 7300  ============================================================
16:29:20.0005 7312  Detected object count: 11
16:29:20.0005 7312  Actual detected object count: 11
16:29:52.0767 7312  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0767 7312  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0767 7312  HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0767 7312  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0767 7312  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0767 7312  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0767 7312  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0767 7312  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0783 7312  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0783 7312  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0783 7312  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0783 7312  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0783 7312  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
16:29:52.0783 7312  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
16:29:52.0783 7312  ui11rdr ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:52.0783 7312  ui11rdr ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alt 03.01.2013, 19:33   #6
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen

Alt 03.01.2013, 20:19   #7
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,

hier das log von ComboFix. Ich hab übrigens keine Fehlermeldung beim Neustart bekommen.
Code:
ATTFilter
ComboFix 13-01-03.05 - XXp 03.01.2013  19:58:01.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3062.1652 [GMT 1:00]
ausgeführt von:: c:\users\XXp\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 Upload-Manager\ULMSettings.xml
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\ism_0_llatsni.pad
c:\users\XXp\AppData\Roaming\1&1
c:\users\XXp\AppData\Roaming\1&1\1&1 Upload-Manager\ULMSettings.xml
c:\users\XXp\ComboFix.exe.part
c:\windows\IsUn0407.exe
c:\windows\system32\pt
c:\windows\system32\pt\DPCont32.dll.mui
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-02 17:14 . 2013-01-02 17:14	--------	d-----w-	c:\users\XXp\AppData\Roaming\Malwarebytes
2013-01-02 17:13 . 2013-01-02 17:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-02 17:13 . 2013-01-02 17:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-02 17:13 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-02 16:56 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE6DDB0E-22FA-4939-9D47-6258DC92409D}\mpengine.dll
2013-01-02 16:14 . 2013-01-02 16:24	--------	d-----w-	c:\users\TEMP
2012-12-28 11:34 . 2013-01-03 16:28	--------	d-----r-	c:\users\XXp\Dropbox
2012-12-28 11:30 . 2013-01-03 16:41	--------	d-----w-	c:\users\XXp\AppData\Roaming\Dropbox
2012-12-24 11:53 . 2012-11-12 10:41	171136	----a-w-	c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2012-12-24 11:52 . 2012-12-24 11:53	--------	d-----w-	c:\program files\Tracker Software
2012-12-21 08:31 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 08:31 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 18:49 . 2012-12-20 18:49	--------	d-----w-	C:\MyTools
2012-12-20 17:13 . 2012-12-20 17:13	--------	d-----w-	c:\program files\Microsoft Research
2012-12-17 08:19 . 2012-12-17 08:19	--------	d-----w-	c:\programdata\Licenses
2012-12-17 08:14 . 2012-12-17 08:14	--------	d-----w-	c:\program files\Common Files\HDX4
2012-12-15 22:43 . 2012-12-15 22:43	--------	d-----w-	c:\users\XXp\AppData\Roaming\pdfforge
2012-12-15 22:43 . 2012-10-28 17:32	88576	----a-w-	c:\windows\system32\pdfcmon.dll
