Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Log-Analyse und Auswertung: Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 3 1 2 3
Alt 04.04.2012, 12:53   #16
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Zitat:
Zitat von cosinus Beitrag anzeigen
Schmeiß DivX runter wenn du es nicht mehr brauchst
würde ich ja gerne, aber es gibt keine Deinstallationsroutine des Paketes... soll ich in der Registry die DIVIX Einträge löschen und danach die Files im Programmverzeichnis? Oder eher irgendein Tool nehmen, um es los zu werden?


Zitat:
Zitat von cosinus Beitrag anzeigen
Und was willst du dann machen wenn du was suchst?
Sry versteh nicht wirklich was du meinst
Genau das ist ja das Problem - man muss suchen und alleine darin lauern ja schon irgendwelche Gefahren....

Aber so ist das nunmal...


Gibt es auf meinem System jetzt eigentlich noch was bösartiges, oder nicht?

Gruß,
Heiko

Alt 04.04.2012, 13:20   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Zitat:
würde ich ja gerne, aber es gibt keine Deinstallationsroutine des Paketes... soll ich in der Registry die DIVIX Einträge löschen und danach die Files im Programmverzeichnis? Oder eher irgendein Tool nehmen, um es los zu werden?
Versuch es hier mit => http://filepony.de/download-revo_uninstaller/

Zitat:
Genau das ist ja das Problem - man muss suchen und alleine darin lauern ja schon irgendwelche Gefahren....
Schonmal was davon gehört, dass man seinen Rechner absichern muss bevor man surft? Und dazu gehört nicht das Installieren von einem Virenscanner und das wars dann
Mehr dazu später
__________________

__________________
Alt 04.04.2012, 14:06   #18
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


ok - das ich nicht sicher unterwegs war, habe ich gemerkt....

So - Divx ist weg. Habs nochmal runtergeladen, installiert und dann ging die Deinstallation. Scheint nun weg zu sein.

Was kann ich tun, um in Zukunft sicher(er) unterwegs zu sein?
__________________
Alt 04.04.2012, 14:41   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.04.2012, 15:29   #20
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


auf ein Neues:

OTL-Scan-Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.04.2012 16:06:17 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Test\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,76% Memory free
5,95 Gb Paging File | 4,22 Gb Available in Paging File | 70,90% Paging File free
Paging file location(s): s:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,86 Gb Total Space | 76,69 Gb Free Space | 51,52% Space Free | Partition Type: NTFS
Drive E: | 303,04 Gb Total Space | 41,09 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
Drive S: | 13,67 Gb Total Space | 9,72 Gb Free Space | 71,12% Space Free | Partition Type: NTFS
 
Computer Name: NC6400 | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe (Bioscrypt Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll (Bioscrypt Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (Sierra Wireless, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (InforVisualDrillback) -- C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (SWIHPWMI) -- C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (uigxrdr) -- C:\Windows\SysNative\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (RICOH SmartCard Reader) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tifm21) -- C:\Windows\SysNative\drivers\tifm21.sys (Texas Instruments)
DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (GTIPCI21) -- C:\Windows\SysNative\drivers\gtipci21.sys (Texas Instruments)
DRV:64bit: - (SMSCIRDA) -- C:\Windows\SysNative\drivers\smscir64.sys (SMSC)
DRV:64bit: - (SWUMX02) HP hs2300 USB MUX Driver (#02) -- C:\Windows\SysNative\drivers\swumx02.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC8U02) HP hs2300 MUX NDIS Driver (#02) -- C:\Windows\SysNative\drivers\SWNC8U02.sys (Sierra Wireless Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 4C 45 FF 6B E7 CC 01  [binary data]
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes,DefaultScope = {3D29B508-385B-4AA2-90A3-B5E89FD6786A}
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes\{3D29B508-385B-4AA2-90A3-B5E89FD6786A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 11:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.13 11:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.22 23:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.16 22:42:43 | 000,000,000 | ---D | M]
 
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions
[2011.02.07 12:57:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.22 10:28:57 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player@2020Technologies.com
[2011.07.15 19:21:39 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\DeviceDetection@logitech.com
[2012.01.14 20:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.20 11:59:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.14 20:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.14 20:33:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.14 20:33:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.14 20:33:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.14 20:33:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.14 20:33:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [atchk] C:\Program Files (x86)\Intel\AMT\atchk.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [GMX SMS-Manager] C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [GMX_GMX Upload-Manager] C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITS Background Download {6B6FD2A2-C085-4392-AE69-60F770122BBF}.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD21CB7-7BFC-408F-9D5A-450E53F4F3A8}: DhcpNameServer = 62.134.11.4 195.182.110.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0B6CA5-A7F9-4BF7-BCE1-7F3EC2807534}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AFDEA4-D3DC-4C3B-A73B-E7ED141BA0A3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell - "" = AutoRun
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.04 14:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.04.04 14:39:13 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.04.03 12:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.01 17:45:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Test\Desktop\dds.com
[2012.04.01 17:40:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.01 17:03:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.27 10:01:17 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX
[2012.03.18 22:26:45 | 000,000,000 | ---D | C] -- C:\Atlanta
[2012.03.18 22:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Unify
[2012.03.18 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unify
[2012.03.16 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.03.16 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.03.16 15:44:47 | 000,000,000 | ---D | C] -- C:\Auslagerung von E
[2012.03.16 13:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012.03.16 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012.03.16 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012.03.16 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infor Global Solutions
[2012.03.16 13:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infor Global Solutions
[2012.03.16 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gupta
[2012.03.16 13:17:15 | 000,000,000 | ---D | C] -- C:\Infor
[2012.03.15 10:10:45 | 000,000,000 | ---D | C] -- C:\Users\Test\4.0
[2012.03.15 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\Test\.tfo4
[2012.03.09 20:44:39 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Images
[2012.03.09 20:44:04 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Videos
[2012.03.09 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.03.09 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2012.03.06 20:56:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.03.06 20:56:16 | 000,000,000 | ---D | C] -- C:\Intel
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 16:10:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 15:46:01 | 001,654,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.04 15:46:01 | 000,718,362 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.04 15:46:01 | 000,660,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.04 15:46:01 | 000,155,616 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.04 15:46:01 | 000,127,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.04 15:23:28 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 15:23:28 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 15:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.04 15:17:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.04 15:14:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.04 15:14:40 | 3195,330,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.04 14:51:17 | 000,001,610 | ---- | M] () -- C:\Users\Test\Desktop\DivX Movies.lnk
[2012.04.04 14:39:13 | 000,001,268 | ---- | M] () -- C:\Users\Test\Desktop\Revo Uninstaller.lnk
[2012.04.03 14:04:19 | 000,000,818 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.04.02 21:14:39 | 000,301,175 | ---- | M] () -- C:\Users\Test\Desktop\mlwarebytes_quarantine.gif
[2012.04.01 17:45:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Test\Desktop\dds.com
[2012.04.01 17:44:25 | 000,000,000 | ---- | M] () -- C:\Users\Test\defogger_reenable
[2012.04.01 17:03:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.04.01 16:38:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | M] () -- C:\Users\Test\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | M] () -- C:\Users\Test\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | M] () -- C:\Users\Test\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 09:55:39 | 000,288,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.19 02:33:49 | 000,049,936 | ---- | M] () -- C:\Users\Test\Desktop\winmail.dat
[2012.03.17 00:17:12 | 001,603,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.16 13:54:26 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.16 02:32:27 | 000,007,600 | ---- | M] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2012.03.15 19:03:36 | 000,000,429 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.03.09 16:19:53 | 003,005,648 | ---- | M] () -- C:\Users\Test\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | M] () -- C:\Users\Test\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:32 | 000,051,418 | ---- | M] () -- C:\Users\Test\Desktop\ss4.jpg
[2012.03.06 21:47:25 | 000,021,614 | ---- | M] () -- C:\Users\Test\Desktop\nidec Daten Atlanta.csv
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.04 14:51:17 | 000,001,610 | ---- | C] () -- C:\Users\Test\Desktop\DivX Movies.lnk
[2012.04.04 14:39:13 | 000,001,268 | ---- | C] () -- C:\Users\Test\Desktop\Revo Uninstaller.lnk
[2012.04.02 21:14:37 | 000,301,175 | ---- | C] () -- C:\Users\Test\Desktop\mlwarebytes_quarantine.gif
[2012.04.02 01:58:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.01 17:44:25 | 000,000,000 | ---- | C] () -- C:\Users\Test\defogger_reenable
[2012.04.01 16:38:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | C] () -- C:\Users\Test\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | C] () -- C:\Users\Test\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | C] () -- C:\Users\Test\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 02:33:48 | 000,049,936 | ---- | C] () -- C:\Users\Test\Desktop\winmail.dat
[2012.03.16 13:54:26 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.09 16:19:53 | 003,005,648 | ---- | C] () -- C:\Users\Test\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | C] () -- C:\Users\Test\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:11 | 000,051,418 | ---- | C] () -- C:\Users\Test\Desktop\ss4.jpg
[2012.03.07 16:41:51 | 007,772,957 | ---- | C] () -- C:\Users\Test\Desktop\VM.chm
[2012.03.06 21:47:25 | 000,021,614 | ---- | C] () -- C:\Users\Test\Desktop\nidec Daten Atlanta.csv
[2012.03.04 12:10:59 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.02.26 21:26:25 | 000,007,600 | ---- | C] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2012.01.27 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Test\AppData\Local\{FB3C2F14-696D-4AD0-81A8-317EE23E6195}
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.11 16:05:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.11 16:05:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.03.23 12:41:41 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.31 15:25:28 | 001,603,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.23 19:01:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.23 19:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.23 19:01:28 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.23 19:01:28 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.23 19:01:28 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.07 23:04:11 | 000,010,752 | ---- | C] () -- C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 19:21:02 | 000,000,818 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.05 19:21:02 | 000,000,429 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.05 18:11:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Acronis
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Any DVD Shrink
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\avidemux
[2012.04.04 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BOM
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GMX
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\IrfanView
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mp3tag
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Sierra Wireless
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Thunderbird
[2012.02.17 11:38:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Acronis
[2011.12.23 01:08:04 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Adobe
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Any DVD Shrink
[2010.10.05 18:12:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ATI
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\avidemux
[2010.11.09 19:53:56 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Avira
[2012.04.04 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BOM
[2011.07.25 11:56:59 | 000,000,000 | R--D | M] -- C:\Users\Test\AppData\Roaming\Brother
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.19 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DivX
[2011.04.11 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Download Manager
[2011.12.22 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\dvdcss
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GMX
[2012.03.16 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Hewlett-Packard
[2011.12.18 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\hpqLog
[1980.02.28 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Identities
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\IrfanView
[2010.11.09 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Macromedia
[2012.04.02 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Media Center Programs
[2011.02.11 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Media Player Classic
[2012.02.21 18:57:28 | 000,000,000 | --SD | M] -- C:\Users\Test\AppData\Roaming\Microsoft
[2012.01.11 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mozilla
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mp3tag
[2012.01.12 14:31:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\NCH Software
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Sierra Wireless
[2012.04.04 15:59:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Skype
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Thunderbird
[2012.03.30 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\VMware
[2011.01.13 00:44:45 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.10 17:27:46 | 004,912,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv10.exe
[2012.02.10 17:30:46 | 004,913,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv11.exe
[2012.02.10 17:33:19 | 004,891,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.02.10 17:31:13 | 008,843,080 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.02.10 17:34:38 | 005,205,288 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur09.exe
[2012.02.10 17:28:08 | 005,198,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur10.exe
[2012.02.10 17:35:19 | 005,030,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst09.exe
[2012.02.10 17:28:46 | 005,030,504 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst10.exe
[2012.02.10 17:34:58 | 004,995,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz09.exe
[2012.02.10 17:28:27 | 004,996,720 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz10.exe
[2012.02.10 17:29:06 | 004,967,408 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta10.exe
[2012.02.10 17:31:34 | 004,972,776 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta11.exe
[2012.02.10 17:33:38 | 004,944,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.02.10 17:29:25 | 005,131,216 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb10.exe
[2012.02.10 17:31:54 | 005,127,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb11.exe
[2012.02.10 17:33:58 | 005,149,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.02.10 17:35:39 | 005,557,960 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a09.exe
[2012.02.10 17:29:45 | 005,567,360 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a10.exe
[2012.02.10 17:32:15 | 005,545,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.02.10 17:35:59 | 005,084,608 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust09.exe
[2012.02.10 17:30:27 | 005,088,992 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust10.exe
[2012.02.10 17:33:00 | 005,026,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.02.10 17:30:04 | 004,984,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva10.exe
[2012.02.10 17:32:35 | 005,004,024 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva11.exe
[2012.02.10 17:34:17 | 004,939,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.02.10 17:21:24 | 007,810,912 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8086.exe
[2012.02.10 17:21:52 | 007,089,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8086.exe
[2012.02.10 17:25:45 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe
[2011.12.23 01:07:57 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.23 01:07:53 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.01.23 16:51:28 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
[2011.06.07 15:23:19 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2012.03.16 13:17:18 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}\ARPPRODUCTICON.exe
[2010.10.05 17:58:48 | 000,010,134 | R--- | M] () -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2012.03.18 22:44:26 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{D11F12BE-A881-4157-B2D2-A676CD7FB1F0}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.12.18 21:08:44 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.05.14 22:45:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.14 22:45:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4

