Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.03.2013, 12:48   #1
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo,

habe durch geistige Umnachtung die Telekom Mail mit der Rechnung geöffnet und sogar den Anhang ausgeführt.Sowas ist mir noch nie passiert, aber jammern hilft jetzt auch nicht mehr.
Ich verwende Security Essentials und halte eigentlich alle Programme auf dem neuesten Stand.

Ich kann seit dem Öffnen des Anhangs keinerlei Änderungen an meinem System feststellen.
Es ist schon ein paar Tage her, ich habe erst gestern Abend durch Zufall von dem Trojaner in dem PDF gelesen. Hier die logs der Programme wie in der Anleitung. Ich hoffe ihr könnt mir helfen.

Kompletter Scan mit Security Essentials brachte keinerlei Meldung.
Die logs kann ich nicht mit [Code] einfügen, weil Post dann zu lang wird. Oder soll ich die erst
auf Anweisung posten ? Sorry ist mein erstes Mal

Vielen Dank im Voraus
Eure Dachratte

Alt 05.03.2013, 14:29   #2
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo und

hi öffne mal den Adobe reader und schaue, welche Version du nutzt

hast du diese PDF-Datei noch? Wenn ja, lad sie mal hoch http://www.trojaner-board.de/54791-a...tml#post349565

Alternativ bzw. zusätzlich kannst du diese Mail an an Markus schicken => markusg - trojaner-board.de
__________________

__________________

Geändert von Da GuRu (14.06.2013 um 13:16 Uhr)

Alt 05.03.2013, 14:37   #3
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo,

erst mal vielen Dank für die superschnelle Reaktion. Damit hatte ich gar nicht gerechnet.
Die Mail bzw. den Anhang habe ich nicht mehr. Hatte ich dann sofort gelöscht als ich gemerkt habe, dass die Rechnung nicht für uns. bzw. korrekt war.

Acrobat Reader Versionsinformationen (sind ja mehrere wenn man sich durchklickt) habe ich mal alle rausgeschrieben,

Version 11.0.2
Version 11.0.01.36
AGM Version 4.28.131
Cool Type Version 5.11.131
Basisversion 11.1
JP2K Version 2.0.0.26752

Gruß
Dachratte
__________________

Alt 05.03.2013, 18:26   #4
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



dann sollte alles sauber sein, wir gucken mal
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 19:00   #5
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo,