2012-12-15 22:43 . 2012-05-05 09:54	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-12-15 22:43 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-12-15 22:43 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-12-15 22:43 . 2012-05-05 09:54	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-12-15 22:13 . 2012-12-15 22:13	--------	d-----w-	c:\programdata\PDF Architect
2012-12-15 22:11 . 2012-12-15 22:11	--------	d-----w-	c:\users\XXp\AppData\Roaming\PDF Architect
2012-12-15 22:08 . 2012-12-15 22:08	--------	d-----w-	c:\users\XXp\AppData\Roaming\APP_NAME_NON_STRING
2012-12-15 10:47 . 2012-12-15 10:47	--------	d-----w-	c:\program files\DriveCleanup
2012-12-12 08:17 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 08:17 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 09:34 . 2012-04-14 16:18	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 09:34 . 2011-05-15 08:55	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 09:34 . 2012-10-09 09:34	16363960	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-12-03 09:48 . 2012-12-03 09:48	255352	----a-w-	c:\windows\system32\awrdscdc.ax
2012-11-04 17:30 . 2010-07-31 11:58	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-11-02 14:37 . 2012-11-02 14:37	862664	----a-w-	c:\windows\system32\msvcr110.dll
2012-11-02 14:37 . 2012-11-02 14:37	534480	----a-w-	c:\windows\system32\msvcp110.dll
2012-11-02 14:37 . 2012-11-02 14:37	44184	----a-w-	c:\windows\system32\drivers\point32.sys
2012-11-02 14:37 . 2012-11-02 14:37	251864	----a-w-	c:\windows\system32\vccorlib110.dll
2012-11-01 20:52 . 2012-11-01 20:52	64664	----a-w-	c:\windows\system32\drivers\dc3d.sys
2012-11-01 20:52 . 2012-11-01 20:52	1629040	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2012-10-16 07:39 . 2012-12-01 15:27	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 10:12	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 10:12	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-12-03 16:11 . 2011-10-03 18:39	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-18 1690680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-10-22 363064]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 400936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2010-04-27 138072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-10-06 02:43	75320	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-06-19 09:44	195072	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2010-05-06 00:30	11268096	----a-w-	c:\program files\Hewlett-Packard\File Sanitizer\coreshredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2008-11-03 11:21	339240	----a-w-	c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-09-03 17:07	288312	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2012-10-25 08:06	79872	----a-w-	c:\users\XXp\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 RsvLock;RsvLock; [x]
S1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
GPSvcGroup	REG_MULTI_SZ   	GPSvc
yksvcs	REG_MULTI_SZ   	yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 14:40	453736	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 10:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-12-15 12:35; {2d4271b9-cc9f-4f37-8b1e-340293eacd5c}; c:\users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\extensions\{2d4271b9-cc9f-4f37-8b1e-340293eacd5c}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-FRITZ!protect - FwebProt.exe
AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0407.EXE
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(4596)
c:\users\XXp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03  20:17:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-03 19:17
.
Vor Suchlauf: 13 Verzeichnis(se), 53.973.692.416 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 55.157.981.184 Bytes frei
.
- - End Of File - - EBBDF160CE26708A3B8E3F366ACF7C25