< End of report >
--- --- ---
Alt 04.04.2012, 20:58   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITS Background Download {6B6FD2A2-C085-4392-AE69-60F770122BBF}.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell - "" = AutoRun
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe

Alt 05.04.2012, 11:40   #22
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Hallo Arne!
bin eben erst wieder zurück am PC...

Script habe ich ausgeführt - Rechner ist einmal neu gestartet.

Hier das LOG:

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITS Background Download {6B6FD2A2-C085-4392-AE69-60F770122BBF}.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\ not found.
File G:\LaunchU3.exe -a not found.
ADS C:\ProgramData\TEMP:264B2CC4 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Test
->Temp folder emptied: 1784489314 bytes
->Temporary Internet Files folder emptied: 405812777 bytes
->Java cache emptied: 29217828 bytes
->FireFox cache emptied: 54576382 bytes
->Flash cache emptied: 23664446 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 763256 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256893231 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.437,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Test
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_123146

Files\Folders moved on Reboot...
File\Folder C:\Users\Test\AppData\Local\Temp\2011-08-08-1169699043_04-RG.PDF  not found!
File\Folder C:\Users\Test\AppData\Local\Temp\2011-09-09-1180530515_04-RG-1.PDF  not found!
File\Folder C:\Users\Test\AppData\Local\Temp\2011-09-09-1180530515_04-RG.PDF  not found!
C:\Users\Test\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2848.log moved successfully.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 05.04.2012, 13:39   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.04.2012, 14:06   #24
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Hier das TDSS-log:

Code:
ATTFilter
14:58:48.0730 7076	TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
14:58:48.0847 7076	============================================================
14:58:48.0847 7076	Current date / time: 2012/04/05 14:58:48.0847
14:58:48.0847 7076	SystemInfo:
14:58:48.0847 7076	
14:58:48.0847 7076	OS Version: 6.1.7601 ServicePack: 1.0
14:58:48.0847 7076	Product type: Workstation
14:58:48.0847 7076	ComputerName: NC6400
14:58:48.0847 7076	UserName: Test
14:58:48.0847 7076	Windows directory: C:\Windows
14:58:48.0848 7076	System windows directory: C:\Windows
14:58:48.0848 7076	Running under WOW64
14:58:48.0848 7076	Processor architecture: Intel x64
14:58:48.0848 7076	Number of processors: 2
14:58:48.0848 7076	Page size: 0x1000
14:58:48.0848 7076	Boot type: Normal boot
14:58:48.0848 7076	============================================================
14:58:49.0773 7076	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:58:49.0779 7076	\Device\Harddisk0\DR0:
14:58:49.0779 7076	MBR used
14:58:49.0779 7076	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x65F5B
14:58:49.0779 7076	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x65F9A, BlocksNum 0x129B69E8
14:58:49.0779 7076	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A1C982, BlocksNum 0x25E131C7
14:58:49.0795 7076	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3882FB88, BlocksNum 0x1B550B9
14:58:49.0942 7076	Initialize success
14:58:49.0942 7076	============================================================
14:59:51.0739 1152	============================================================
14:59:51.0739 1152	Scan started
14:59:51.0739 1152	Mode: Manual; SigCheck; TDLFS; 
14:59:51.0740 1152	============================================================
14:59:52.0736 1152	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:59:52.0954 1152	1394ohci - ok
14:59:53.0039 1152	ac.sharedstore  (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
14:59:53.0094 1152	ac.sharedstore - ok
14:59:53.0200 1152	Accelerometer   (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:59:53.0286 1152	Accelerometer - ok
14:59:53.0385 1152	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:59:53.0421 1152	ACPI - ok
14:59:53.0543 1152	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:59:53.0611 1152	AcpiPmi - ok
14:59:53.0725 1152	AcrSch2Svc      (dbff071061decb3af068ae449a52786e) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
14:59:53.0754 1152	AcrSch2Svc - ok
14:59:53.0871 1152	ADIHdAudAddService (7966c2e1d2fc95bd6246ac1e45ba5e31) C:\Windows\system32\drivers\ADIHdAud.sys
14:59:53.0923 1152	ADIHdAudAddService - ok
14:59:54.0038 1152	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:59:54.0053 1152	AdobeARMservice - ok
14:59:54.0190 1152	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:59:54.0213 1152	AdobeFlashPlayerUpdateSvc - ok
14:59:54.0333 1152	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:59:54.0361 1152	adp94xx - ok
14:59:54.0402 1152	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:59:54.0420 1152	adpahci - ok
14:59:54.0469 1152	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:59:54.0500 1152	adpu320 - ok
14:59:54.0552 1152	AEADIFilters    (460d73f2aed144455d55c18068dbc90d) C:\Windows\system32\AEADISRV.EXE
14:59:54.0588 1152	AEADIFilters - ok
14:59:54.0617 1152	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:59:54.0838 1152	AeLookupSvc - ok
14:59:54.0945 1152	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:59:55.0112 1152	AFD - ok
14:59:55.0235 1152	AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
14:59:55.0316 1152	AgereSoftModem - ok
14:59:55.0408 1152	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:59:55.0429 1152	agp440 - ok
14:59:55.0479 1152	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:59:55.0518 1152	ALG - ok
14:59:55.0616 1152	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:59:55.0635 1152	aliide - ok
14:59:55.0681 1152	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:59:55.0706 1152	amdide - ok
14:59:55.0771 1152	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:59:55.0819 1152	AmdK8 - ok
14:59:55.0897 1152	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:59:55.0942 1152	AmdPPM - ok
14:59:56.0026 1152	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:59:56.0043 1152	amdsata - ok
14:59:56.0155 1152	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:59:56.0179 1152	amdsbs - ok
14:59:56.0232 1152	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:59:56.0242 1152	amdxata - ok
14:59:56.0305 1152	androidusb      (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
14:59:56.0342 1152	androidusb - ok
14:59:56.0406 1152	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:59:56.0436 1152	AntiVirSchedulerService - ok
14:59:56.0470 1152	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:59:56.0484 1152	AntiVirService - ok
14:59:56.0568 1152	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:59:56.0791 1152	AppID - ok
14:59:56.0865 1152	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:59:56.0924 1152	AppIDSvc - ok
14:59:57.0009 1152	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:59:57.0061 1152	Appinfo - ok
14:59:57.0131 1152	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:59:57.0199 1152	AppMgmt - ok
14:59:57.0285 1152	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:59:57.0307 1152	arc - ok
14:59:57.0355 1152	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:59:57.0382 1152	arcsas - ok
14:59:57.0453 1152	ASBroker        (6d9c17b3b2526539fb1ea68b3bd4d402) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
14:59:57.0473 1152	ASBroker - ok
14:59:57.0505 1152	ASChannel       (47f16e188376c7d263ceeab8fe65a1c2) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll
14:59:57.0515 1152	ASChannel - ok
14:59:57.0618 1152	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:59:57.0731 1152	aspnet_state - ok
14:59:57.0846 1152	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:59:57.0914 1152	AsyncMac - ok
14:59:58.0001 1152	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:59:58.0023 1152	atapi - ok
14:59:58.0104 1152	atchksrv        (f0bb742487725c342f280d64003d3e79) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
14:59:58.0123 1152	atchksrv - ok
14:59:58.0205 1152	Ati External Event Utility (b3e04c9941c8dc929085898963a7860e) C:\Windows\system32\Ati2evxx.exe
14:59:58.0304 1152	Ati External Event Utility - ok
14:59:58.0492 1152	atikmdag        (3dd9382f0576664de50f047df2edbd3f) C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:58.0631 1152	atikmdag - ok
14:59:58.0710 1152	ATService       (27bf131c3db208a3e79961693d66d687) C:\Program Files\Fingerprint Sensor\ATService.exe
14:59:58.0795 1152	ATService - ok
14:59:58.0894 1152	ATSwpWDF        (e10f5568d058ecf442dd74e2ea09be97) C:\Windows\system32\Drivers\ATSwpWDF.sys
14:59:58.0937 1152	ATSwpWDF - ok
14:59:59.0027 1152	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:59:59.0120 1152	AudioEndpointBuilder - ok
14:59:59.0152 1152	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:59:59.0187 1152	AudioSrv - ok
14:59:59.0268 1152	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
14:59:59.0284 1152	avgntflt - ok
14:59:59.0315 1152	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
14:59:59.0324 1152	avipbb - ok
14:59:59.0404 1152	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:59:59.0510 1152	AxInstSV - ok
14:59:59.0603 1152	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:59:59.0665 1152	b06bdrv - ok
14:59:59.0765 1152	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:59:59.0819 1152	b57nd60a - ok
14:59:59.0890 1152	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:59:59.0956 1152	BDESVC - ok
15:00:00.0061 1152	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:00:00.0130 1152	Beep - ok
15:00:00.0246 1152	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:00:00.0330 1152	BFE - ok
15:00:00.0437 1152	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:00:00.0534 1152	BITS - ok
15:00:00.0620 1152	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:00.0649 1152	blbdrive - ok
15:00:00.0734 1152	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:00:00.0769 1152	bowser - ok
15:00:00.0876 1152	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:00.0959 1152	BrFiltLo - ok
15:00:01.0065 1152	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:01.0093 1152	BrFiltUp - ok
15:00:01.0177 1152	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:00:01.0246 1152	Browser - ok
15:00:01.0386 1152	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:00:01.0479 1152	Brserid - ok
15:00:01.0565 1152	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:01.0603 1152	BrSerWdm - ok
15:00:01.0715 1152	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:01.0759 1152	BrUsbMdm - ok
15:00:01.0831 1152	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:01.0874 1152	BrUsbSer - ok
15:00:01.0968 1152	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:00:02.0026 1152	BthEnum - ok
15:00:02.0103 1152	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:02.0148 1152	BTHMODEM - ok
15:00:02.0242 1152	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:00:02.0297 1152	BthPan - ok
15:00:02.0389 1152	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:00:02.0431 1152	BTHPORT - ok
15:00:02.0492 1152	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:00:02.0560 1152	bthserv - ok
15:00:02.0682 1152	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:00:02.0723 1152	BTHUSB - ok
15:00:02.0812 1152	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
15:00:02.0830 1152	btwaudio - ok
15:00:02.0907 1152	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
15:00:02.0930 1152	btwavdt - ok
15:00:03.0022 1152	btwdins         (17da11c703b8e86ac3df8f796a118aef) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:00:03.0076 1152	btwdins - ok
15:00:03.0170 1152	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:00:03.0190 1152	btwl2cap - ok
15:00:03.0339 1152	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
15:00:03.0356 1152	btwrchid - ok
15:00:03.0407 1152	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:00:03.0463 1152	cdfs - ok
15:00:03.0533 1152	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:00:03.0570 1152	cdrom - ok
15:00:03.0654 1152	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:00:03.0719 1152	CertPropSvc - ok
15:00:03.0797 1152	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:00:03.0840 1152	circlass - ok
15:00:03.0907 1152	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:00:03.0939 1152	CLFS - ok
15:00:04.0019 1152	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:04.0041 1152	clr_optimization_v2.0.50727_32 - ok
15:00:04.0106 1152	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:04.0131 1152	clr_optimization_v2.0.50727_64 - ok
15:00:04.0205 1152	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:04.0341 1152	clr_optimization_v4.0.30319_32 - ok
15:00:04.0410 1152	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:04.0455 1152	clr_optimization_v4.0.30319_64 - ok
15:00:04.0529 1152	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:04.0554 1152	CmBatt - ok
15:00:04.0607 1152	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:00:04.0636 1152	cmdide - ok