hier der log von TDSSKiller

Code:
ATTFilter
18:57:09.0570 6444  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:57:09.0691 6444  ============================================================
18:57:09.0691 6444  Current date / time: 2013/03/05 18:57:09.0691
18:57:09.0691 6444  SystemInfo:
18:57:09.0691 6444  
18:57:09.0691 6444  OS Version: 6.1.7601 ServicePack: 1.0
18:57:09.0691 6444  Product type: Workstation
18:57:09.0691 6444  ComputerName: RON-LAP
18:57:09.0691 6444  UserName: ron
18:57:09.0691 6444  Windows directory: C:\Windows
18:57:09.0691 6444  System windows directory: C:\Windows
18:57:09.0691 6444  Running under WOW64
18:57:09.0691 6444  Processor architecture: Intel x64
18:57:09.0691 6444  Number of processors: 8
18:57:09.0691 6444  Page size: 0x1000
18:57:09.0691 6444  Boot type: Normal boot
18:57:09.0691 6444  ============================================================
18:57:10.0082 6444  Drive \Device\Harddisk1\DR1 - Size: 0xE38000 (0.01 Gb), SectorSize: 0x200, Cylinders: 0x1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
18:57:10.0083 6444  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:57:10.0089 6444  Drive \Device\Harddisk1\DR1 - Size: 0xE38000 (0.01 Gb), SectorSize: 0x200, Cylinders: 0x1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:57:10.0091 6444  ============================================================
18:57:10.0091 6444  \Device\Harddisk1\DR1:
18:57:10.0091 6444  MBR partitions:
18:57:10.0091 6444  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x1, StartLBA 0x39, BlocksNum 0x7187
18:57:10.0091 6444  \Device\Harddisk0\DR0:
18:57:10.0092 6444  MBR partitions:
18:57:10.0092 6444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:57:10.0092 6444  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
18:57:10.0092 6444  \Device\Harddisk1\DR1:
18:57:10.0092 6444  MBR partitions:
18:57:10.0092 6444  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x1, StartLBA 0x39, BlocksNum 0x7187
18:57:10.0092 6444  ============================================================
18:57:10.0093 6444  C: <-> \Device\Harddisk0\DR0\Partition2
18:57:10.0093 6444  ============================================================
18:57:10.0093 6444  Initialize success
18:57:10.0093 6444  ============================================================
18:57:45.0387 2436  ============================================================
18:57:45.0387 2436  Scan started
18:57:45.0387 2436  Mode: Manual; SigCheck; TDLFS; 
18:57:45.0387 2436  ============================================================
18:57:45.0493 2436  ================ Scan system memory ========================
18:57:45.0493 2436  System memory - ok
18:57:45.0494 2436  ================ Scan services =============================
18:57:45.0532 2436  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:57:45.0571 2436  1394ohci - ok
18:57:45.0576 2436  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:57:45.0588 2436  ACPI - ok
18:57:45.0591 2436  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:57:45.0603 2436  AcpiPmi - ok
18:57:45.0615 2436  [ 5C612044C7C9786D49C6BEC1BED33232 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:57:45.0638 2436  AcrSch2Svc - ok
18:57:45.0642 2436  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:57:45.0650 2436  AdobeARMservice - ok
18:57:45.0674 2436  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:45.0685 2436  AdobeFlashPlayerUpdateSvc - ok
18:57:45.0692 2436  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:45.0707 2436  adp94xx - ok
18:57:45.0712 2436  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:57:45.0724 2436  adpahci - ok
18:57:45.0728 2436  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:57:45.0739 2436  adpu320 - ok
18:57:45.0743 2436  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:57:45.0772 2436  AeLookupSvc - ok
18:57:45.0775 2436  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:57:45.0782 2436  AERTFilters - ok
18:57:45.0788 2436  [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
18:57:45.0801 2436  afcdp - ok
18:57:45.0828 2436  [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:57:45.0885 2436  afcdpsrv - ok
18:57:45.0892 2436  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:57:45.0906 2436  AFD - ok
18:57:45.0909 2436  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:57:45.0918 2436  agp440 - ok
18:57:45.0921 2436  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:57:45.0931 2436  ALG - ok
18:57:45.0933 2436  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:57:45.0941 2436  aliide - ok
18:57:45.0944 2436  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:57:45.0952 2436  amdide - ok
18:57:45.0955 2436  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:57:45.0964 2436  AmdK8 - ok
18:57:45.0967 2436  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:57:45.0977 2436  AmdPPM - ok
18:57:45.0980 2436  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:57:45.0990 2436  amdsata - ok
18:57:45.0994 2436  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:46.0005 2436  amdsbs - ok
18:57:46.0008 2436  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:57:46.0015 2436  amdxata - ok
18:57:46.0020 2436  [ 18A8E8A19CD826D31D2E74E740220001 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
18:57:46.0031 2436  AMPPAL - ok
18:57:46.0035 2436  [ 18A8E8A19CD826D31D2E74E740220001 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
18:57:46.0044 2436  AMPPALP - ok
18:57:46.0053 2436  [ B4837176B2DBBC8E3D6F31D4853EEAEB ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:57:46.0068 2436  AMPPALR3 - ok
18:57:46.0071 2436  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:57:46.0099 2436  AppID - ok
18:57:46.0102 2436  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:57:46.0131 2436  AppIDSvc - ok
18:57:46.0134 2436  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:57:46.0161 2436  Appinfo - ok
18:57:46.0165 2436  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:46.0174 2436  Apple Mobile Device - ok
18:57:46.0177 2436  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:57:46.0186 2436  arc - ok
18:57:46.0189 2436  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:57:46.0198 2436  arcsas - ok
18:57:46.0209 2436  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:57:46.0217 2436  aspnet_state - ok
18:57:46.0219 2436  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:46.0248 2436  AsyncMac - ok
18:57:46.0250 2436  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:57:46.0258 2436  atapi - ok
18:57:46.0267 2436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:57:46.0301 2436  AudioEndpointBuilder - ok
18:57:46.0309 2436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:57:46.0341 2436  AudioSrv - ok
18:57:46.0359 2436  [ FD6D09D43563322543134D2C0136B41B ] AVer7231_x64    C:\Windows\system32\DRIVERS\AVer7231_x64.sys
18:57:46.0399 2436  AVer7231_x64 - ok
18:57:46.0403 2436  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:57:46.0417 2436  AxInstSV - ok
18:57:46.0423 2436  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:57:46.0436 2436  b06bdrv - ok
18:57:46.0441 2436  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:57:46.0453 2436  b57nd60a - ok
18:57:46.0457 2436  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:57:46.0467 2436  BDESVC - ok
18:57:46.0470 2436  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:57:46.0497 2436  Beep - ok
18:57:46.0506 2436  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:57:46.0540 2436  BFE - ok
18:57:46.0550 2436  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:57:46.0587 2436  BITS - ok
18:57:46.0590 2436  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:46.0599 2436  blbdrive - ok
18:57:46.0609 2436  [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:57:46.0626 2436  Bluetooth Device Monitor - ok
18:57:46.0639 2436  [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:57:46.0661 2436  Bluetooth Media Service - ok
18:57:46.0671 2436  [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:57:46.0689 2436  Bluetooth OBEX Service - ok
18:57:46.0695 2436  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:57:46.0707 2436  Bonjour Service - ok
18:57:46.0710 2436  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:57:46.0720 2436  bowser - ok
18:57:46.0723 2436  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:46.0734 2436  BrFiltLo - ok
18:57:46.0736 2436  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:46.0748 2436  BrFiltUp - ok
18:57:46.0751 2436  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:57:46.0762 2436  Browser - ok
18:57:46.0767 2436  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:57:46.0779 2436  Brserid - ok
18:57:46.0782 2436  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:46.0793 2436  BrSerWdm - ok
18:57:46.0796 2436  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:46.0806 2436  BrUsbMdm - ok
18:57:46.0809 2436  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:46.0819 2436  BrUsbSer - ok
18:57:46.0822 2436  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:57:46.0832 2436  BthEnum - ok
18:57:46.0835 2436  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:46.0846 2436  BTHMODEM - ok
18:57:46.0850 2436  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:57:46.0863 2436  BthPan - ok
18:57:46.0869 2436  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:57:46.0884 2436  BTHPORT - ok
18:57:46.0887 2436  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:57:46.0916 2436  bthserv - ok
18:57:46.0919 2436  [ B9D49E4288F56C053B4C12D2F9042948 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:57:46.0927 2436  BTHSSecurityMgr - ok
18:57:46.0930 2436  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:57:46.0939 2436  BTHUSB - ok
18:57:46.0942 2436  [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
18:57:46.0951 2436  btmaux - ok
18:57:46.0956 2436  [ 5BA4C6F82A5CA3307C0579D9F7B36E28 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
18:57:46.0966 2436  btmhsf - ok
18:57:46.0969 2436  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:57:46.0997 2436  cdfs - ok
18:57:47.0001 2436  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:57:47.0012 2436  cdrom - ok
18:57:47.0015 2436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:57:47.0043 2436  CertPropSvc - ok
18:57:47.0045 2436  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:57:47.0057 2436  circlass - ok
18:57:47.0062 2436  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:57:47.0075 2436  CLFS - ok
18:57:47.0080 2436  [ FC9946B9121978E38943C2D20F129377 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
18:57:47.0091 2436  CLKMSVC10_9EC60124 - ok
18:57:47.0097 2436  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:47.0105 2436  clr_optimization_v2.0.50727_32 - ok