Alt 03.01.2013, 21:14   #8
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 21:48   #9
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,

habe CCleaner installiert.
Ich interpretiere dein "Tools,uninstall Llist, als txt speichern. öffnen" als "Extras"-"Programme deinstallieren"-"Als Textdatei speichern"-öffnen.
Die dann bearbeitete Liste ist:

Code:
ATTFilter
1&1 Upload-Manager	1&1 Internet AG	09.08.2012		2.0.676	notwendig
7-Zip 9.20		24.07.2011		notwendig
ABBYY FineReader 11	ABBYY	09.04.2012	704MB	11.0.460	notwendig
ActivClient x86	ActivIdentity	16.12.2009	13,7MB	6.2	unbekannt
Adobe AIR	Adobe Systems Incorporated	29.12.2011		3.1.0.4880	notwendig
Adobe Digital Editions		09.04.2012		notwendig	
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	14.11.2012	120MB	10.1.4 notwendig
Apple Application Support	Apple Inc.	10.12.2011	61,2MB	2.1.5	unnötig
Apple Software Update	Apple Inc.	10.12.2011	2,38MB	2.1.3.127	unbekannt
ArcSoft Software Suite	ArcSoft	06.06.2010		1.0	notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	09.05.2010	16,2MB	3.0.750.0	notwendig
AudibleManager	Audible, Inc.	03.12.2012		1997822576.48.56.29625714 unnötig
Avira Free Antivirus	Avira	15.11.2012	104MB	12.1.9.1236	notwendig
AVM FRITZ!Box USB-Fernanschluss	AVM Berlin	24.04.2012		2.2.1.0	notwendig
AVM FRITZ!DSL	AVM Berlin	26.05.2010	11,5MB	2.04.03	notwendig
BitTorrent		01.11.2010		7.1.0	notwendig
calibre	Kovid Goyal	28.12.2012	137MB	0.9.12	notwendig
Carcassonne		24.05.2010			notwendig
Carcassonne Add-On		24.05.2010		notwendig
CCleaner	Piriform	19.12.2012		3.26	notwendig
CP2101 USB to UART Bridge Controller Driver Installation		13.06.2010			notwendig
CyberView X Multiple-Slides Scanner v1.17.i		22.08.2012		1.17.i	notwendig
DDBAC	DataDesign	07.12.2010	8,45MB	4.3.51	notwendig
Device Access Manager for HP ProtectTools	Hewlett-Packard	16.12.2009	10,3MB	5.0.1.3	notwendig
DHTML Editing Component	Microsoft Corporation	24.05.2010	554KB	6.02.0001	unbekannt
Drive Encryption for HP ProtectTools	Hewlett-Packard	16.12.2009	65,5MB	5.0.2.8	notwendig
Dropbox	Dropbox, Inc.	28.12.2012		1.6.10	notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	14.01.2012	158MB	13.0.0.8086p	notwendig
Embedded Security for HP ProtectTools	Hewlett-Packard	12.10.2011	82,0MB	5.7.000	notwendig
FastStone Photo Resizer 3.0	FastStone Soft.	13.01.2011		3.0	notwendig
File Sanitizer For HP ProtectTools	Hewlett-Packard	12.10.2011	53,1MB	5.0.1.4	notwendig
FileZilla Client 3.3.3		31.07.2010		3.3.3	notwendig
funScreenScraping Client Version	fun communications GmbH	24.05.2010	1,86MB	1.0.22	unbekannt
funScreenScraping Microsoft Systemdateien	fun communications GmbH	24.05.2010	1,61MB	1.0.6	unbekannt
Garmin MapSource	Garmin Ltd or its subsidiaries	25.06.2012	59,4MB	6.16.3	notwendig
Garmin USB Drivers	Garmin Ltd or its subsidiaries	25.06.2012	125KB	2.3.0.0	notwendig
Gigaset QuickSync	Gigaset Communications GmbH	19.01.2012	6,96MB	7.1.0841.3	notwendig
GIMP 2.8.2	The GIMP Team	14.10.2012	222MB	2.8.2	notwendig
Google Earth	Google	22.11.2011	92,7MB	6.1.0.5001	notwendig
HP 3D DriveGuard	Hewlett-Packard	16.12.2009	2,94MB	4.0.4.1	unbekannt
HP Advisor	Hewlett-Packard	16.12.2009	49,2MB	3.3.9512.3162	unbekannt