15:00:04.0680 1152	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:00:04.0777 1152	CNG - ok
15:00:04.0868 1152	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:00:04.0890 1152	Compbatt - ok
15:00:04.0970 1152	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:00:05.0014 1152	CompositeBus - ok
15:00:05.0071 1152	COMSysApp - ok
15:00:05.0168 1152	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:05.0191 1152	crcdisk - ok
15:00:05.0252 1152	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:00:05.0330 1152	CryptSvc - ok
15:00:05.0384 1152	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:00:05.0448 1152	CSC - ok
15:00:05.0535 1152	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:00:05.0593 1152	CscService - ok
15:00:05.0684 1152	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:00:05.0782 1152	DcomLaunch - ok
15:00:05.0907 1152	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:00:05.0972 1152	defragsvc - ok
15:00:06.0046 1152	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:00:06.0096 1152	DfsC - ok
15:00:06.0149 1152	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:00:06.0187 1152	Dhcp - ok
15:00:06.0255 1152	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:00:06.0332 1152	discache - ok
15:00:06.0431 1152	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:00:06.0454 1152	Disk - ok
15:00:06.0710 1152	DisplayLinkService (20ee3de8920a77ad84d4aa9a08cd1bc4) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
15:00:06.0980 1152	DisplayLinkService - ok
15:00:07.0067 1152	dlkmd           (f7b3c3e03d957d73d41947402d9cd406) C:\Windows\system32\drivers\dlkmd.sys
15:00:07.0087 1152	dlkmd - ok
15:00:07.0185 1152	dlkmdldr        (389fb1d69a1b0e2403327590bf50084b) C:\Windows\system32\drivers\dlkmdldr.sys
15:00:07.0208 1152	dlkmdldr - ok
15:00:07.0244 1152	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:00:07.0282 1152	Dnscache - ok
15:00:07.0335 1152	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:00:07.0381 1152	dot3svc - ok
15:00:07.0443 1152	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:00:07.0487 1152	DPS - ok
15:00:07.0560 1152	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:00:07.0613 1152	drmkaud - ok
15:00:07.0707 1152	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:00:07.0764 1152	DXGKrnl - ok
15:00:07.0810 1152	e1express       (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys
15:00:07.0823 1152	e1express - ok
15:00:07.0845 1152	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:00:07.0887 1152	EapHost - ok
15:00:07.0979 1152	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:00:08.0103 1152	ebdrv - ok
15:00:08.0179 1152	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:00:08.0230 1152	EFS - ok
15:00:08.0312 1152	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:00:08.0394 1152	ehRecvr - ok
15:00:08.0416 1152	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:00:08.0440 1152	ehSched - ok
15:00:08.0519 1152	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:00:08.0547 1152	elxstor - ok
15:00:08.0575 1152	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:00:08.0595 1152	ErrDev - ok
15:00:08.0636 1152	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:00:08.0688 1152	EventSystem - ok
15:00:08.0736 1152	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:00:08.0791 1152	exfat - ok
15:00:08.0809 1152	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:00:08.0849 1152	fastfat - ok
15:00:08.0910 1152	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:00:08.0973 1152	Fax - ok
15:00:09.0045 1152	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:00:09.0074 1152	fdc - ok
15:00:09.0129 1152	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:00:09.0203 1152	fdPHost - ok
15:00:09.0303 1152	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:00:09.0379 1152	FDResPub - ok
15:00:09.0454 1152	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:00:09.0476 1152	FileInfo - ok
15:00:09.0537 1152	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:00:09.0603 1152	Filetrace - ok
15:00:09.0643 1152	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:09.0678 1152	flpydisk - ok
15:00:09.0730 1152	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:00:09.0759 1152	FltMgr - ok
15:00:09.0819 1152	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:00:09.0904 1152	FontCache - ok
15:00:09.0973 1152	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:09.0991 1152	FontCache3.0.0.0 - ok
15:00:10.0045 1152	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:00:10.0070 1152	FsDepends - ok
15:00:10.0121 1152	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:00:10.0133 1152	Fs_Rec - ok
15:00:10.0219 1152	FTDIBUS         (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
15:00:10.0235 1152	FTDIBUS - ok
15:00:10.0298 1152	FTSER2K         (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
15:00:10.0316 1152	FTSER2K - ok
15:00:10.0435 1152	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:00:10.0461 1152	fvevol - ok
15:00:10.0520 1152	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:10.0548 1152	gagp30kx - ok
15:00:10.0611 1152	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:00:10.0689 1152	gpsvc - ok
15:00:10.0795 1152	GTIPCI21        (e9783944508c9b1b686bae14d671ba16) C:\Windows\system32\DRIVERS\gtipci21.sys
15:00:10.0839 1152	GTIPCI21 - ok
15:00:10.0927 1152	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:10.0947 1152	gupdate - ok
15:00:10.0960 1152	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:10.0971 1152	gupdatem - ok
15:00:11.0061 1152	HBtnKey         (965fc9d0bd1e13b02dc71b77b68092f4) C:\Windows\system32\DRIVERS\cpqbttn64.sys
15:00:11.0102 1152	HBtnKey - ok
15:00:11.0231 1152	hcmon           (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
15:00:11.0249 1152	hcmon - ok
15:00:11.0383 1152	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:00:11.0416 1152	hcw85cir - ok
15:00:11.0543 1152	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:00:11.0582 1152	HdAudAddService - ok
15:00:11.0728 1152	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:11.0780 1152	HDAudBus - ok
15:00:11.0923 1152	HECIx64         (592ea3f6bdeacf3e434bfca290eea5a0) C:\Windows\system32\DRIVERS\HECIx64.sys
15:00:11.0941 1152	HECIx64 - ok
15:00:12.0069 1152	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:12.0105 1152	HidBatt - ok
15:00:12.0246 1152	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:00:12.0289 1152	HidBth - ok
15:00:12.0414 1152	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:00:12.0469 1152	HidIr - ok
15:00:12.0592 1152	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:00:12.0659 1152	hidserv - ok
15:00:12.0773 1152	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:00:12.0802 1152	HidUsb - ok
15:00:12.0914 1152	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:00:12.0985 1152	hkmsvc - ok
15:00:13.0048 1152	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:00:13.0096 1152	HomeGroupListener - ok
15:00:13.0152 1152	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:00:13.0189 1152	HomeGroupProvider - ok
15:00:13.0294 1152	HP Health Check Service - ok
15:00:13.0359 1152	HP ProtectTools Service (aa1ecd3306f0c5bb2418d5715199bff7) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
15:00:13.0381 1152	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
15:00:13.0381 1152	HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
15:00:13.0440 1152	HPDrvMntSvc.exe (14e3c3e8434d7f92c0496a1af8503061) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:00:13.0460 1152	HPDrvMntSvc.exe - ok
15:00:13.0591 1152	hpdskflt        (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:00:13.0627 1152	hpdskflt - ok
15:00:13.0726 1152	HpFkCryptService (4a4a85248ddba176257913d53fff393e) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
15:00:13.0740 1152	HpFkCryptService - ok
15:00:13.0876 1152	hpqwmiex        (33c884a6bdd35f22e3c2bddc55bc13de) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:00:13.0895 1152	hpqwmiex - ok
15:00:14.0037 1152	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:00:14.0049 1152	HpSAMD - ok
15:00:14.0146 1152	hpsrv           (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
15:00:14.0159 1152	hpsrv - ok
15:00:14.0222 1152	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:00:14.0283 1152	HTTP - ok
15:00:14.0408 1152	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:00:14.0422 1152	hwpolicy - ok
15:00:14.0500 1152	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:14.0513 1152	i8042prt - ok
15:00:14.0584 1152	IAANTMON        (593ef9f904c8497f6d794dc6fcc59dca) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:00:14.0611 1152	IAANTMON - ok
15:00:14.0748 1152	iaStor          (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys
15:00:14.0772 1152	iaStor - ok
15:00:14.0869 1152	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:00:14.0898 1152	iaStorV - ok
15:00:14.0976 1152	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:15.0034 1152	idsvc - ok
15:00:15.0242 1152	igfx            (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:00:15.0450 1152	igfx - ok
15:00:15.0558 1152	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:00:15.0588 1152	iirsp - ok
15:00:15.0670 1152	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:00:15.0772 1152	IKEEXT - ok
15:00:15.0970 1152	InforVisualDrillback (e238f304e27bd477591125d3927b95f0) C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe
15:00:16.0178 1152	InforVisualDrillback ( UnsignedFile.Multi.Generic ) - warning
15:00:16.0178 1152	InforVisualDrillback - detected UnsignedFile.Multi.Generic (1)
15:00:16.0272 1152	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:00:16.0293 1152	intelide - ok
15:00:16.0386 1152	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:00:16.0431 1152	intelppm - ok
15:00:16.0547 1152	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:00:16.0605 1152	IPBusEnum - ok
15:00:16.0670 1152	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:16.0722 1152	IpFilterDriver - ok
15:00:16.0772 1152	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:00:16.0832 1152	iphlpsvc - ok
15:00:16.0895 1152	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:00:16.0938 1152	IPMIDRV - ok
15:00:16.0976 1152	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:00:17.0029 1152	IPNAT - ok
15:00:17.0083 1152	irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
15:00:17.0152 1152	irda - ok
15:00:17.0260 1152	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:00:17.0304 1152	IRENUM - ok
15:00:17.0394 1152	Irmon           (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
15:00:17.0439 1152	Irmon - ok
15:00:17.0554 1152	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:00:17.0578 1152	isapnp - ok
15:00:17.0698 1152	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:00:17.0739 1152	iScsiPrt - ok
15:00:17.0807 1152	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:17.0827 1152	kbdclass - ok
15:00:17.0899 1152	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:00:17.0940 1152	kbdhid - ok
15:00:17.0988 1152	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:18.0020 1152	KeyIso - ok