18:57:47.0110 2436  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:57:47.0119 2436  clr_optimization_v2.0.50727_64 - ok
18:57:47.0128 2436  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:47.0137 2436  clr_optimization_v4.0.30319_32 - ok
18:57:47.0139 2436  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:57:47.0148 2436  clr_optimization_v4.0.30319_64 - ok
18:57:47.0151 2436  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:47.0161 2436  CmBatt - ok
18:57:47.0163 2436  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:57:47.0171 2436  cmdide - ok
18:57:47.0177 2436  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
18:57:47.0196 2436  CNG - ok
18:57:47.0199 2436  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:57:47.0207 2436  Compbatt - ok
18:57:47.0210 2436  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:57:47.0226 2436  CompositeBus - ok
18:57:47.0228 2436  COMSysApp - ok
18:57:47.0261 2436  [ 4F19119C392210244FC0108E76939DC5 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:57:47.0273 2436  cphs - ok
18:57:47.0276 2436  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:47.0284 2436  crcdisk - ok
18:57:47.0290 2436  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:57:47.0301 2436  CryptSvc - ok
18:57:47.0309 2436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:57:47.0343 2436  DcomLaunch - ok
18:57:47.0348 2436  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:57:47.0380 2436  defragsvc - ok
18:57:47.0383 2436  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:57:47.0411 2436  DfsC - ok
18:57:47.0417 2436  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:57:47.0429 2436  Dhcp - ok
18:57:47.0432 2436  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:57:47.0460 2436  discache - ok
18:57:47.0463 2436  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:57:47.0472 2436  Disk - ok
18:57:47.0477 2436  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:57:47.0489 2436  Dnscache - ok
18:57:47.0493 2436  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:57:47.0522 2436  dot3svc - ok
18:57:47.0526 2436  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:57:47.0555 2436  DPS - ok
18:57:47.0558 2436  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:57:47.0569 2436  drmkaud - ok
18:57:47.0579 2436  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:57:47.0598 2436  DXGKrnl - ok
18:57:47.0602 2436  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:57:47.0631 2436  EapHost - ok
18:57:47.0660 2436  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:57:47.0703 2436  ebdrv - ok
18:57:47.0706 2436  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:57:47.0716 2436  EFS - ok
18:57:47.0725 2436  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:57:47.0741 2436  ehRecvr - ok
18:57:47.0744 2436  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:57:47.0754 2436  ehSched - ok
18:57:47.0761 2436  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:57:47.0776 2436  elxstor - ok
18:57:47.0779 2436  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:57:47.0788 2436  ErrDev - ok
18:57:47.0796 2436  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:57:47.0828 2436  EventSystem - ok
18:57:47.0837 2436  [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:57:47.0851 2436  EvtEng - ok
18:57:47.0856 2436  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:57:47.0886 2436  exfat - ok
18:57:47.0890 2436  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:57:47.0919 2436  fastfat - ok
18:57:47.0927 2436  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:57:47.0943 2436  Fax - ok
18:57:47.0946 2436  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:57:47.0956 2436  fdc - ok
18:57:47.0959 2436  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:57:47.0987 2436  fdPHost - ok
18:57:47.0989 2436  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:57:48.0018 2436  FDResPub - ok
18:57:48.0021 2436  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:57:48.0029 2436  FileInfo - ok
18:57:48.0032 2436  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:57:48.0060 2436  Filetrace - ok
18:57:48.0062 2436  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:48.0072 2436  flpydisk - ok
18:57:48.0076 2436  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:57:48.0088 2436  FltMgr - ok
18:57:48.0092 2436  [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
18:57:48.0100 2436  fltsrv - ok
18:57:48.0111 2436  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:57:48.0133 2436  FontCache - ok
18:57:48.0136 2436  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:57:48.0143 2436  FontCache3.0.0.0 - ok
18:57:48.0145 2436  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:57:48.0154 2436  FsDepends - ok
18:57:48.0157 2436  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:57:48.0164 2436  Fs_Rec - ok
18:57:48.0169 2436  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:57:48.0182 2436  fvevol - ok
18:57:48.0185 2436  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:48.0194 2436  gagp30kx - ok
18:57:48.0196 2436  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:57:48.0202 2436  GEARAspiWDM - ok
18:57:48.0211 2436  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:57:48.0246 2436  gpsvc - ok
18:57:48.0250 2436  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:48.0258 2436  gupdate - ok
18:57:48.0260 2436  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:48.0267 2436  gupdatem - ok
18:57:48.0270 2436  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:57:48.0279 2436  hcw85cir - ok
18:57:48.0285 2436  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:57:48.0300 2436  HdAudAddService - ok
18:57:48.0303 2436  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:57:48.0316 2436  HDAudBus - ok
18:57:48.0318 2436  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:57:48.0328 2436  HidBatt - ok
18:57:48.0331 2436  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:57:48.0343 2436  HidBth - ok
18:57:48.0346 2436  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:57:48.0358 2436  HidIr - ok
18:57:48.0361 2436  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:57:48.0390 2436  hidserv - ok
18:57:48.0393 2436  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:57:48.0403 2436  HidUsb - ok
18:57:48.0406 2436  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:57:48.0435 2436  hkmsvc - ok
18:57:48.0439 2436  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:57:48.0451 2436  HomeGroupListener - ok
18:57:48.0455 2436  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:57:48.0466 2436  HomeGroupProvider - ok
18:57:48.0469 2436  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:57:48.0478 2436  HpSAMD - ok
18:57:48.0486 2436  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:57:48.0520 2436  HTTP - ok
18:57:48.0523 2436  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:57:48.0531 2436  hwpolicy - ok
18:57:48.0534 2436  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:57:48.0544 2436  i8042prt - ok
18:57:48.0551 2436  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:57:48.0563 2436  iaStor - ok
18:57:48.0567 2436  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:57:48.0572 2436  IAStorDataMgrSvc - ok
18:57:48.0578 2436  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:57:48.0591 2436  iaStorV - ok
18:57:48.0594 2436  [ 806422F30DF9CE8307457485779C77B7 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:57:48.0603 2436  iBtFltCoex - ok
18:57:48.0606 2436  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
18:57:48.0615 2436  ICCS - ok
18:57:48.0624 2436  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:57:48.0643 2436  idsvc - ok
18:57:48.0686 2436  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:57:48.0751 2436  igfx - ok
18:57:48.0755 2436  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:57:48.0764 2436  iirsp - ok
18:57:48.0773 2436  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:57:48.0809 2436  IKEEXT - ok
18:57:48.0833 2436  [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:57:48.0871 2436  IntcAzAudAddService - ok
18:57:48.0878 2436  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:57:48.0889 2436  IntcDAud - ok
18:57:48.0891 2436  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:57:48.0899 2436  intelide - ok
18:57:48.0902 2436  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:57:48.0912 2436  intelppm - ok
18:57:48.0915 2436  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:57:48.0945 2436  IPBusEnum - ok
18:57:48.0948 2436  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:48.0975 2436  IpFilterDriver - ok
18:57:48.0982 2436  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:57:48.0997 2436  iphlpsvc - ok
18:57:49.0000 2436  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:57:49.0010 2436  IPMIDRV - ok
18:57:49.0014 2436  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:57:49.0043 2436  IPNAT - ok
18:57:49.0050 2436  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:57:49.0065 2436  iPod Service - ok
18:57:49.0067 2436  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:57:49.0080 2436  IRENUM - ok
18:57:49.0083 2436  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:57:49.0091 2436  isapnp - ok
18:57:49.0096 2436  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:57:49.0108 2436  iScsiPrt - ok
18:57:49.0112 2436  [ E56417C56B6A7316B6F527C890A1860D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
18:57:49.0120 2436  JMCR - ok
18:57:49.0123 2436  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:57:49.0131 2436  kbdclass - ok
18:57:49.0133 2436  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:57:49.0143 2436  kbdhid - ok
18:57:49.0145 2436  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:57:49.0154 2436  KeyIso - ok
18:57:49.0157 2436  [ 322CD7A01A961D94C6EAB640D6427504 ] KOBCCEX         C:\Windows\system32\drivers\KOBCCEX.sys
18:57:49.0165 2436  KOBCCEX - ok
18:57:49.0168 2436  [ 000200AD75DE8363546EECAFF77980FE ] KOBCCID         C:\Windows\system32\drivers\KOBCCID.sys
18:57:49.0177 2436  KOBCCID - ok
18:57:49.0180 2436  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:57:49.0189 2436  KSecDD - ok
18:57:49.0193 2436  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:57:49.0202 2436  KSecPkg - ok
18:57:49.0205 2436  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:57:49.0233 2436  ksthunk - ok
18:57:49.0238 2436  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:57:49.0270 2436  KtmRm - ok
18:57:49.0275 2436  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:57:49.0306 2436  LanmanServer - ok
18:57:49.0310 2436  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:57:49.0340 2436  LanmanWorkstation - ok