HP Business Card Reader	Hewlett-Packard	09.05.2010	62,2MB	0.6.2.0	unnötig
HP Common Access Service Library	Hewlett-Packard	16.12.2009	0,99MB	3.0.37.1	notwendig
HP Customer Participation Program 13.0	HP	26.05.2010		13.0	unnötig
HP ESU for Microsoft Windows 7	Hewlett-Packard Company	04.11.2011	16,7MB	1.1.13.2	notwendig
HP Imaging Device Functions 13.0	HP	26.05.2010		13.0	notwendig
HP Integrated Module with Bluetooth wireless technology	Broadcom Corporation	09.05.2010	88,4MB	6.2.1.500	notwendig
HP OfficeJet J5700	HP	18.10.2010		13.0	notwendig
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3	HP	26.05.2010		13.0	notwendig
HP Photosmart Essential 3.5	HP	26.05.2010		3.5	notwendig
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B	HP	28.10.2010		13.0	notwendig
HP Power Assistant	Hewlett-Packard	16.12.2009	6,76MB	1.0.1.12	notwendig
HP ProtectTools Security Manager	Hewlett-Packard Company	12.10.2011	63,1MB	5.12.754	notwendig
HP Quick Launch Buttons	Hewlett-Packard	16.12.2009		6.50.9.1	notwendig
HP QuickLook	Hewlett-Packard	09.05.2010	78,8MB	3.1.0.4	unbekannt
HP QuickWeb	DeviceVM, Inc.	09.05.2010	353MB	1.0.1.45 unbekannt
HP Setup	Hewlett-Packard	16.12.2009		1.2.3557.3169	notwendig
HP Smart Web Printing 4.51	HP	26.05.2010		4.51	unnötig
HP SoftPaq Download Manager	Hewlett-Packard Company	16.12.2009	14,5MB	3.0.5.0	notwendig
HP Software Setup	Hewlett-Packard Company	16.12.2009	11,6MB	7.0.1.5	notwendig
HP Solution Center 13.0	HP	26.05.2010		13.0	notwendig
HP Support Assistant	Hewlett-Packard	16.12.2009	32,2MB	4.2.8.3	notwendig
HP Update	Hewlett-Packard	23.05.2010	3,72MB	4.000.011.006	notwendig
HP User Guides 0142	Hewlett-Packard	16.12.2009	303MB	1.01.0001	notwendig
HP Wallpaper	Hewlett-Packard Company	16.12.2009	72,4MB	1.0.1.3	unbekannt
HP Webcam	Roxio	09.05.2010	8,78MB	1.0	notwendig
HP Webcam Driver	Sonix	09.05.2010		5.8.50009.1	notwendig
HP Wireless Assistant	Hewlett-Packard	16.12.2009	4,14MB	4.0.1.10	notwendig
IDT Audio	IDT	09.05.2010		1.0.6246.0	unbekannt
Intel(R) Management Engine Components	Intel Corporation	16.12.2009		6.0.0.1179	notwendig
Intel(R) Turbo Boost Technology Driver	Intel Corporation	16.01.2012		01.02.00.1002	notwendig
Intel® Matrix Storage Manager	Intel Corporation	09.05.2010		notwendig	
IrfanView (remove only)	Irfan Skiljan	10.12.2012	2,00MB	4.35	notwendig
Japanese Fonts Support For Adobe Reader X	Adobe Systems Incorporated	26.03.2012	61,6MB	10.0.0 unnötig
Java Card Security for HP ProtectTools	Hewlett-Packard	16.12.2009	1,01MB	5.0.4.1	notwendig
Java(TM) 6 Update 31	Oracle	11.03.2012	95,1MB	6.0.310	notwendig
JDownloader	AppWork UG (haftungsbeschränkt)	02.11.2010		notwendig
Join Air	ZTE Corporation	14.08.2010		1.0.0.2	notwendig
Lexware Info Service	Lexware GmbH & Co. KG	11.06.2010	10,1MB	2.61.00.0033	notwendig
Lexware online banking	Lexware GmbH & Co. KG	11.06.2010	29,2MB	10.00.00.0102	notwendig
LightScribe System Software	LightScribe	29.11.2012	26,3MB	1.18.26.7	notwendig
LightScribe Template Designs - Memories	LightScribe	29.11.2012	3,15MB	1.18.18.0	notwendig
logbookkonni_pi 1.1		19.11.2012		1.1	notwendig
Logitech SetPoint 6.15	Logitech	31.07.2010	39,0MB	6.15.25	notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	02.01.2013	18,4MB	1.70.0.1100	notwendig