15:00:18.0080 1152	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:00:18.0109 1152	KSecDD - ok
15:00:18.0146 1152	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:00:18.0161 1152	KSecPkg - ok
15:00:18.0186 1152	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:00:18.0266 1152	ksthunk - ok
15:00:18.0301 1152	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:00:18.0352 1152	KtmRm - ok
15:00:18.0379 1152	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:00:18.0422 1152	LanmanServer - ok
15:00:18.0448 1152	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:00:18.0480 1152	LanmanWorkstation - ok
15:00:18.0544 1152	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:00:18.0606 1152	lltdio - ok
15:00:18.0638 1152	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:00:18.0694 1152	lltdsvc - ok
15:00:18.0725 1152	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:00:18.0756 1152	lmhosts - ok
15:00:18.0818 1152	LMS             (f58f73de40c85e5b132b4ab275a0f4b0) C:\Program Files (x86)\Intel\AMT\LMS.exe
15:00:18.0834 1152	LMS - ok
15:00:18.0948 1152	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:18.0978 1152	LSI_FC - ok
15:00:19.0082 1152	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:19.0114 1152	LSI_SAS - ok
15:00:19.0214 1152	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:19.0236 1152	LSI_SAS2 - ok
15:00:19.0338 1152	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:19.0368 1152	LSI_SCSI - ok
15:00:19.0462 1152	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:00:19.0530 1152	luafv - ok
15:00:19.0619 1152	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
15:00:19.0644 1152	McComponentHostService - ok
15:00:19.0705 1152	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:00:19.0739 1152	Mcx2Svc - ok
15:00:19.0813 1152	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:00:19.0834 1152	megasas - ok
15:00:19.0907 1152	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:19.0934 1152	MegaSR - ok
15:00:19.0991 1152	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:00:20.0041 1152	MMCSS - ok
15:00:20.0111 1152	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:00:20.0177 1152	Modem - ok
15:00:20.0271 1152	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:00:20.0311 1152	monitor - ok
15:00:20.0419 1152	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:00:20.0448 1152	mouclass - ok
15:00:20.0566 1152	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:00:20.0618 1152	mouhid - ok
15:00:20.0716 1152	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:00:20.0747 1152	mountmgr - ok
15:00:20.0856 1152	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:00:20.0879 1152	mpio - ok
15:00:20.0927 1152	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:00:20.0984 1152	mpsdrv - ok
15:00:21.0041 1152	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:00:21.0138 1152	MpsSvc - ok
15:00:21.0206 1152	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:00:21.0238 1152	MRxDAV - ok
15:00:21.0314 1152	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:21.0341 1152	mrxsmb - ok
15:00:21.0386 1152	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:21.0433 1152	mrxsmb10 - ok
15:00:21.0493 1152	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:21.0513 1152	mrxsmb20 - ok
15:00:21.0566 1152	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:00:21.0591 1152	msahci - ok
15:00:21.0629 1152	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:00:21.0647 1152	msdsm - ok
15:00:21.0675 1152	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:00:21.0696 1152	MSDTC - ok
15:00:21.0726 1152	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:00:21.0758 1152	Msfs - ok
15:00:21.0784 1152	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:00:21.0826 1152	mshidkmdf - ok
15:00:21.0851 1152	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:00:21.0860 1152	msisadrv - ok
15:00:21.0900 1152	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:00:21.0958 1152	MSiSCSI - ok
15:00:21.0965 1152	msiserver - ok
15:00:22.0068 1152	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:00:22.0147 1152	MSKSSRV - ok
15:00:22.0243 1152	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:22.0291 1152	MSPCLOCK - ok
15:00:22.0374 1152	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:00:22.0452 1152	MSPQM - ok
15:00:22.0541 1152	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:00:22.0572 1152	MsRPC - ok
15:00:22.0711 1152	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:00:22.0734 1152	mssmbios - ok
15:00:22.0786 1152	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:00:22.0868 1152	MSTEE - ok
15:00:22.0906 1152	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:22.0934 1152	MTConfig - ok
15:00:22.0968 1152	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:00:22.0978 1152	Mup - ok
15:00:23.0013 1152	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:00:23.0064 1152	napagent - ok
15:00:23.0169 1152	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:00:23.0215 1152	NativeWifiP - ok
15:00:23.0331 1152	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:00:23.0406 1152	NDIS - ok
15:00:23.0492 1152	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:23.0567 1152	NdisCap - ok
15:00:23.0661 1152	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:23.0738 1152	NdisTapi - ok
15:00:23.0835 1152	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:23.0886 1152	Ndisuio - ok
15:00:23.0984 1152	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:24.0057 1152	NdisWan - ok
15:00:24.0150 1152	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:00:24.0212 1152	NDProxy - ok
15:00:24.0338 1152	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:00:24.0403 1152	NetBIOS - ok
15:00:24.0563 1152	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:00:24.0628 1152	NetBT - ok
15:00:24.0733 1152	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:24.0759 1152	Netlogon - ok
15:00:24.0885 1152	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:00:25.0009 1152	Netman - ok
15:00:25.0147 1152	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:25.0188 1152	NetMsmqActivator - ok
15:00:25.0204 1152	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:25.0213 1152	NetPipeActivator - ok
15:00:25.0308 1152	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:00:25.0361 1152	netprofm - ok
15:00:25.0446 1152	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:25.0465 1152	NetTcpActivator - ok
15:00:25.0470 1152	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:25.0484 1152	NetTcpPortSharing - ok
15:00:25.0704 1152	netw5v64        (50d4c98bc85e87e5f38bd3960457c18b) C:\Windows\system32\DRIVERS\netw5v64.sys
15:00:25.0912 1152	netw5v64 - ok
15:00:26.0027 1152	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:26.0048 1152	nfrd960 - ok
15:00:26.0176 1152	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:00:26.0264 1152	NlaSvc - ok
15:00:26.0399 1152	nmwcdx64        (ad8c3895155ee8d057f073856b2d5851) C:\Windows\system32\drivers\nmwcdx64.sys
15:00:26.0473 1152	nmwcdx64 - ok
15:00:26.0604 1152	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:00:26.0661 1152	Npfs - ok
15:00:26.0780 1152	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:00:26.0862 1152	nsi - ok
15:00:26.0973 1152	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:00:27.0062 1152	nsiproxy - ok
15:00:27.0247 1152	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:00:27.0392 1152	Ntfs - ok
15:00:27.0486 1152	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:00:27.0561 1152	Null - ok
15:00:27.0670 1152	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:00:27.0696 1152	nvraid - ok
15:00:27.0803 1152	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:00:27.0827 1152	nvstor - ok
15:00:27.0954 1152	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:00:27.0988 1152	nv_agp - ok
15:00:28.0106 1152	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:00:28.0146 1152	ohci1394 - ok
15:00:28.0259 1152	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:00:28.0307 1152	p2pimsvc - ok
15:00:28.0420 1152	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:00:28.0448 1152	p2psvc - ok
15:00:28.0570 1152	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:00:28.0597 1152	Parport - ok
15:00:28.0708 1152	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:00:28.0740 1152	partmgr - ok
15:00:28.0851 1152	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:00:28.0909 1152	PcaSvc - ok
15:00:29.0031 1152	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:00:29.0061 1152	pci - ok
15:00:29.0185 1152	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:00:29.0211 1152	pciide - ok
15:00:29.0344 1152	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:29.0382 1152	pcmcia - ok
15:00:29.0436 1152	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:00:29.0460 1152	pcw - ok
15:00:29.0487 1152	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:00:29.0545 1152	PEAUTH - ok
15:00:29.0619 1152	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:00:29.0776 1152	PeerDistSvc - ok
15:00:29.0844 1152	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:00:29.0884 1152	PerfHost - ok
15:00:29.0974 1152	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:00:30.0068 1152	pla - ok
15:00:30.0175 1152	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:00:30.0219 1152	PlugPlay - ok
15:00:30.0307 1152	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:00:30.0351 1152	PNRPAutoReg - ok
15:00:30.0450 1152	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:00:30.0475 1152	PNRPsvc - ok
15:00:30.0569 1152	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:00:30.0624 1152	PolicyAgent - ok
15:00:30.0724 1152	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:00:30.0782 1152	Power - ok
15:00:30.0908 1152	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:00:30.0970 1152	PptpMiniport - ok
15:00:31.0077 1152	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:00:31.0113 1152	Processor - ok
15:00:31.0219 1152	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:00:31.0283 1152	ProfSvc - ok
15:00:31.0375 1152	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:31.0405 1152	ProtectedStorage - ok
15:00:31.0520 1152	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:00:31.0579 1152	Psched - ok
15:00:31.0752 1152	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:00:31.0892 1152	ql2300 - ok
15:00:32.0013 1152	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:32.0038 1152	ql40xx - ok
15:00:32.0155 1152	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:00:32.0196 1152	QWAVE - ok
15:00:32.0302 1152	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:00:32.0351 1152	QWAVEdrv - ok
15:00:32.0460 1152	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:00:32.0520 1152	RasAcd - ok
15:00:32.0623 1152	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:32.0689 1152	RasAgileVpn - ok
15:00:32.0797 1152	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:00:32.0874 1152	RasAuto - ok
15:00:32.0973 1152	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:33.0032 1152	Rasl2tp - ok
15:00:33.0082 1152	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:00:33.0166 1152	RasMan - ok