18:57:49.0344 2436  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:57:49.0373 2436  lltdio - ok
18:57:49.0378 2436  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:57:49.0410 2436  lltdsvc - ok
18:57:49.0413 2436  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:57:49.0441 2436  lmhosts - ok
18:57:49.0446 2436  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:57:49.0455 2436  LSI_FC - ok
18:57:49.0458 2436  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:57:49.0467 2436  LSI_SAS - ok
18:57:49.0470 2436  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:57:49.0479 2436  LSI_SAS2 - ok
18:57:49.0482 2436  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:57:49.0492 2436  LSI_SCSI - ok
18:57:49.0495 2436  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:57:49.0523 2436  luafv - ok
18:57:49.0527 2436  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:57:49.0537 2436  Mcx2Svc - ok
18:57:49.0540 2436  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:57:49.0548 2436  megasas - ok
18:57:49.0554 2436  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:57:49.0566 2436  MegaSR - ok
18:57:49.0569 2436  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:57:49.0575 2436  MEIx64 - ok
18:57:49.0578 2436  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:57:49.0607 2436  MMCSS - ok
18:57:49.0610 2436  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:57:49.0637 2436  Modem - ok
18:57:49.0640 2436  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:57:49.0651 2436  monitor - ok
18:57:49.0653 2436  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:57:49.0662 2436  mouclass - ok
18:57:49.0664 2436  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:57:49.0674 2436  mouhid - ok
18:57:49.0677 2436  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:57:49.0686 2436  mountmgr - ok
18:57:49.0690 2436  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:57:49.0703 2436  MpFilter - ok
18:57:49.0707 2436  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:57:49.0717 2436  mpio - ok
18:57:49.0720 2436  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:57:49.0748 2436  mpsdrv - ok
18:57:49.0758 2436  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:57:49.0793 2436  MpsSvc - ok
18:57:49.0797 2436  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:57:49.0812 2436  MRxDAV - ok
18:57:49.0816 2436  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:49.0827 2436  mrxsmb - ok
18:57:49.0832 2436  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:49.0844 2436  mrxsmb10 - ok
18:57:49.0847 2436  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:49.0857 2436  mrxsmb20 - ok
18:57:49.0860 2436  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:57:49.0868 2436  msahci - ok
18:57:49.0871 2436  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:57:49.0881 2436  msdsm - ok
18:57:49.0885 2436  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:57:49.0897 2436  MSDTC - ok
18:57:49.0902 2436  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:57:49.0930 2436  Msfs - ok
18:57:49.0933 2436  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:57:49.0961 2436  mshidkmdf - ok
18:57:49.0964 2436  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:57:49.0971 2436  msisadrv - ok
18:57:49.0975 2436  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:57:50.0005 2436  MSiSCSI - ok
18:57:50.0007 2436  msiserver - ok
18:57:50.0010 2436  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:57:50.0039 2436  MSKSSRV - ok
18:57:50.0042 2436  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:57:50.0050 2436  MsMpSvc - ok
18:57:50.0052 2436  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:50.0081 2436  MSPCLOCK - ok
18:57:50.0083 2436  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:57:50.0111 2436  MSPQM - ok
18:57:50.0117 2436  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:57:50.0130 2436  MsRPC - ok
18:57:50.0134 2436  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:57:50.0142 2436  mssmbios - ok
18:57:50.0145 2436  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:57:50.0172 2436  MSTEE - ok
18:57:50.0175 2436  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:57:50.0184 2436  MTConfig - ok
18:57:50.0187 2436  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:57:50.0195 2436  Mup - ok
18:57:50.0200 2436  [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:57:50.0208 2436  MyWiFiDHCPDNS - ok
18:57:50.0215 2436  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:57:50.0248 2436  napagent - ok
18:57:50.0253 2436  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:57:50.0269 2436  NativeWifiP - ok
18:57:50.0280 2436  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:57:50.0300 2436  NDIS - ok
18:57:50.0303 2436  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:57:50.0332 2436  NdisCap - ok
18:57:50.0334 2436  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:50.0362 2436  NdisTapi - ok
18:57:50.0365 2436  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:50.0393 2436  Ndisuio - ok
18:57:50.0397 2436  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:50.0427 2436  NdisWan - ok
18:57:50.0430 2436  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:57:50.0457 2436  NDProxy - ok
18:57:50.0460 2436  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
18:57:50.0468 2436  Netaapl - ok
18:57:50.0471 2436  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:57:50.0499 2436  NetBIOS - ok
18:57:50.0503 2436  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:57:50.0533 2436  NetBT - ok
18:57:50.0536 2436  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:57:50.0545 2436  Netlogon - ok
18:57:50.0551 2436  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:57:50.0584 2436  Netman - ok
18:57:50.0596 2436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0604 2436  NetMsmqActivator - ok
18:57:50.0608 2436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0616 2436  NetPipeActivator - ok
18:57:50.0622 2436  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:57:50.0655 2436  netprofm - ok
18:57:50.0659 2436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0666 2436  NetTcpActivator - ok
18:57:50.0669 2436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0677 2436  NetTcpPortSharing - ok
18:57:50.0775 2436  [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
18:57:50.0900 2436  NETwNs64 - ok
18:57:50.0905 2436  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:57:50.0913 2436  nfrd960 - ok
18:57:50.0917 2436  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:57:50.0926 2436  NisDrv - ok
18:57:50.0931 2436  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:57:50.0945 2436  NisSrv - ok
18:57:50.0950 2436  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:57:50.0962 2436  NlaSvc - ok
18:57:50.0965 2436  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:57:50.0993 2436  Npfs - ok
18:57:50.0996 2436  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:57:51.0025 2436  nsi - ok
18:57:51.0027 2436  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:57:51.0055 2436  nsiproxy - ok
18:57:51.0072 2436  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:57:51.0103 2436  Ntfs - ok
18:57:51.0106 2436  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:57:51.0134 2436  Null - ok
18:57:51.0137 2436  [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:57:51.0145 2436  nusb3hub - ok
18:57:51.0149 2436  [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:57:51.0158 2436  nusb3xhc - ok
18:57:51.0163 2436  [ 37DB55A42EAD9ED89B1883875F544B56 ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
18:57:51.0173 2436  nvkflt - ok
18:57:51.0261 2436  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:57:51.0395 2436  nvlddmkm - ok
18:57:51.0400 2436  [ EB12E165FD233F2DDC47B11423186177 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:57:51.0407 2436  nvpciflt - ok
18:57:51.0411 2436  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:57:51.0421 2436  nvraid - ok
18:57:51.0424 2436  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:57:51.0435 2436  nvstor - ok
18:57:51.0445 2436  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:57:51.0464 2436  nvsvc - ok
18:57:51.0477 2436  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:57:51.0501 2436  nvUpdatusService - ok
18:57:51.0505 2436  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:57:51.0514 2436  nv_agp - ok
18:57:51.0517 2436  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:57:51.0527 2436  ohci1394 - ok
18:57:51.0531 2436  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:51.0539 2436  ose - ok
18:57:51.0578 2436  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:57:51.0652 2436  osppsvc - ok
18:57:51.0660 2436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:57:51.0673 2436  p2pimsvc - ok
18:57:51.0680 2436  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:57:51.0694 2436  p2psvc - ok
18:57:51.0697 2436  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:57:51.0708 2436  Parport - ok
18:57:51.0711 2436  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:57:51.0720 2436  partmgr - ok
18:57:51.0724 2436  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:57:51.0739 2436  PcaSvc - ok
18:57:51.0743 2436  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:57:51.0753 2436  pci - ok
18:57:51.0756 2436  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:57:51.0764 2436  pciide - ok
18:57:51.0768 2436  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:57:51.0779 2436  pcmcia - ok
18:57:51.0782 2436  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:57:51.0791 2436  pcw - ok
18:57:51.0803 2436  [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
18:57:51.0827 2436  PDF Architect Helper Service - ok
18:57:51.0836 2436  [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
18:57:51.0852 2436  PDF Architect Service - ok
18:57:51.0860 2436  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:57:51.0895 2436  PEAUTH - ok
18:57:51.0933 2436  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:57:51.0943 2436  PerfHost - ok
18:57:51.0961 2436  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:57:52.0002 2436  pla - ok
18:57:52.0008 2436  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:57:52.0022 2436  PlugPlay - ok
18:57:52.0025 2436  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:57:52.0035 2436  PNRPAutoReg - ok
18:57:52.0040 2436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:57:52.0052 2436  PNRPsvc - ok
18:57:52.0058 2436  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:57:52.0091 2436  PolicyAgent - ok
18:57:52.0096 2436  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:57:52.0127 2436  Power - ok
18:57:52.0130 2436  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:57:52.0159 2436  PptpMiniport - ok