Marvell Miniport Driver	Marvell	09.05.2010		10.70.5.3	notwendig
Microsoft .NET Framework 1.1		23.05.2010		notwendig
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	23.05.2010	3,02MB	1.1.4322	notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	05.01.2012	38,8MB	4.0.30319	notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	05.01.2012	2,93MB	4.0.30319	notwendig
Microsoft Image Composite Editor	Microsoft Corporation	20.12.2012	4,16MB	1.4.4	notwendig
Microsoft Office Enterprise 2007	Microsoft Corporation	05.01.2012		12.0.6612.1000	notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	08.01.2012	7,95MB	14.0.5130.5003	notwendig
Microsoft Office Project Standard 2007	Microsoft Corporation	05.01.2012		12.0.6612.1000	notwendig
Microsoft Silverlight	Microsoft Corporation	09.05.2012	64,7MB	5.1.10411.0	notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	17.08.2010	1,72MB	3.1.0000	notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	23.05.2010	625KB	1.0.1215.0	notwendig
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	17.08.2010	1,44MB	1.0.1215.0	notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	04.11.2010	250KB	8.0.50727.4053	notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.12.2011	298KB	8.0.56336	notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	598KB	9.0.30729.5570	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	16.12.2009	2,06MB	9.0.21022	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	26.05.2010	598KB	9.0.30729	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	16.12.2009	594KB	9.0.30729	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.07.2010	590KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	04.01.2012	600KB	9.0.30729.6161	notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	27.12.2011	16,5MB	10.0.40219	notwendig
Microsoft-Maus- und Tastatur-Center	Microsoft Corporation	23.11.2012		2.0.162.0	notwendig
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	03.12.2012	43,1MB	17.0.1	notwendig
Mozilla Maintenance Service	Mozilla	03.12.2012	329KB	17.0.1	notwendig
Mp3tag v2.46a	Florian Heidenreich	21.10.2010		v2.46a	notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	31.07.2010	37,0KB	4.20.9870.0	unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	31.07.2010	1,33MB	4.20.9876.0	unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	22.07.2011	1,47MB	4.30.2100.0	unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	11.07.2012	1,53MB	4.30.2114.0	unbekannt
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	27.12.2011	1,53MB	4.30.2107.0	unbekannt
NetObjects Fusion 10.0		06.06.2010		10.0 German	notwendig
Nokia Connectivity Cable Driver	Nokia	31.08.2012	3,35MB	7.1.78.0	notwendig
Nokia Suite	Nokia	31.08.2012		3.5.34.0	notwendig
OCR Software by I.R.I.S. 13.0	HP	26.05.2010		13.0	notwendig
OpenCPN 3.0.2	opencpn.org	18.11.2012		3.0.2	notwendig
PC Connectivity Solution	Nokia	31.08.2012	15,0MB	12.0.32.0	notwendig
PDF-Viewer	Tracker Software Products Ltd	24.12.2012	35,6MB	2.5.207.0	notwendig
PDFCreator	pdfforge	15.12.2012		1.6.1	notwendig
pdfsam		30.10.2010		2.2.0	notwendig
PDFtoEPUB	DNAML Pty Ltd.	29.01.2012		1.5.0	notwendig
Picasa 3	Google, Inc.	15.10.2012		3.8	notwendig