15:00:33.0265 1152	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:33.0338 1152	RasPppoe - ok
15:00:33.0469 1152	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:00:33.0553 1152	RasSstp - ok
15:00:33.0676 1152	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:00:33.0728 1152	rdbss - ok
15:00:33.0843 1152	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:33.0882 1152	rdpbus - ok
15:00:33.0999 1152	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:34.0076 1152	RDPCDD - ok
15:00:34.0202 1152	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:00:34.0249 1152	RDPDR - ok
15:00:34.0368 1152	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:00:34.0459 1152	RDPENCDD - ok
15:00:34.0567 1152	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:00:34.0618 1152	RDPREFMP - ok
15:00:34.0763 1152	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:00:34.0812 1152	RdpVideoMiniport - ok
15:00:34.0936 1152	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:00:34.0997 1152	RDPWD - ok
15:00:35.0129 1152	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:00:35.0154 1152	rdyboost - ok
15:00:35.0256 1152	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:00:35.0320 1152	RemoteAccess - ok
15:00:35.0429 1152	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:00:35.0490 1152	RemoteRegistry - ok
15:00:35.0605 1152	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:00:35.0645 1152	RFCOMM - ok
15:00:35.0763 1152	RICOH SmartCard Reader (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
15:00:35.0810 1152	RICOH SmartCard Reader - ok
15:00:35.0923 1152	rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:00:35.0961 1152	rimmptsk - ok
15:00:36.0084 1152	rismcx64        (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
15:00:36.0109 1152	rismcx64 - ok
15:00:36.0196 1152	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:00:36.0265 1152	RpcEptMapper - ok
15:00:36.0364 1152	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:00:36.0415 1152	RpcLocator - ok
15:00:36.0525 1152	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:00:36.0576 1152	RpcSs - ok
15:00:36.0752 1152	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:00:36.0824 1152	rspndr - ok
15:00:36.0933 1152	RsvLock         (67834af0371f69a1b512998daecce098) C:\Windows\system32\drivers\RsvLock.sys
15:00:36.0955 1152	RsvLock - ok
15:00:37.0077 1152	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:00:37.0125 1152	s3cap - ok
15:00:37.0230 1152	SafeBoot        (ea60bc950913fbf3ce7d9d805745f87b) C:\Windows\system32\drivers\SafeBoot.sys
15:00:37.0230 1152	Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: ea60bc950913fbf3ce7d9d805745f87b
15:00:37.0231 1152	SafeBoot ( LockedFile.Multi.Generic ) - warning
15:00:37.0231 1152	SafeBoot - detected LockedFile.Multi.Generic (1)
15:00:37.0330 1152	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:37.0357 1152	SamSs - ok
15:00:37.0468 1152	SbAlg           (1cfc2e8659484fa6e512405a0f79a00a) C:\Windows\system32\drivers\SbAlg.sys
15:00:37.0491 1152	SbAlg - ok
15:00:37.0602 1152	SbFsLock        (d11e0001180353f83177c3b869c6ce8e) C:\Windows\system32\drivers\SbFsLock.sys
15:00:37.0618 1152	SbFsLock - ok
15:00:37.0739 1152	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:00:37.0764 1152	sbp2port - ok
15:00:37.0866 1152	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:00:37.0923 1152	SCardSvr - ok
15:00:38.0038 1152	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:00:38.0115 1152	scfilter - ok
15:00:38.0243 1152	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:00:38.0385 1152	Schedule - ok
15:00:38.0514 1152	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:00:38.0565 1152	SCPolicySvc - ok
15:00:38.0688 1152	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
15:00:38.0723 1152	sdbus - ok
15:00:38.0814 1152	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:00:38.0863 1152	SDRSVC - ok
15:00:38.0977 1152	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:00:39.0030 1152	secdrv - ok
15:00:39.0126 1152	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:00:39.0178 1152	seclogon - ok
15:00:39.0271 1152	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:00:39.0343 1152	SENS - ok
15:00:39.0438 1152	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:00:39.0471 1152	SensrSvc - ok
15:00:39.0601 1152	Ser2pl          (3dc3ec72952bd60c438e397781ff0572) C:\Windows\system32\DRIVERS\ser2pl64.sys
15:00:39.0642 1152	Ser2pl - ok
15:00:39.0775 1152	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:00:39.0811 1152	Serenum - ok
15:00:39.0948 1152	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:00:39.0983 1152	Serial - ok
15:00:40.0123 1152	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:00:40.0148 1152	sermouse - ok
15:00:40.0307 1152	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:00:40.0388 1152	SessionEnv - ok
15:00:40.0518 1152	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:00:40.0583 1152	sffdisk - ok
15:00:40.0710 1152	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:00:40.0754 1152	sffp_mmc - ok
15:00:40.0881 1152	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:00:40.0918 1152	sffp_sd - ok
15:00:41.0045 1152	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:41.0080 1152	sfloppy - ok
15:00:41.0216 1152	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:00:41.0278 1152	SharedAccess - ok
15:00:41.0387 1152	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:00:41.0440 1152	ShellHWDetection - ok
15:00:41.0565 1152	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:41.0596 1152	SiSRaid2 - ok
15:00:41.0751 1152	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:41.0780 1152	SiSRaid4 - ok
15:00:41.0910 1152	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:00:41.0932 1152	SkypeUpdate - ok
15:00:42.0062 1152	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:00:42.0116 1152	Smb - ok
15:00:42.0252 1152	SMSCIRDA        (f44659f37349057e2880a66ed0ec89e5) C:\Windows\system32\DRIVERS\SMSCir64.sys
15:00:42.0296 1152	SMSCIRDA - ok
15:00:42.0438 1152	snapman         (20635287faa016e4e2a07e86c02759b8) C:\Windows\system32\DRIVERS\snapman.sys
15:00:42.0469 1152	snapman - ok
15:00:42.0582 1152	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:00:42.0622 1152	SNMPTRAP - ok
15:00:42.0726 1152	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:00:42.0756 1152	spldr - ok
15:00:42.0874 1152	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:00:42.0959 1152	Spooler - ok
15:00:43.0113 1152	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:00:43.0269 1152	sppsvc - ok
15:00:43.0305 1152	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:00:43.0372 1152	sppuinotify - ok
15:00:43.0469 1152	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:00:43.0508 1152	srv - ok
15:00:43.0632 1152	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:00:43.0664 1152	srv2 - ok
15:00:43.0796 1152	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:00:43.0844 1152	SrvHsfHDA - ok
15:00:43.0994 1152	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:00:44.0123 1152	SrvHsfV92 - ok
15:00:44.0248 1152	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:00:44.0309 1152	SrvHsfWinac - ok
15:00:44.0425 1152	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:00:44.0473 1152	srvnet - ok
15:00:44.0591 1152	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:00:44.0663 1152	SSDPSRV - ok
15:00:44.0756 1152	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:00:44.0809 1152	SstpSvc - ok
15:00:44.0922 1152	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:00:44.0943 1152	stexstor - ok
15:00:45.0075 1152	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:00:45.0135 1152	stisvc - ok
15:00:45.0254 1152	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:00:45.0276 1152	storflt - ok
15:00:45.0388 1152	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:00:45.0413 1152	storvsc - ok
15:00:45.0536 1152	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:00:45.0560 1152	swenum - ok
15:00:45.0660 1152	SwiCardDetectSvc (d75a136a0f63847a19601318730150b2) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
15:00:45.0674 1152	SwiCardDetectSvc - ok
15:00:45.0787 1152	SWIHPWMI        (58c341d38cfa462489b735d89df6df12) C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
15:00:45.0808 1152	SWIHPWMI - ok
15:00:45.0900 1152	SWNC8U02        (b5af3885c89fc53b272b980e867a0c38) C:\Windows\system32\DRIVERS\SWNC8U02.sys
15:00:45.0938 1152	SWNC8U02 - ok
15:00:46.0032 1152	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:00:46.0088 1152	swprv - ok
15:00:46.0191 1152	SWUMX02         (2256ae9055ef8a4e18bda96af72f970c) C:\Windows\system32\DRIVERS\swumx02.sys
15:00:46.0245 1152	SWUMX02 - ok
15:00:46.0312 1152	SWUMX20 - ok
15:00:46.0380 1152	Synth3dVsc - ok
15:00:46.0464 1152	SynTP           (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
15:00:46.0571 1152	SynTP - ok
15:00:46.0711 1152	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:00:46.0879 1152	SysMain - ok
15:00:46.0946 1152	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:00:46.0978 1152	TabletInputService - ok
15:00:47.0053 1152	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:00:47.0109 1152	TapiSrv - ok
15:00:47.0167 1152	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:00:47.0226 1152	TBS - ok
15:00:47.0327 1152	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:00:47.0431 1152	Tcpip - ok
15:00:47.0640 1152	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:00:47.0681 1152	TCPIP6 - ok
15:00:47.0772 1152	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:00:47.0846 1152	tcpipreg - ok
15:00:47.0898 1152	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:00:47.0937 1152	TDPIPE - ok
15:00:48.0032 1152	tdrpman251      (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
15:00:48.0126 1152	tdrpman251 - ok
15:00:48.0217 1152	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:00:48.0256 1152	TDTCP - ok
15:00:48.0350 1152	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:00:48.0414 1152	tdx - ok
15:00:48.0595 1152	TeamViewer6     (efd6843c137991cd253ca959e300e886) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
15:00:48.0705 1152	TeamViewer6 - ok
15:00:48.0899 1152	TeamViewer7     (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:00:49.0030 1152	TeamViewer7 - ok
15:00:49.0135 1152	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:00:49.0156 1152	TermDD - ok
15:00:49.0258 1152	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:00:49.0306 1152	TermService - ok
15:00:49.0338 1152	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:00:49.0368 1152	Themes - ok
15:00:49.0392 1152	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:00:49.0424 1152	THREADORDER - ok
15:00:49.0521 1152	tifm21          (30c94d6cde4acb9aa24a8223efa6b3b5) C:\Windows\system32\drivers\tifm21.sys
15:00:49.0561 1152	tifm21 - ok
15:00:49.0673 1152	timounter       (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
15:00:49.0768 1152	timounter - ok
15:00:49.0854 1152	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:00:49.0905 1152	TPM - ok
15:00:49.0992 1152	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:00:50.0067 1152	TrkWks - ok