18:57:52.0162 2436  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:57:52.0172 2436  Processor - ok
18:57:52.0176 2436  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:57:52.0187 2436  ProfSvc - ok
18:57:52.0190 2436  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:57:52.0199 2436  ProtectedStorage - ok
18:57:52.0203 2436  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:57:52.0231 2436  Psched - ok
18:57:52.0234 2436  [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
18:57:52.0240 2436  qicflt - ok
18:57:52.0255 2436  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:57:52.0284 2436  ql2300 - ok
18:57:52.0287 2436  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:57:52.0297 2436  ql40xx - ok
18:57:52.0301 2436  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:57:52.0317 2436  QWAVE - ok
18:57:52.0320 2436  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:57:52.0333 2436  QWAVEdrv - ok
18:57:52.0336 2436  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:57:52.0365 2436  RasAcd - ok
18:57:52.0368 2436  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:57:52.0396 2436  RasAgileVpn - ok
18:57:52.0399 2436  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:57:52.0430 2436  RasAuto - ok
18:57:52.0433 2436  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:52.0462 2436  Rasl2tp - ok
18:57:52.0467 2436  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:57:52.0499 2436  RasMan - ok
18:57:52.0502 2436  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:52.0531 2436  RasPppoe - ok
18:57:52.0535 2436  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:57:52.0564 2436  RasSstp - ok
18:57:52.0569 2436  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:57:52.0599 2436  rdbss - ok
18:57:52.0602 2436  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:57:52.0614 2436  rdpbus - ok
18:57:52.0617 2436  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:52.0645 2436  RDPCDD - ok
18:57:52.0649 2436  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:57:52.0676 2436  RDPENCDD - ok
18:57:52.0680 2436  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:57:52.0707 2436  RDPREFMP - ok
18:57:52.0713 2436  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:57:52.0723 2436  RdpVideoMiniport - ok
18:57:52.0727 2436  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:57:52.0738 2436  RDPWD - ok
18:57:52.0742 2436  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:57:52.0753 2436  rdyboost - ok
18:57:52.0757 2436  [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:57:52.0766 2436  RegSrvc - ok
18:57:52.0769 2436  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:57:52.0800 2436  RemoteAccess - ok
18:57:52.0804 2436  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:57:52.0834 2436  RemoteRegistry - ok
18:57:52.0838 2436  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:57:52.0851 2436  RFCOMM - ok
18:57:52.0854 2436  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:57:52.0883 2436  RpcEptMapper - ok
18:57:52.0886 2436  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:57:52.0896 2436  RpcLocator - ok
18:57:52.0902 2436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:57:52.0934 2436  RpcSs - ok
18:57:52.0938 2436  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:57:52.0967 2436  rspndr - ok
18:57:52.0974 2436  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:57:52.0987 2436  RTL8167 - ok
18:57:52.0990 2436  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:57:52.0999 2436  SamSs - ok
18:57:53.0002 2436  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:57:53.0011 2436  sbp2port - ok
18:57:53.0016 2436  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:57:53.0047 2436  SCardSvr - ok
18:57:53.0050 2436  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:57:53.0078 2436  scfilter - ok
18:57:53.0089 2436  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:57:53.0130 2436  Schedule - ok
18:57:53.0133 2436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:57:53.0161 2436  SCPolicySvc - ok
18:57:53.0165 2436  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:57:53.0178 2436  sdbus - ok
18:57:53.0182 2436  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:57:53.0193 2436  SDRSVC - ok
18:57:53.0196 2436  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:57:53.0225 2436  secdrv - ok
18:57:53.0228 2436  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:57:53.0256 2436  seclogon - ok
18:57:53.0259 2436  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:57:53.0289 2436  SENS - ok
18:57:53.0292 2436  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:57:53.0302 2436  SensrSvc - ok
18:57:53.0304 2436  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:57:53.0314 2436  Serenum - ok
18:57:53.0317 2436  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:57:53.0328 2436  Serial - ok
18:57:53.0331 2436  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:57:53.0340 2436  sermouse - ok
18:57:53.0347 2436  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:57:53.0377 2436  SessionEnv - ok
18:57:53.0380 2436  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:57:53.0389 2436  sffdisk - ok
18:57:53.0392 2436  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:57:53.0401 2436  sffp_mmc - ok
18:57:53.0403 2436  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:57:53.0414 2436  sffp_sd - ok
18:57:53.0417 2436  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:57:53.0426 2436  sfloppy - ok
18:57:53.0431 2436  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:57:53.0464 2436  SharedAccess - ok
18:57:53.0470 2436  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:57:53.0502 2436  ShellHWDetection - ok
18:57:53.0505 2436  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:57:53.0514 2436  SiSRaid2 - ok
18:57:53.0517 2436  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:57:53.0526 2436  SiSRaid4 - ok
18:57:53.0529 2436  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:57:53.0538 2436  SkypeUpdate - ok
18:57:53.0541 2436  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:57:53.0570 2436  Smb - ok
18:57:53.0578 2436  [ FDB6E127DF739D4911319F0C8D339CAF ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
18:57:53.0589 2436  snapman - ok
18:57:53.0592 2436  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:57:53.0603 2436  SNMPTRAP - ok
18:57:53.0606 2436  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:57:53.0614 2436  spldr - ok
18:57:53.0621 2436  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:57:53.0637 2436  Spooler - ok
18:57:53.0667 2436  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:57:53.0731 2436  sppsvc - ok
18:57:53.0734 2436  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:57:53.0764 2436  sppuinotify - ok
18:57:53.0770 2436  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:57:53.0783 2436  srv - ok
18:57:53.0790 2436  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:57:53.0802 2436  srv2 - ok
18:57:53.0806 2436  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:57:53.0816 2436  srvnet - ok
18:57:53.0820 2436  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:57:53.0852 2436  SSDPSRV - ok
18:57:53.0855 2436  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:57:53.0885 2436  SstpSvc - ok
18:57:53.0888 2436  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:57:53.0896 2436  stexstor - ok
18:57:53.0904 2436  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:57:53.0924 2436  stisvc - ok
18:57:53.0926 2436  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:57:53.0934 2436  swenum - ok
18:57:53.0942 2436  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:57:53.0955 2436  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:57:53.0955 2436  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:57:53.0962 2436  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:57:53.0996 2436  swprv - ok
18:57:54.0055 2436  [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
18:57:54.0158 2436  syncagentsrv - ok
18:57:54.0174 2436  [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:57:54.0197 2436  SynTP - ok
18:57:54.0214 2436  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:57:54.0246 2436  SysMain - ok
18:57:54.0250 2436  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:57:54.0265 2436  TabletInputService - ok
18:57:54.0270 2436  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:57:54.0302 2436  TapiSrv - ok
18:57:54.0305 2436  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:57:54.0335 2436  TBS - ok
18:57:54.0353 2436  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:57:54.0388 2436  Tcpip - ok
18:57:54.0405 2436  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:57:54.0436 2436  TCPIP6 - ok
18:57:54.0440 2436  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:57:54.0449 2436  tcpipreg - ok
18:57:54.0453 2436  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:57:54.0462 2436  TDPIPE - ok
18:57:54.0475 2436  [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
18:57:54.0499 2436  tdrpman - ok
18:57:54.0502 2436  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:57:54.0511 2436  TDTCP - ok
18:57:54.0515 2436  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:57:54.0543 2436  tdx - ok
18:57:54.0546 2436  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:57:54.0555 2436  TermDD - ok
18:57:54.0563 2436  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:57:54.0598 2436  TermService - ok
18:57:54.0601 2436  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:57:54.0615 2436  Themes - ok
18:57:54.0618 2436  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:57:54.0647 2436  THREADORDER - ok
18:57:54.0657 2436  [ 31C9790525705B292F3B30F6676873CD ] tib_mounter     C:\Windows\system32\DRIVERS\tib_mounter.sys
18:57:54.0678 2436  tib_mounter - ok
18:57:54.0682 2436  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:57:54.0713 2436  TrkWks - ok
18:57:54.0717 2436  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:57:54.0746 2436  TrustedInstaller - ok
18:57:54.0750 2436  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:57:54.0778 2436  tssecsrv - ok
18:57:54.0782 2436  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:57:54.0792 2436  TsUsbFlt - ok
18:57:54.0795 2436  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:57:54.0824 2436  tunnel - ok
18:57:54.0827 2436  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
18:57:54.0841 2436  TurboB - ok
18:57:54.0845 2436  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:57:54.0853 2436  TurboBoost - ok
18:57:54.0856 2436  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:57:54.0865 2436  uagp35 - ok
18:57:54.0870 2436  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:57:54.0901 2436  udfs - ok