Privacy Manager for HP ProtectTools	Hewlett-Packard Company	12.10.2011	12,4MB	5.11.814	notwendig
Python 2.7 pycrypto-2.3	Dwayne C. Litzenberger	08.03.2011	1,93MB	2.3.0	notwendig
Python 2.7.1	Python Software Foundation	08.03.2011	51,0MB	2.7.1150	notwendig
Quicken 2011	Lexware GmbH & Co. KG	11.06.2010	398MB	18.00.00.0084	notwendig
Quicken 2011 - ServicePack 4	Haufe-Lexware GmbH & Co KG	01.01.2011	29,1MB	18.04.00.0123	notwendig
Quicken Import Export Server 2011	Lexware GmbH & Co. KG	11.06.2010	9,15MB	18.00.00.0081	notwendig
QuickTime	Apple Inc.	10.12.2011	73,2MB	7.71.80.42	notwendig
RICOH Media Driver	RICOH	16.12.2009		2.13.00.05	notwendig
Roxio Creator Business	Roxio	09.05.2010	1,62GB	10.3	notwendig
Sansa Updater	SanDisk Corporation	25.10.2012	680KB	1.313	notwendig
Scan Tailor		09.04.2012			notwendig
Shop for HP Supplies	HP	26.05.2010		13.0 unnötig
Sigil 0.6.0	John Schember	01.11.2012	46,9MB		notwendig
SilverFast AFL 6.6.2r5	LaserSoft Imaging AG	27.08.2012			notwendig
Skype™ 5.10	Skype Technologies S.A.	24.08.2012	19,4MB	5.10.116	notwendig
Spyder3Pro		21.10.2012			notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	12.04.2011	46,4MB	15.0.24.0	notwendig
SyncBack	2BrightSparks	24.05.2010	4,57MB	notwendig
Theft Recovery	Hewlett-Packard	16.12.2009	0,99MB	5.1.0.18	notwendig
TreeSize Free V2.4	JAM Software	26.09.2010	3,13MB	2.4	notwendig
TrueCrypt	TrueCrypt Foundation	26.09.2010		7.0	notwendig
Turbo Lister 2	eBay Inc.	24.05.2010	77,5MB	2.00.0000	notwendig
TV-Browser 3.0.1	TV-Browser Team	21.07.2011		3.0.1	notwendig
UltraEdit-32 Uninstall		08.10.2010			notwendig
Validity Fingerprint Driver	Validity Sensors, Inc.	09.05.2010	7,03MB	4.0.6.0	notwendig
Wertpapieranalyse 2011	Haufe-Lexware GmbH & Co. KG	11.06.2010	94,0MB	1.00.0003	notwendig
Windows 7 Default Setting	Hewlett-Packard Company	16.12.2009	262KB	1.0.1.4	notwendig
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)	Broadcom	09.05.2010		06/15/2009 6.2.0.9000	notwendig
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)	Broadcom	09.05.2010		07/30/2009 6.2.0.9405	notwendig
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	09.05.2010		07/28/2009 6.2.0.9800	notwendig
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)	Garmin	25.06.2012		06/03/2009 2.3.0.0	notwendig
Windows Live Anmelde-Assistent	Microsoft Corporation	23.05.2010	1,93MB	5.000.818.5	notwendig
Windows Live Essentials	Microsoft Corporation	17.08.2010		14.0.8117.0416	notwendig
Windows Live Sync	Microsoft Corporation	17.08.2010	2,79MB	14.0.8117.416	notwendig
Windows Live-Uploadtool	Microsoft Corporation	23.05.2010	224KB	14.0.8014.1029	notwendig
Windows Media Player Firefox Plugin	Microsoft Corp	10.12.2011	296KB	1.0.0.8	notwendig
Windows Mobile-Gerätecenter	Microsoft Corporation	11.01.2011	27,4MB	6.1.6965.0	notwendig
Windows Mobile-Gerätecenter: Treiberupdate	Microsoft Corporation	11.01.2011	35,3MB	6.0.6783.0	notwendig
Windows XP Mode	Microsoft Corporation	24.05.2010	1,13GB	1.3.7600.16422	notwendig
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)	Nokia	31.08.2012		05/31/2012 7.1.2.0	notwendig
WinRAR 4.11 (32-Bit)	win.rar GmbH	23.03.2012		4.11.0	notwendig
WinZip		27.12.2011			notwendig
XMedia Recode Version 3.1.0.5	XMedia Recode	03.06.2012	16,3MB	3.1.0.5	notwendig