15:00:50.0121 1152	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:00:50.0183 1152	TrustedInstaller - ok
15:00:50.0283 1152	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:50.0338 1152	tssecsrv - ok
15:00:50.0386 1152	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:00:50.0433 1152	TsUsbFlt - ok
15:00:50.0463 1152	tsusbhub - ok
15:00:50.0531 1152	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:00:50.0582 1152	tunnel - ok
15:00:50.0629 1152	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:00:50.0659 1152	uagp35 - ok
15:00:50.0714 1152	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:00:50.0790 1152	udfs - ok
15:00:50.0890 1152	ufad-ws60       (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
15:00:50.0913 1152	ufad-ws60 - ok
15:00:50.0979 1152	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:00:51.0004 1152	UI0Detect - ok
15:00:51.0120 1152	uigxrdr         (fdb805b2749dace784bd05125979b478) C:\Windows\system32\DRIVERS\uigxrdr.sys
15:00:51.0145 1152	uigxrdr - ok
15:00:51.0268 1152	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:00:51.0295 1152	uliagpkx - ok
15:00:51.0409 1152	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:00:51.0452 1152	umbus - ok
15:00:51.0565 1152	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:00:51.0588 1152	UmPass - ok
15:00:51.0707 1152	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:00:51.0740 1152	UmRdpService - ok
15:00:51.0854 1152	UNS             (74cd456c408a6343a759a57efd6d1bce) C:\Program Files (x86)\Intel\AMT\UNS.exe
15:00:51.0895 1152	UNS - ok
15:00:51.0996 1152	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:00:52.0102 1152	upnphost - ok
15:00:52.0167 1152	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:52.0190 1152	usbccgp - ok
15:00:52.0306 1152	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:00:52.0344 1152	usbcir - ok
15:00:52.0466 1152	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:00:52.0510 1152	usbehci - ok
15:00:52.0588 1152	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:00:52.0632 1152	usbhub - ok
15:00:52.0697 1152	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:00:52.0721 1152	usbohci - ok
15:00:52.0788 1152	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:00:52.0817 1152	usbprint - ok
15:00:52.0871 1152	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:00:52.0895 1152	usbscan - ok
15:00:52.0928 1152	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:52.0960 1152	USBSTOR - ok
15:00:53.0014 1152	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:00:53.0046 1152	usbuhci - ok
15:00:53.0103 1152	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:00:53.0166 1152	UxSms - ok
15:00:53.0190 1152	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:53.0202 1152	VaultSvc - ok
15:00:53.0269 1152	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:00:53.0289 1152	vdrvroot - ok
15:00:53.0324 1152	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:00:53.0373 1152	vds - ok
15:00:53.0434 1152	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:53.0467 1152	vga - ok
15:00:53.0506 1152	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:00:53.0578 1152	VgaSave - ok
15:00:53.0652 1152	VGPU - ok
15:00:53.0756 1152	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:00:53.0794 1152	vhdmp - ok
15:00:53.0835 1152	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:00:53.0850 1152	viaide - ok
15:00:53.0906 1152	VMAuthdService  (11dcd7a2a0b1f8532b80f5aa98f9903e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
15:00:53.0919 1152	VMAuthdService - ok
15:00:53.0993 1152	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:00:54.0018 1152	vmbus - ok
15:00:54.0115 1152	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:00:54.0161 1152	VMBusHID - ok
15:00:54.0248 1152	vmci            (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
15:00:54.0265 1152	vmci - ok
15:00:54.0345 1152	vmkbd           (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
15:00:54.0361 1152	vmkbd - ok
15:00:54.0413 1152	VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:00:54.0435 1152	VMnetAdapter - ok
15:00:54.0455 1152	VMnetBridge     (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:00:54.0467 1152	VMnetBridge - ok
15:00:54.0491 1152	VMnetDHCP - ok
15:00:54.0509 1152	VMnetuserif     (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
15:00:54.0521 1152	VMnetuserif - ok
15:00:54.0559 1152	vmusb           (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
15:00:54.0567 1152	vmusb - ok
15:00:54.0637 1152	VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
15:00:54.0669 1152	VMUSBArbService - ok
15:00:54.0737 1152	VMware NAT Service - ok
15:00:54.0849 1152	vmx86           (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
15:00:54.0868 1152	vmx86 - ok
15:00:54.0990 1152	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:00:55.0017 1152	volmgr - ok
15:00:55.0092 1152	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:00:55.0122 1152	volmgrx - ok
15:00:55.0189 1152	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:00:55.0217 1152	volsnap - ok
15:00:55.0260 1152	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
15:00:55.0276 1152	vpcbus - ok
15:00:55.0321 1152	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:00:55.0370 1152	vpcnfltr - ok
15:00:55.0482 1152	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
15:00:55.0520 1152	vpcusb - ok
15:00:55.0642 1152	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
15:00:55.0673 1152	vpcvmm - ok
15:00:55.0823 1152	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:00:55.0851 1152	vsmraid - ok
15:00:55.0962 1152	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:00:56.0100 1152	VSS - ok
15:00:56.0173 1152	vstor2-ws60     (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
15:00:56.0190 1152	vstor2-ws60 - ok
15:00:56.0270 1152	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:00:56.0327 1152	vwifibus - ok
15:00:56.0423 1152	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:00:56.0472 1152	W32Time - ok
15:00:56.0597 1152	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:00:56.0645 1152	WacomPen - ok
15:00:56.0778 1152	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:56.0856 1152	WANARP - ok
15:00:56.0916 1152	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:56.0969 1152	Wanarpv6 - ok
15:00:57.0082 1152	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:00:57.0151 1152	WatAdminSvc - ok
15:00:57.0274 1152	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:00:57.0410 1152	wbengine - ok
15:00:57.0501 1152	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:00:57.0540 1152	WbioSrvc - ok
15:00:57.0648 1152	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:00:57.0701 1152	wcncsvc - ok
15:00:57.0742 1152	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:00:57.0771 1152	WcsPlugInService - ok
15:00:57.0849 1152	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:00:57.0871 1152	Wd - ok
15:00:57.0943 1152	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:00:57.0999 1152	Wdf01000 - ok
15:00:58.0055 1152	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:00:58.0181 1152	WdiServiceHost - ok
15:00:58.0188 1152	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:00:58.0205 1152	WdiSystemHost - ok
15:00:58.0239 1152	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:00:58.0266 1152	WebClient - ok
15:00:58.0288 1152	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:00:58.0327 1152	Wecsvc - ok
15:00:58.0342 1152	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:00:58.0382 1152	wercplsupport - ok
15:00:58.0408 1152	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:00:58.0442 1152	WerSvc - ok
15:00:58.0496 1152	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:58.0552 1152	WfpLwf - ok
15:00:58.0580 1152	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:00:58.0590 1152	WIMMount - ok
15:00:58.0605 1152	WinDefend - ok
15:00:58.0612 1152	WinHttpAutoProxySvc - ok
15:00:58.0655 1152	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:00:58.0690 1152	Winmgmt - ok
15:00:58.0758 1152	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:00:58.0871 1152	WinRM - ok
15:00:58.0930 1152	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:00:58.0972 1152	WinUsb - ok
15:00:59.0012 1152	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:00:59.0079 1152	Wlansvc - ok
15:00:59.0147 1152	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:00:59.0186 1152	WmiAcpi - ok
15:00:59.0231 1152	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:00:59.0264 1152	wmiApSrv - ok
15:00:59.0321 1152	WMPNetworkSvc - ok
15:00:59.0403 1152	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:00:59.0438 1152	WPCSvc - ok
15:00:59.0565 1152	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:00:59.0604 1152	WPDBusEnum - ok
15:00:59.0732 1152	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:00:59.0803 1152	ws2ifsl - ok
15:00:59.0919 1152	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:00:59.0961 1152	wscsvc - ok
15:01:00.0040 1152	WSearch - ok
15:01:00.0200 1152	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:01:00.0357 1152	wuauserv - ok
15:01:00.0479 1152	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:01:00.0533 1152	WudfPf - ok
15:01:00.0663 1152	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:00.0737 1152	WUDFRd - ok
15:01:00.0858 1152	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:01:00.0915 1152	wudfsvc - ok
15:01:01.0026 1152	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:01:01.0070 1152	WwanSvc - ok
15:01:01.0162 1152	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:01:01.0295 1152	\Device\Harddisk0\DR0 - ok
15:01:01.0302 1152	Boot (0x1200)   (ec77a5e4abaac7bd319ec86f71b0f10e) \Device\Harddisk0\DR0\Partition0
15:01:01.0304 1152	\Device\Harddisk0\DR0\Partition0 - ok
15:01:01.0328 1152	Boot (0x1200)   (99226f48436098e9f9ab55a2ad065426) \Device\Harddisk0\DR0\Partition1
15:01:01.0330 1152	\Device\Harddisk0\DR0\Partition1 - ok
15:01:01.0351 1152	Boot (0x1200)   (5f047035f2758a649677c859f4073efb) \Device\Harddisk0\DR0\Partition2
15:01:01.0354 1152	\Device\Harddisk0\DR0\Partition2 - ok
15:01:01.0361 1152	Boot (0x1200)   (a1e4e6ea130b8973bea945da7d2b433a) \Device\Harddisk0\DR0\Partition3
15:01:01.0363 1152	\Device\Harddisk0\DR0\Partition3 - ok
15:01:01.0366 1152	============================================================
15:01:01.0366 1152	Scan finished
15:01:01.0366 1152	============================================================
15:01:01.0388 5992	Detected object count: 3
15:01:01.0388 5992	Actual detected object count: 3
15:01:31.0999 5992	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:31.0999 5992	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:32.0000 5992	InforVisualDrillback ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:32.0000 5992	InforVisualDrillback ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:32.0001 5992	SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
15:01:32.0001 5992	SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
Zu Deiner Info: InforVisualDrillback ist ein Tool, was ich hier installiert habe, da ich mit einem ERP-System namens Visual von Infor experimentiere...