18:57:54.0907 2436  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:57:54.0919 2436  UI0Detect - ok
18:57:54.0922 2436  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:57:54.0931 2436  uliagpkx - ok
18:57:54.0934 2436  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:57:54.0944 2436  umbus - ok
18:57:54.0947 2436  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:57:54.0956 2436  UmPass - ok
18:57:54.0962 2436  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:57:54.0995 2436  upnphost - ok
18:57:54.0998 2436  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:57:55.0003 2436  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0003 2436  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:57:55.0006 2436  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:57:55.0016 2436  usbccgp - ok
18:57:55.0020 2436  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:57:55.0033 2436  usbcir - ok
18:57:55.0035 2436  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:57:55.0045 2436  usbehci - ok
18:57:55.0051 2436  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:57:55.0064 2436  usbhub - ok
18:57:55.0068 2436  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:57:55.0077 2436  usbohci - ok
18:57:55.0079 2436  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:57:55.0092 2436  usbprint - ok
18:57:55.0095 2436  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:57:55.0105 2436  USBSTOR - ok
18:57:55.0107 2436  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:57:55.0118 2436  usbuhci - ok
18:57:55.0123 2436  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:57:55.0136 2436  usbvideo - ok
18:57:55.0139 2436  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:57:55.0169 2436  UxSms - ok
18:57:55.0172 2436  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:57:55.0181 2436  VaultSvc - ok
18:57:55.0184 2436  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:57:55.0192 2436  vdrvroot - ok
18:57:55.0199 2436  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:57:55.0233 2436  vds - ok
18:57:55.0237 2436  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:55.0249 2436  vga - ok
18:57:55.0251 2436  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:57:55.0280 2436  VgaSave - ok
18:57:55.0285 2436  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:57:55.0296 2436  vhdmp - ok
18:57:55.0298 2436  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:57:55.0307 2436  viaide - ok
18:57:55.0311 2436  [ 927CBC96C4635F235301411E530FB56E ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
18:57:55.0320 2436  vididr - ok
18:57:55.0324 2436  [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt         C:\Windows\system32\DRIVERS\vidsflt.sys
18:57:55.0332 2436  vidsflt - ok
18:57:55.0335 2436  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:57:55.0344 2436  volmgr - ok
18:57:55.0349 2436  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:57:55.0362 2436  volmgrx - ok
18:57:55.0367 2436  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:57:55.0378 2436  volsnap - ok
18:57:55.0382 2436  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:57:55.0393 2436  vsmraid - ok
18:57:55.0407 2436  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:57:55.0452 2436  VSS - ok
18:57:55.0455 2436  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:57:55.0466 2436  vwifibus - ok
18:57:55.0469 2436  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:57:55.0482 2436  vwififlt - ok
18:57:55.0485 2436  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:57:55.0497 2436  vwifimp - ok
18:57:55.0503 2436  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:57:55.0536 2436  W32Time - ok
18:57:55.0539 2436  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:57:55.0549 2436  WacomPen - ok
18:57:55.0553 2436  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:57:55.0581 2436  WANARP - ok
18:57:55.0584 2436  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:57:55.0611 2436  Wanarpv6 - ok
18:57:55.0625 2436  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:57:55.0652 2436  wbengine - ok
18:57:55.0657 2436  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:57:55.0672 2436  WbioSrvc - ok
18:57:55.0678 2436  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:57:55.0696 2436  wcncsvc - ok
18:57:55.0699 2436  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:57:55.0709 2436  WcsPlugInService - ok
18:57:55.0714 2436  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:57:55.0722 2436  Wd - ok
18:57:55.0725 2436  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
18:57:55.0739 2436  WDC_SAM - ok
18:57:55.0745 2436  [ 6209C98EAA7D003DBEA3EB3245211342 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:57:55.0751 2436  WDDMService ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0751 2436  WDDMService - detected UnsignedFile.Multi.Generic (1)
18:57:55.0760 2436  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:57:55.0780 2436  Wdf01000 - ok
18:57:55.0791 2436  [ A787A567B3470C91C487ECE90CF7509C ] WDFME           C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
18:57:55.0804 2436  WDFME ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0804 2436  WDFME - detected UnsignedFile.Multi.Generic (1)
18:57:55.0808 2436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:57:55.0823 2436  WdiServiceHost - ok
18:57:55.0825 2436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:57:55.0840 2436  WdiSystemHost - ok
18:57:55.0846 2436  [ 3E2B446BFD98EE3AB236FE9E84F35489 ] WDSC            C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
18:57:55.0855 2436  WDSC ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0855 2436  WDSC - detected UnsignedFile.Multi.Generic (1)
18:57:55.0860 2436  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:57:55.0878 2436  WebClient - ok
18:57:55.0883 2436  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:57:55.0915 2436  Wecsvc - ok
18:57:55.0918 2436  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:57:55.0949 2436  wercplsupport - ok
18:57:55.0952 2436  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:57:55.0982 2436  WerSvc - ok
18:57:55.0986 2436  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:57:56.0014 2436  WfpLwf - ok
18:57:56.0017 2436  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:57:56.0025 2436  WIMMount - ok
18:57:56.0027 2436  WinDefend - ok
18:57:56.0032 2436  WinHttpAutoProxySvc - ok
18:57:56.0041 2436  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:57:56.0072 2436  Winmgmt - ok
18:57:56.0091 2436  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:57:56.0140 2436  WinRM - ok
18:57:56.0147 2436  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:57:56.0158 2436  WinUsb - ok
18:57:56.0168 2436  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:57:56.0190 2436  Wlansvc - ok
18:57:56.0193 2436  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:57:56.0202 2436  WmiAcpi - ok
18:57:56.0207 2436  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:57:56.0246 2436  wmiApSrv - ok
18:57:56.0248 2436  WMPNetworkSvc - ok
18:57:56.0252 2436  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:57:56.0262 2436  WPCSvc - ok
18:57:56.0266 2436  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:57:56.0279 2436  WPDBusEnum - ok
18:57:56.0281 2436  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:57:56.0311 2436  ws2ifsl - ok
18:57:56.0314 2436  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:57:56.0330 2436  wscsvc - ok
18:57:56.0332 2436  WSearch - ok
18:57:56.0356 2436  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:57:56.0398 2436  wuauserv - ok
18:57:56.0402 2436  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:57:56.0412 2436  WudfPf - ok
18:57:56.0416 2436  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:56.0427 2436  WUDFRd - ok
18:57:56.0431 2436  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:57:56.0442 2436  wudfsvc - ok
18:57:56.0446 2436  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:57:56.0462 2436  WwanSvc - ok
18:57:56.0489 2436  [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:57:56.0532 2436  ZeroConfigService - ok
18:57:56.0541 2436  ================ Scan global ===============================
18:57:56.0543 2436  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:57:56.0548 2436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:57:56.0554 2436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:57:56.0558 2436  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:57:56.0564 2436  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:57:56.0567 2436  [Global] - ok
18:57:56.0568 2436  ================ Scan MBR ==================================
18:57:56.0577 2436  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:57:56.0684 2436  \Device\Harddisk1\DR1 - ok
18:57:56.0686 2436  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:57:56.0760 2436  \Device\Harddisk0\DR0 - ok
18:57:56.0769 2436  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:57:56.0879 2436  \Device\Harddisk1\DR1 - ok
18:57:56.0879 2436  ================ Scan VBR ==================================
18:57:56.0883 2436  [ A5D76D2EF6AF43CD364EE09611CCB50B ] \Device\Harddisk1\DR1\Partition1
18:57:56.0884 2436  \Device\Harddisk1\DR1\Partition1 - ok
18:57:56.0886 2436  [ 14B2E7EF87C9C55FB4155D2A426EE8FD ] \Device\Harddisk0\DR0\Partition1
18:57:56.0887 2436  \Device\Harddisk0\DR0\Partition1 - ok
18:57:56.0889 2436  [ DD81B3F13F4B271C521668674A45597D ] \Device\Harddisk0\DR0\Partition2
18:57:56.0890 2436  \Device\Harddisk0\DR0\Partition2 - ok
18:57:56.0894 2436  [ A5D76D2EF6AF43CD364EE09611CCB50B ] \Device\Harddisk1\DR1\Partition1
18:57:56.0895 2436  \Device\Harddisk1\DR1\Partition1 - ok
18:57:56.0895 2436  ============================================================
18:57:56.0895 2436  Scan finished
18:57:56.0895 2436  ============================================================
18:57:56.0901 6320  Detected object count: 5
18:57:56.0901 6320  Actual detected object count: 5
18:58:33.0670 6320  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0670 6320  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:58:33.0671 6320  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0671 6320  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:58:33.0672 6320  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0672 6320  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:58:33.0672 6320  WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0672 6320  WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:58:33.0673 6320  WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0673 6320  WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 05.03.2013, 20:07   #6
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials

Alt 05.03.2013, 20:55   #7
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo,

hier das log von combofix:

Code:
ATTFilter
ComboFix 13-03-05.01 - ron 05.03.2013  20:46:54.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8086.5035 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2EE1C4CC-55F2-49EF-A96E-CF99B9B23CAE}.xps
c:\users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-05 bis 2013-03-05  ))))))))))))))))))))))))))))))
.
.
2013-03-05 19:50 . 2013-03-05 19:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-05 10:50 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89A0FBDB-5606-4526-BDFC-30427B0C395D}\mpengine.dll
2013-03-05 10:49 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-01 12:27 . 2013-03-01 12:27	--------	d-----w-	c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-03-01 10:56 . 2013-03-01 10:56	--------	d-----w-	c:\users\***\AppData\Roaming\PDAppFlex
2013-03-01 10:26 . 2013-03-01 10:26	--------	d-----w-	c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-03-01 10:26 . 2013-03-01 10:26	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2013-02-25 08:00 . 2013-02-25 08:00	--------	d-----w-	c:\program files\iPod
2013-02-25 08:00 . 2013-02-25 08:00	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-25 08:00 . 2013-02-25 08:00	--------	d-----w-	c:\program files\iTunes
2013-02-25 08:00 . 2013-02-25 08:00	--------	d-----w-	c:\program files (x86)\iTunes
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-25 07:54 . 2013-02-25 07:54	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-02-25 07:54 . 2013-02-25 07:54	--------	d-----w-	c:\program files (x86)\QuickTime
2013-02-21 14:19 . 2013-02-21 14:19	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-21 14:19 . 2013-02-21 14:19	--------	d-----w-	c:\program files (x86)\Java
2013-02-18 08:46 . 2013-02-18 08:46	--------	d-----w-	c:\users\***\AppData\Roaming\NVIDIA
2013-02-17 16:54 . 2013-02-17 16:54	--------	d-----w-	c:\program files (x86)\AVerMedia
2013-02-17 16:50 . 2013-02-19 11:09	--------	d-----w-	c:\windows\SysWow64\NV
2013-02-17 16:50 . 2013-02-19 11:09	--------	d-----w-	c:\windows\system32\NV
2013-02-17 16:48 . 2013-02-17 16:48	--------	d-----w-	c:\users\UpdatusUser
2013-02-17 16:48 . 2013-02-17 16:48	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-02-17 16:48 . 2013-02-10 01:04	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-17 16:48 . 2013-02-10 01:04	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-17 16:48 . 2013-02-10 01:04	76064	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-02-17 16:48 . 2013-02-10 01:04	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-17 16:48 . 2013-02-10 01:04	1012000	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-02-17 16:48 . 2013-02-10 01:04	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-17 16:48 . 2013-02-10 01:04	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-17 16:48 . 2013-02-10 01:04	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-17 16:48 . 2013-02-09 13:25	3035306	----a-w-	c:\windows\system32\nvcoproc.bin
2013-02-17 16:47 . 2013-02-10 03:25	963776	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-17 16:47 . 2013-02-10 03:25	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-17 16:47 . 2013-02-10 03:25	250504	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-17 16:47 . 2013-02-10 03:25	205184	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-17 16:47 . 2013-02-10 03:25	15038296	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-17 16:47 . 2013-02-10 03:25	1114144	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-17 16:46 . 2013-02-17 16:46	--------	d-----w-	C:\NVIDIA
2013-02-16 13:41 . 2013-02-19 11:09	--------	d-----w-	c:\programdata\NVIDIA
2013-02-16 13:15 . 2013-02-16 13:15	--------	d-----w-	c:\users\***\AppData\Local\Western_Digital
2013-02-16 13:15 . 2013-02-16 13:15	--------	d-----w-	c:\users\***\AppData\Local\Western Digital
2013-02-16 13:14 . 2013-02-16 13:14	--------	d-----w-	c:\programdata\Western Digital
2013-02-16 13:14 . 2013-02-16 13:14	--------	d-----w-	c:\program files\Western Digital
2013-02-16 13:14 . 2013-02-16 13:14	--------	d-----w-	c:\program files (x86)\Western Digital
2013-02-16 13:12 . 2013-02-16 13:12	--------	d-----w-	c:\program files\DIFX
2013-02-16 13:12 . 2013-02-16 13:12	--------	d-----w-	c:\program files\WDCSAM
2013-02-14 17:17 . 2013-02-14 17:17	--------	d-----w-	c:\programdata\Blizzard Entertainment
2013-02-14 16:52 . 2013-02-14 16:52	--------	d-----w-	c:\programdata\Battle.net
2013-02-14 13:57 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 13:57 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:45 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 08:45 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 08:45 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 08:45 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 08:45 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 08:45 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 08:45 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 08:45 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 08:45 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 08:45 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 15:17 . 2013-03-05 19:44	--------	d-----w-	c:\users\***\AppData\Local\Spotify
2013-02-13 15:16 . 2013-03-05 19:44	--------	d-----w-	c:\users\***\AppData\Roaming\Spotify
2013-02-12 16:04 . 2013-02-12 16:04	--------	d-----w-	c:\users\***\AppData\Roaming\ts3overlay
2013-02-12 16:03 . 2013-03-05 19:41	--------	d-----w-	c:\users\***\AppData\Roaming\TS3Client
2013-02-12 16:03 . 2013-02-12 16:03	--------	d-----w-	c:\program files (x86)\TeamSpeak 3 Client
2013-02-08 09:37 . 2013-02-08 09:37	--------	d-----w-	c:\users\***\AppData\Roaming\kompozer.net
2013-02-08 09:37 . 2013-02-08 09:37	--------	d-----w-	c:\users\***\AppData\Local\kompozer.net
2013-02-08 09:37 . 2013-02-08 09:37	--------	d-----w-	c:\program files (x86)\KompoZer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 10:01 . 2013-01-18 17:00	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 10:01 . 2013-01-18 17:00	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-21 14:19 . 2013-01-18 20:31	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-21 14:19 . 2013-01-18 20:31	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-14 13:58 . 2013-01-18 10:26	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2013-01-18 09:43	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 20:19 . 2013-01-18 20:20	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2013-01-18 20:19 . 2003-03-19 05:14	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-01-18 20:19 . 2003-02-21 13:42	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-01-18 17:25 . 2013-01-18 17:25	367200	----a-w-	c:\windows\system32\drivers\afcdp.sys
2013-01-18 17:25 . 2013-01-18 17:25	1340040	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2013-01-18 17:24 . 2013-01-18 17:24	228488	----a-w-	c:\windows\system32\drivers\vididr.sys
2013-01-18 17:24 . 2013-01-18 17:24	166024	----a-w-	c:\windows\system32\drivers\vidsflt.sys
2013-01-18 17:24 . 2013-01-18 17:24	1093256	----a-w-	c:\windows\system32\drivers\tib_mounter.sys
2013-01-18 17:24 . 2013-01-18 17:24	340104	----a-w-	c:\windows\system32\drivers\snapman.sys
2013-01-18 17:24 . 2013-01-18 17:24	155272	----a-w-	c:\windows\system32\drivers\fltsrv.sys
2013-01-18 16:57 . 2013-01-18 16:57	14794312	----a-w-	c:\program files (x86)\Common Files\lpuninstall.exe
2013-01-18 15:41 . 2013-01-18 15:41	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{920254DF-CF4E-43A0-A138-BDDD912EE5A4}\gapaengine.dll
2013-01-18 11:35 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-01-18 11:35 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-01-18 10:16 . 2013-01-18 10:16	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-01-18 10:16 . 2013-01-18 10:16	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-01-18 10:16 . 2013-01-18 10:16	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2013-01-18 10:16 . 2013-01-18 10:16	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-01-18 10:16 . 2013-01-18 10:16	85504	----a-w-	c:\windows\system32\iesetup.dll
2013-01-18 10:16 . 2013-01-18 10:16	82432	----a-w-	c:\windows\system32\icardie.dll
2013-01-18 10:16 . 2013-01-18 10:16	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-18 10:16 . 2013-01-18 10:16	76800	----a-w-	c:\windows\system32\tdc.ocx
2013-01-18 10:16 . 2013-01-18 10:16	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-18 10:16 . 2013-01-18 10:16	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-01-18 10:16 . 2013-01-18 10:16	65024	----a-w-	c:\windows\system32\pngfilt.dll
2013-01-18 10:16 . 2013-01-18 10:16	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-01-18 10:16 . 2013-01-18 10:16	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-01-18 10:16 . 2013-01-18 10:16	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2013-01-18 10:16 . 2013-01-18 10:16	49664	----a-w-	c:\windows\system32\imgutil.dll
2013-01-18 10:16 . 2013-01-18 10:16	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-01-18 10:16 . 2013-01-18 10:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-01-18 10:16 . 2013-01-18 10:16	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2013-01-18 10:16 . 2013-01-18 10:16	448512	----a-w-	c:\windows\system32\html.iec
2013-01-18 10:16 . 2013-01-18 10:16	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2013-01-18 10:16 . 2013-01-18 10:16	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-01-18 10:16 . 2013-01-18 10:16	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-01-18 10:16 . 2013-01-18 10:16	367104	----a-w-	c:\windows\SysWow64\html.iec
2013-01-18 10:16 . 2013-01-18 10:16	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-01-18 10:16 . 2013-01-18 10:16	30720	----a-w-	c:\windows\system32\licmgr10.dll
2013-01-18 10:16 . 2013-01-18 10:16	282112	----a-w-	c:\windows\system32\dxtrans.dll
2013-01-18 10:16 . 2013-01-18 10:16	267776	----a-w-	c:\windows\system32\ieaksie.dll
2013-01-18 10:16 . 2013-01-18 10:16	249344	----a-w-	c:\windows\system32\webcheck.dll
2013-01-18 10:16 . 2013-01-18 10:16	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-01-18 10:16 . 2013-01-18 10:16	222208	----a-w-	c:\windows\system32\msls31.dll
2013-01-18 10:16 . 2013-01-18 10:16	197120	----a-w-	c:\windows\system32\msrating.dll
2013-01-18 10:16 . 2013-01-18 10:16	165888	----a-w-	c:\windows\system32\iexpress.exe
2013-01-18 10:16 . 2013-01-18 10:16	163840	----a-w-	c:\windows\system32\ieakui.dll
2013-01-18 10:16 . 2013-01-18 10:16	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2013-01-18 10:16 . 2013-01-18 10:16	160256	----a-w-	c:\windows\system32\wextract.exe
2013-01-18 10:16 . 2013-01-18 10:16	160256	----a-w-	c:\windows\system32\ieakeng.dll
2013-01-18 10:16 . 2013-01-18 10:16	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2013-01-18 10:16 . 2013-01-18 10:16	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-01-18 10:16 . 2013-01-18 10:16	149504	----a-w-	c:\windows\system32\occache.dll
2013-01-18 10:16 . 2013-01-18 10:16	145920	----a-w-	c:\windows\system32\iepeers.dll
2013-01-18 10:16 . 2013-01-18 10:16	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-01-18 10:16 . 2013-01-18 10:16	12288	----a-w-	c:\windows\system32\mshta.exe
2013-01-18 10:16 . 2013-01-18 10:16	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2013-01-18 10:16 . 2013-01-18 10:16	114176	----a-w-	c:\windows\system32\admparse.dll
2013-01-18 10:16 . 2013-01-18 10:16	111616	----a-w-	c:\windows\system32\iesysprep.dll
2013-01-18 10:16 . 2013-01-18 10:16	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-01-18 10:16 . 2013-01-18 10:16	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2013-01-18 10:16 . 2013-01-18 10:16	103936	----a-w-	c:\windows\system32\inseng.dll
2013-01-18 10:16 . 2013-01-18 10:16	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2013-01-15 01:45 . 2013-01-18 09:43	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{190160CD-4A7C-42D3-B5F4-A2D71792FC81}\mpengine.dll
2013-01-11 10:39 . 2013-01-21 09:24	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2013-01-08 16:23 . 2013-01-08 16:23	277488	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-01-08 16:23 . 2013-01-08 16:23	511984	----a-w-	c:\windows\system32\igfxsrvc.exe
2013-01-08 16:23 . 2013-01-08 16:23	172016	----a-w-	c:\windows\system32\igfxtray.exe
2013-01-08 16:23 . 2013-01-08 16:23	5905904	----a-w-	c:\windows\system32\GfxUI.exe
2013-01-08 16:23 . 2013-01-08 16:23	441840	----a-w-	c:\windows\system32\igfxpers.exe
2013-01-08 16:23 . 2013-01-08 16:23	399856	----a-w-	c:\windows\system32\hkcmd.exe
2013-01-08 16:23 . 2013-01-08 16:23	254960	----a-w-	c:\windows\system32\igfxext.exe
2013-01-08 16:23 . 2013-01-08 16:23	185840	----a-w-	c:\windows\system32\difx64.exe
2013-01-04 04:43 . 2013-02-14 08:45	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2012-10-08 10:42	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-08 10:42	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-16 17:11 . 2013-01-18 10:12	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-18 10:12	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-18 10:12	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-18 10:12	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-13 15:24 . 2012-12-13 15:24	342528	----a-w-	c:\windows\system32\drivers\IntcDAud.sys
2012-12-13 15:24 . 2012-12-13 15:24	16896	----a-w-	c:\windows\system32\IntcDAuC.dll
2012-12-13 15:23 . 2012-12-13 15:23	116224	----a-w-	c:\windows\system32\igfxCoIn_v2932.dll
2012-12-12 15:45 . 2012-10-10 01:22	12858368	----a-w-	c:\windows\system32\igd10umd64.dll
2012-12-12 15:44 . 2012-12-12 15:44	11174912	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-12-12 15:43 . 2012-12-12 15:43	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2012-12-12 15:43 . 2012-12-12 15:43	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-12-12 15:43 . 2012-12-12 15:43	438784	----a-w-	c:\windows\system32\igfxrsky.lrc
2012-12-12 15:43 . 2012-12-12 15:43	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2012-12-12 15:43 . 2012-12-12 15:43	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2012-12-12 15:43 . 2012-12-12 15:43	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2012-12-12 15:43 . 2012-12-12 15:43	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
"LightShot"="c:\users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-15 226152]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CS Dispatch"="c:\users\***\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe" [2012-03-05 468920]
"Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-13 1199000]
"Spotify"="c:\users\***\AppData\Roaming\Spotify\spotify.exe" [2013-02-13 5926808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVCServ"="c:\program files (x86)\DATEV-SiPa-compact\DVCSERV" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2012-06-25 76872]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-2-20 0]
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2013-1-18 1507328]
Zahlungserinnerung.lnk - c:\program files (x86)\Profi cash\wzed.exe [2013-1-18 40960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-1-18 14794312]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/01/18 21:21;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-06-25 242448]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-07-17 198144]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2009-10-08 25344]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2009-10-08 104576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2013-01-18 155272]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-10 30496]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2013-01-18 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2013-01-18 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2013-01-18 166024]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-02-10 284448]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-01-18 3729400]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-17 659472]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-08-23 135984]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7027752]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-01-18 367200]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-07-17 198144]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-06-11 1799808]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-12-13 342528]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 92471417
*Deregistered* - 92471417
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 14:04	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 10:01]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18 10:53]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18 10:53]
.
2013-03-05 c:\windows\Tasks\update-S-1-5-21-2255338799-3120107091-2216546697-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-01-19 20:34]
.
2013-03-05 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-01-19 20:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 02:51	2741024	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 02:51	2741024	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 02:51	2741024	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840]
"IntelMyWiFiDashboard"="c:\program files\Intel\WiFi\bin\CCDashServer.exe" [2012-03-02 4965376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: LastPass - file://c:\users\***\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Ausfüllformulare - file://c:\users\***\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05  20:52:32
ComboFix-quarantined-files.txt  2013-03-05 19:52
.
Vor Suchlauf: 12 Verzeichnis(se), 186.126.270.464 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 186.588.639.232 Bytes frei
.
- - End Of File - - 9EA7E9C040AC32886064AC670483CB8C
         