Alt 05.01.2013, 18:38   #10
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AudibleManager
funScreenScraping : beide
Japanese
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 00:47   #11
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,

alles gemacht.

Hier das log von adwcleaner.exe:
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 06/01/2013 um 00:45:03 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : XXp - XANTHIPPE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXp\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\XXp\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\XXp\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Doof\AppData\Roaming\Mozilla\Firefox\Profiles\smh8ut7p.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1245 octets] - [06/01/2013 00:45:03]

########## EOF - C:\AdwCleaner[R1].txt - [1305 octets] ##########

Alt 07.01.2013, 16:22   #12
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten bitte, testen, wie der PC + Programme laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2013, 19:30   #13
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hi,

adwcleaner.exe löschen lassen.
Hier das Log:
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 07/01/2013 um 18:00:10 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : XXp- XANTHIPPE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXp\Eigene Dokumente\zz_Malware_Beseitigung\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\XXp\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\XXp\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\prefs.js

C:\Users\XXp\AppData\Roaming\Mozilla\Firefox\Profiles\dbe4lzqw.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\Doof\AppData\Roaming\Mozilla\Firefox\Profiles\smh8ut7p.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1448 octets] - [07/01/2013 18:00:10]

########## EOF - C:\AdwCleaner[S1].txt - [1508 octets] ##########
Ich sehe im Moment kein abnormes Verhalten. Sowohl Malwarebytes als auch Antivir im ausführlichen Modus über die Platte und externe Datenbestände laufen lassen und keine weiteren Fehler gefunden.

Gruß,
XXp

Alt 07.01.2013, 20:00   #14
markusg
/// Malware-holic
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Es ging mir nicht um einen weiteren Scan, du solltest eher deine Programme testen, Browser wie firefox, internet explorer zb.
Wenn alles läuft:
Öffne otl, bereinigen, PC startet neu, löscht remover, Übriggebliebene Logs, Seups, bzw von uns verwendete Programme, kannst du löschen, und den Papierkorb leeren.
Danach PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 21:33   #15
XXp
 
C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Standard

C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


Hallo,

vielen Dank für die vielen Anleitungen.
Ich habe meinen Rechner aufgeräumt und vieles umgesetzt. Ich bleibe bei meinem AntiVir und auch bei Firefox (call be paranoid, aber Google Chrome kommt mir nicht auf meinen Rechner).
Baclup und Images hatte ich eh schon immer und Windows auch aktuell. Das Loch bei meinem Rechner war Java im Browser.
Den Standard-User habe ich auch schon eine Weile (separat vom Admin), aber leider zu träge ihn dann auch immer zu benutzen.
Die Sandbox werd ich mir noch überlegen.

Bis jetzt beobachte ich keine Unregelmäßigkeiten beim Gebrauch (Browser oder Programme, bei denen etwas gecleant wurde). Einzig, beim Download mosert der Rechner manchmal an, daß er nicht in meinen Download-Ordner schreiben darf, obwohl der Account das darf. Manchmal geht's aber...

So: gibt's sonst noch was für mich zu tun?

Antwort
Seite 1 von 2 1 2

Themen zu C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen
autostart, beim starten, bildschirm, datei, entfernen, fehlermeldung, file, gelöscht, hartnäckigen, internet, laden, leute, link, modul, nach login, neustart, nicht mehr, pcs, plötzlich, problem, problem beim starten von c, programm, rechner, rückgängig, software, starten, systemwiederherstellung, trojaner, wgsdgsdgdsgsd gvu trojaner, wgsdgsdgdsgsd.exe


« claro malware | IE 9.0 ist nicht mehr zu öffnen wegen der ,ToolbarH Application, Malware / Spyware... »


Ähnliche Themen: C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen


  1. TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (9)
  2. Problem bei starten von C:\Users\XYZ\ wgsdgsdgdsgsd.dll
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (13)
  3. GVU-Trojaner, wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 04.03.2013 (12)
  4. C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (19)
  5. GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll
    Log-Analyse und Auswertung - 19.01.2013 (9)
  6. C:\Users\User\wgsdgsdgdsgsd.dll (Das angegebene Modul wurde nicht gefunden)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (9)
  7. GVU Trojaner mit Webcam wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 04.01.2013 (18)
  8. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  9. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  10. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  11. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  12. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  13. C:\Users\***\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Das Modul kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (13)
  14. GVU Trojaner wgsdgsdgdsgsd.exe
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)
  15. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  16. wgsdgsdgdsgsd.exe eingefangen, GVU-Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (21)
  17. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen - Hallo Leute, hier mein Problem: beim Öffnen einer Website (27.12.2012) poppten plötzlich Fenster hoch ala "sie laden unerlaubte Software runter... bezahlen Sie ...". Ich habe das Internet abgeklemmt und neugestartet. - C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen...
Archiv
Du betrachtest: C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130