HP ProtectTools Service kommt VERMUTLICH von HP, da das hier ein HP-Notebook ist.

SAFEBOOT sagt mir nichts....

Alt 05.04.2012, 14:31   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Das ist so ok

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.04.2012, 15:19   #26
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


hmmm - hab gerade ComboFix gestartet - zuvor AVIRA und alles andere abgestellt (Windows Defender hab ich vergessen... sorry!).

Das ist passiert:

Bei "Fertiggestellt Stufe 7" erschien eine Fehlermeldung: Dienstprogramm "Find String" (QGREP) funktioniert nicht mehr....

Was tun? Hab gerade die Windows-Fehlermeldung bestätigt mit "PROGRAMM SCHLIESSEN". Die folgenden Funktionen sind recht schnell abgelaufen bis Stufe_32...

es geht weiter....

rechner startet neu....

habe mich angemeldet...

Combofix wünscht, dass ich keine anderen Programme starte bevor es fertig ist....

Logfile erscheint.

Beim Versuch ein Programm zu starten wird eine Fehlermeldung wegen Schlüssel angezeigt... also Neustart.

Nach dem Neustart scheint alles wieder zu gehen.... hier dann jetzt das LOG:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-05.06 - Test 05.04.2012  15:44:23.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3047.1730 [GMT 2:00]
ausgeführt von:: c:\users\Test\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Test\4.0
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Inetde.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 14:45 . 2012-04-05 14:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-05 10:31 . 2012-04-05 10:31	--------	d-----w-	C:\_OTL
2012-04-04 12:39 . 2012-04-04 12:39	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-04-04 08:27 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9A77E99-D335-4A4A-8CA0-40BE7AA62AFC}\mpengine.dll
2012-04-03 10:39 . 2012-04-03 10:39	--------	d-----w-	c:\program files (x86)\ESET
2012-04-01 23:58 . 2012-04-01 23:58	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 23:58 . 2012-04-01 23:58	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 15:40 . 2012-04-01 16:15	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-04-01 15:01 . 2012-04-01 15:01	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-03-20 09:59 . 2012-03-20 09:59	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 09:59 . 2012-03-20 09:59	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 20:44 . 2012-03-18 20:44	45056	----a-r-	c:\users\Test\AppData\Roaming\Microsoft\Installer\{D11F12BE-A881-4157-B2D2-A676CD7FB1F0}\ARPPRODUCTICON.exe
2012-03-18 20:26 . 2012-03-18 21:07	--------	d-----w-	C:\Atlanta
2012-03-18 20:10 . 2012-03-18 20:10	--------	d-----w-	c:\programdata\Unify
2012-03-16 16:36 . 2012-03-16 16:36	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2012-03-16 16:36 . 2008-11-13 11:10	1002008	----a-w-	c:\windows\SysWow64\mesoludlg.exe
2012-03-16 16:36 . 2012-03-16 16:36	--------	d-----w-	c:\program files (x86)\Common Files\Intel
2012-03-16 16:36 . 2008-09-11 09:39	989720	----a-w-	c:\windows\SysWow64\heciudlg.exe
2012-03-16 13:44 . 2012-03-16 13:52	--------	d-----w-	C:\Auslagerung von E
2012-03-16 11:54 . 2012-03-16 11:54	--------	d-----w-	c:\program files (x86)\Seagate
2012-03-16 11:50 . 2012-03-16 11:50	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-16 11:21 . 2012-03-16 11:21	--------	d-----w-	c:\program files (x86)\Common Files\Business Objects
2012-03-16 11:21 . 2012-03-16 11:21	--------	d-----w-	c:\program files (x86)\Business Objects
2012-03-16 11:18 . 2012-03-16 11:21	--------	d-----w-	c:\program files (x86)\Infor Global Solutions
2012-03-16 11:17 . 2012-03-16 11:17	40960	----a-r-	c:\users\Test\AppData\Roaming\Microsoft\Installer\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}\ARPPRODUCTICON.exe
2012-03-16 11:17 . 2012-03-16 11:17	--------	d-----w-	C:\Infor
2012-03-15 08:10 . 2012-03-15 08:23	--------	d-----w-	c:\users\Test\.tfo4
2012-03-15 06:53 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-15 06:53 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 06:53 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-15 06:36 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-15 06:36 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-15 06:36 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-15 06:35 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-15 06:35 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-15 06:35 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-15 06:35 . 2012-02-17 06:38	1112064	----a-w-	c:\windows\system32\rdpcorets.dll
2012-03-15 06:35 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-15 06:35 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-15 06:35 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-15 06:35 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-09 13:27 . 2012-03-09 13:28	--------	d-----w-	c:\program files (x86)\CrystalDiskInfo
2012-03-06 18:56 . 2007-07-26 15:15	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2012-03-06 18:56 . 2012-03-06 18:56	--------	d-----w-	C:\Intel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-11-09 17:52	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:57 . 2012-02-21 12:01	545	----a-w-	c:\windows\UC.PIF
2012-02-17 06:57 . 2012-02-21 12:01	545	----a-w-	c:\windows\RAR.PIF
2012-02-17 06:57 . 2012-02-21 12:01	545	----a-w-	c:\windows\NOCLOSE.PIF
2012-02-17 06:57 . 2012-02-21 12:01	545	----a-w-	c:\windows\LHA.PIF
2012-02-17 06:57 . 2012-02-21 12:01	545	----a-w-	c:\windows\ARJ.PIF
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GMX_GMX Upload-Manager"="c:\program files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE" [2011-11-16 960608]
"GMX SMS-Manager"="c:\program files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"ApplyEsf-eDocPrintPro"="c:\program files (x86)\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" [2009-05-19 315392]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2010-10-08 329072]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2010-09-14 116080]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4389592]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 962688]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"PTHOSTTR"="c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="c:\progra~2\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2011-12-18 24848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Biet-O-Matic.lnk - c:\program files (x86)\Biet-O-Matic\Biet-O-Matic.exe [2012-3-4 1265664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
R3 InforVisualDrillback;InforVisualDrillback;C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe -p 9090 -n InforVisualDrillback webserversrvc [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
R3 SWNC8U02;HP hs2300 MUX NDIS Driver (#02);c:\windows\system32\DRIVERS\SWNC8U02.sys [x]
R3 SWUMX02;HP hs2300 USB MUX Driver (#02);c:\windows\system32\DRIVERS\swumx02.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S1 RsvLock;RsvLock; [x]
S1 uigxrdr;uigxrdr;c:\windows\system32\DRIVERS\uigxrdr.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-07-29 1841912]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-17 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-12-02 192368]
S2 SWIHPWMI;SWIHPWMI;c:\program files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files (x86)\Intel\AMT\UNS.exe [2008-05-25 1464856]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 64-Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCir64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ   	ASBroker
Bioscrypt	REG_MULTI_SZ   	ASChannel
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:58]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 11:05]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 11:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}]
2011-12-18 17:08	568592	----a-w-	c:\program files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 120320]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2011-12-18 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"atchk"="c:\program files (x86)\Intel\AMT\atchk.exe" [2008-05-25 408088]
"combofix"="c:\combofix\CF21472.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Background Download As - c:\bits_plugin\bits_ie.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\sxu8eipe.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM-Run-ApplyEsf-eDocPrintPro - c:\program files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Connect Add-in - c:\users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\InforVisualDrillback]
"ImagePath"="\"C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe\" -p 9090 -n InforVisualDrillback webserversrvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\InforVisualDrillback]
"ImagePath"="\"C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe\" -p 9090 -n InforVisualDrillback webserversrvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\AMT\atchksrv.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05  16:53:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-05 14:53
.
Vor Suchlauf: 20 Verzeichnis(se), 82.358.214.656 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 81.293.496.320 Bytes frei
.
- - End Of File - - D15E9FE3A2F3348AB1A913A234334368
--- --- ---
Geändert von tolpi (05.04.2012 um 16:00 Uhr)

Alt 05.04.2012, 16:22   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Zitat:
c:\windows\SysWow64\mesoludlg.exe
c:\windows\SysWow64\heciudlg.exe
Bitte diese beiden Dateien bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.04.2012, 16:34   #28
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


gesagt... getan!

Alt 05.04.2012, 17:09   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


Falscher Alarm, die Dateien sind ok

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.04.2012, 17:42   #30
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


und wieder ein Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 18:22:24
-----------------------------
18:22:24.269    OS Version: Windows x64 6.1.7601 Service Pack 1
18:22:24.269    Number of processors: 2 586 0x1706
18:22:24.310    ComputerName: NC6400  UserName: Test
18:22:25.104    Initialize success
18:23:51.503    AVAST engine defs: 12040500
18:24:32.155    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:24:32.159    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
18:24:32.162    Disk 0 MBR read successfully
18:24:32.166    Disk 0 MBR scan
18:24:32.171    Disk 0 Windows 7 default MBR code
18:24:32.175    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          203 MB offset 63
18:24:32.197    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152429 MB offset 417690
18:24:32.221    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       310310 MB offset 312592770
18:24:32.227    Disk 0 Partition - 00     05     Extended             13994 MB offset 948108105
18:24:32.253    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        13994 MB offset 948108168
18:24:32.279    Disk 0 scanning C:\Windows\system32\drivers
18:24:43.741    Service scanning
18:25:18.664    Modules scanning
18:25:18.686    Disk 0 trace - called modules:
18:25:18.746    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 
18:25:18.756    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e1590]
18:25:18.765    3 CLASSPNP.SYS[fffff880017c043f] -> nt!IofCallDriver -> [0xfffffa80033e1040]
18:25:18.774    5 hpdskflt.sys[fffff88001c0b189] -> nt!IofCallDriver -> [0xfffffa8003227980]
18:25:18.780    7 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003247050]
18:25:19.910    AVAST engine scan C:\Windows
18:25:22.367    AVAST engine scan C:\Windows\system32
18:27:53.218    AVAST engine scan C:\Windows\system32\drivers
18:28:08.874    AVAST engine scan C:\Users\Test
18:39:42.980    AVAST engine scan C:\ProgramData
18:41:05.124    Scan finished successfully
18:41:31.698    Disk 0 MBR has been saved successfully to "C:\Users\Test\Desktop\MBR.dat"
18:41:31.705    The log file has been saved successfully to "C:\Users\Test\Desktop\aswMBR.txt"

Antwort
Seite 2 von 3 1 2 3

Themen zu Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, abgesicherten, acrobat update, alternate, appdata, board, datei, device driver, durchgeführt, entdeck, folge, folgen, gestartet, google earth, install.exe, konnte, langs, malwarebytes, modus, neustart, nichts, plug-in, rechner, scan, searchscopes, security scan, sierra, sofort, temp, tool, trojaner, trojaner board, virus, windows, würde, übrig


« Trojaner Security Shield sicher vom System entfernt? | TR/Kazy.58415.21 »


Ähnliche Themen: Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


  1. TR/BitCoinMiner.Gen und ander TR Viren in C:/User/Jannis/Appdata/Local/Temp/msupdate
    Log-Analyse und Auswertung - 08.10.2015 (13)
  2. C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem
    Log-Analyse und Auswertung - 07.09.2014 (6)
  3. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  4. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\a.....\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 05.10.2013 (10)
  5. Virus: Win32.Trojan.Agent.KV5KTJ gefunden in Datei: C:\User\xx\AppData\Local\Temp\is1070216317\798896_Setup.EXE
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (11)
  6. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  7. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  8. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  9. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  10. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  11. Fehlermeldung:"Problem beim Starten von C:\Users\user\AppData\Local\Temp\ch810.exe"
    Log-Analyse und Auswertung - 14.05.2012 (27)
  12. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 20.04.2012 (10)
  13. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 11.04.2012 (22)
  14. (2x) Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Mülltonne - 06.04.2012 (0)
  15. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  16. Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (18)
  17. TR/Crypt.XPACK.Gen in C:\User\***\AppData\Local\Temp\...\http.dll
    Log-Analyse und Auswertung - 10.11.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Zitat: Zitat von cosinus Schmeiß DivX runter wenn du es nicht mehr brauchst würde ich ja gerne, aber es gibt keine Deinstallationsroutine des Paketes... soll ich in der Registry die - Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe...
Archiv
Du betrachtest: Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129