Alt 06.03.2013, 17:54   #8
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 21:25   #9
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo,

so hier noch der Malwarebytes Log, alles clean sagt der. Ich hoffe das ist ein gutes Zeichen.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.06.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421


Schutz: Aktiviert

06.03.2013 20:37:35
mbam-log-2013-03-06 (20-37-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377796
Laufzeit: 13 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Beste Grüße
Dachratte

Alt 08.03.2013, 20:58   #10
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.03.2013, 10:16   #11
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Guten Morgen,

habe nichts gefunden was unnötig oder unbekannt ist,
außer den im Verlauf der Suche installierten Programme, die ich vorher nicht drauf hatte.
Der Rest ist bekannt und benötigt.

Code:
ATTFilter
4Team Outlook Duplicate Remover	4Team Corporation	18.01.2013	8,28MB	3.10.0112	notwendig
Adobe AIR	Adobe Systems Incorporated	01.03.2013		3.1.0.4880	notwendig
Adobe Download Assistant	Adobe Systems Incorporated	01.03.2013		01.02.2005	notwendig
Adobe Dreamweaver CS6	Adobe Systems Incorporated	01.03.2013	456MB	12	notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171	notwendig
Adobe Help Manager	Adobe Systems Incorporated	01.03.2013		4.0.244	notwendig
Adobe Photoshop CS5.1	Adobe Systems Incorporated	23.01.2013	2,10GB	12. Jan	notwendig
Adobe Photoshop Lightroom 3.3 64-bit	Adobe	22.01.2013	358MB	03.03.2001	notwendig
Adobe Reader XI (11.0.02) - Deutsch	Adobe Systems Incorporated	21.02.2013	133MB	11.0.02	notwendig
Adobe Widget Browser	Adobe Systems Incorporated.	01.03.2013		2.0 Build 348	notwendig
Akamai NetSession Interface	Akamai Technologies, Inc	18.01.2013			notwendig
Apple Application Support	Apple Inc.	25.02.2013	62,7MB	02.03.2003	notwendig
Apple Mobile Device Support	Apple Inc.	25.02.2013	25,2MB	6.1.0.13	notwendig
Apple Software Update	Apple Inc.	18.01.2013	2,38MB	2.1.3.127	notwendig
AVerMedia H339 Hybrid TV Tuner 2.2.64.64	AVerMedia TECHNOLOGIES, Inc.	17.02.2013		2.2.64.64	notwendig
Bonjour	Apple Inc.	18.01.2013	2,00MB	3.0.0.10	notwendig
CCleaner	Piriform	25.02.2013		Mrz 28	unnötig
CodeTwo Sync for iCloud	CodeTwo	18.01.2013	10,3MB	1.3.2.2	notwendig
Curse Client	Curse	06.03.2013		5.1.1.644	notwendig
CyberLink PowerDVD 9.6	CyberLink Corp.	18.01.2013	202MB	9.6.1.5425	notwendig
DATEV Belegtransfer V.3.21	DATEV eG	18.01.2013	3,12MB	02. Mrz	notwendig
DATEV Installation V.2.74		18.01.2013			notwendig
DATEV Sicherheitspaket - compact	DATEV eG	18.01.2013	20,6MB	2.00.0010	notwendig
Dell System Detect	Dell	19.01.2013		3.3.2.1	notwendig
Dropbox	Dropbox, Inc.	24.01.2013		01.06.2016	notwendig
FileZilla Client 3.6.0.2	FileZilla Project	21.01.2013	17,1MB	3.6.0.2	notwendig
Google Chrome	Google Inc.	18.01.2013		25.0.1364.152	notwendig
iCloud	Apple Inc.	18.01.2013	81,9MB	2.1.1.3	notwendig
Intel(R) Processor Graphics	Intel Corporation	18.01.2013		9.17.10.2932	notwendig
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed	Intel Corporation	18.01.2013	5,47MB	15.3.0.0398	notwendig
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology	Intel Corporation	18.01.2013	90,1MB	1.2.1.0608	notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	19.01.2013		10.1.2.1004	notwendig
Intel(R) SDK for OpenCL - CPU Only Runtime Package	Intel Corporation	18.01.2013		2.0.0.37149	notwendig
Intel® PROSet/Wireless WiFi-Software	Intel Corporation	19.01.2013	405MB	15.01.0000.0830	notwendig
iTunes	Apple Inc.	25.02.2013	187MB	11.0.2.26	notwendig
Java 7 Update 15	Oracle	21.02.2013	129MB	7.0.150	notwendig
JMicron Flash Media Controller Driver	JMicron Technology Corp.	18.01.2013		1.0.55.0	notwendig
KompoZer 0.8b3	KompoZer	08.02.2013	21,8MB		notwendig
LastPass(Nur deinstallieren)	LastPass	18.01.2013			notwendig
lightshot-3.4.0.0	Skillbrains	28.02.2013	3,21MB	3.4.0.0	notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	06.03.2013	18,4MB	1.70.0.1100	unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18.01.2013	38,8MB	4.0.30319	notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	18.01.2013	2,93MB	4.0.30319	notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	19.01.2013	51,9MB	4.0.30319	notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	19.01.2013	10,6MB	4.0.30319	notwendig
Microsoft Office Home and Business 2010	Microsoft Corporation	18.01.2013		14.0.6029.1000	notwendig
Microsoft Security Essentials	Microsoft Corporation	15.02.2013		4.2.223.1	notwendig
Microsoft Silverlight	Microsoft Corporation	18.01.2013	50,6MB	5.1.10411.0	notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	19.01.2013	298KB	8.0.61001	notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	22.01.2013	570KB	8.0.61000	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	18.01.2013	780KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	19.01.2013	788KB	9.0.30729.6161	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	12.02.2013	240KB	9.0.30729	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	18.01.2013	588KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	19.01.2013	600KB	9.0.30729.6161	notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	23.01.2013	20,5MB	10.0.40219	notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	23.01.2013	15,0MB	10.0.40219	notwendig
NVIDIA Grafiktreiber 314.07	NVIDIA Corporation	19.02.2013		314.07	notwendig
NVIDIA HD-Audiotreiber 1.3.23.1	NVIDIA Corporation	19.02.2013		1.3.23.1	notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031	NVIDIA Corporation	17.02.2013		9.12.1031	notwendig
NVIDIA Update 1.12.12	NVIDIA Corporation	19.02.2013		01.12.2012	notwendig
PDF Architect	pdfforge	21.01.2013	91,1MB	1.0.52.8917	notwendig
PDFCreator	pdfforge	21.01.2013		01.06.2002	notwendig
Profi cash		18.01.2013			notwendig
Profi cash international		18.01.2013			notwendig
Quickset64	Dell Inc.	18.01.2013	10,2MB	11.0.10	notwendig
QuickTime	Apple Inc.	25.02.2013	73,1MB	7.73.80.64	notwendig
Realtek Ethernet Controller Driver	Realtek	18.01.2013		7.41.216.2011	notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	18.01.2013		6.0.1.6312	notwendig
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	18.01.2013	1,12MB	2.1.27.0	notwendig
Samsung SSD Magician	Samsung Electronics	18.01.2013	45,8MB	03. Feb	notwendig
SES Driver	Western Digital	16.02.2013	28,0KB	1.0.0	notwendig
Skype™ 6.1	Skype Technologies S.A.	18.01.2013	21,1MB	6.1.129	notwendig
Spotify	Spotify AB	13.02.2013		0.8.5.1356.gd1d40f3a	notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	18.01.2013	46,4MB	15.2.6.0	notwendig
System Requirements Lab for Intel	Husdawg, LLC	18.01.2013	1,02MB	4.5.13.0	notwendig
System Requirements Lab for Intel (64-bit)	Husdawg, LLC	18.01.2013	1,19MB	4.5.13.0	notwendig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	12.02.2013		3.0.6	notwendig
True Image 2013	Acronis	18.01.2013	318MB	16.0.5551	notwendig
WD SmartWare	Western Digital	16.02.2013	39,6MB	1.4.1.1	notwendig
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)	Western Digital Technologies	16.02.2013		03/06/2009 1.0.0008.0	notwendig
WinRAR 4.20 (64-Bit)	win.rar GmbH	23.01.2013		4.20.0	notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0	Intel	18.01.2013	13,2MB	2.1.23.0	notwendig
         

Alt 11.03.2013, 17:26   #12
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren

öffne bitte ccleaner, analysieren, starten, pc neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.03.2013, 15:06   #13
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hallo,

sorry war die letzten Tage nicht in der Lage die Anweisungen zu erledigen.
habe nun die letzten Schritte erledigt.

Der Adwcleaner hat den Rechner keinmal neu gestartet.
hier das Log nach dem ersten Scan:


Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 15/03/2013 um 15:02:35 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-LAP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [764 octets] - [15/03/2013 15:02:35]

########## EOF - C:\AdwCleaner[R1].txt - [823 octets] ##########
         

Alt 28.03.2013, 19:59   #14
markusg
/// Malware-holic
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



y, war im urlaub und dann krank

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.03.2013, 19:18   #15
Dachratte
 
Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Standard

Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials



Hier die OTL.txt

Code:
ATTFilter
OTL logfile created on: 29.03.2013 18:39:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,93% Memory free
15,79 Gb Paging File | 13,66 Gb Available in Paging File | 86,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 171,58 Gb Free Space | 71,98% Space Free | Partition Type: NTFS
Drive E: | 14,17 Mb Total Space | 14,08 Mb Free Space | 99,34% Space Free | Partition Type: FAT
 
Computer Name: RON-LAP | User Name: ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.22 18:19:43 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.03.15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.03.12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.05 11:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2013.02.21 12:45:04 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\****\AppData\Local\Skillbrains\lightshot\3.4.0.0\LightShot.exe
PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\****\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 18:25:00 | 003,729,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.09.20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.06.25 18:06:04 | 000,076,872 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012.03.05 04:07:46 | 000,468,920 | ---- | M] (KaiJet) -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe
PRC - [2011.10.18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.10.18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.10.18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.10.18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.09.16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
PRC - [2010.05.03 16:13:24 | 001,063,936 | ---- | M] (DATEV eG) -- C:\Program Files (x86)\DATEV-SiPa-compact\DVcServ.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 16:50:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.19 15:07:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.19 15:07:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.19 13:47:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.19 13:46:01 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.19 13:45:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.19 13:45:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.19 13:45:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.19 13:45:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.19 13:45:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.08 11:42:56 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
MOD - [2011.06.14 08:07:16 | 000,036,688 | ---- | M] () -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\OSW08.dll
MOD - [2011.04.28 08:50:48 | 000,039,760 | ---- | M] () -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\2208KM_HID.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.10 13:39:20 | 000,073,728 | ---- | M] () -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\ProdLic.DLL
MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.16 17:41:42 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 18:25:00 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.01.08 17:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.08.23 13:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.08.23 03:50:44 | 001,127,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.07.18 00:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.06.25 18:06:00 | 000,242,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.10.18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.10.18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.09.08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.09.08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.15 06:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013.03.15 06:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.01.18 18:25:00 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013.01.18 18:25:00 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013.01.18 18:24:59 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013.01.18 18:24:59 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013.01.18 18:24:59 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013.01.18 18:24:58 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013.01.18 18:24:58 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.12.12 16:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.18 00:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.07.18 00:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2011.10.11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.10.10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.08.29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.17 09:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.15 09:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.07.02 01:46:58 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010.06.11 02:14:42 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009.10.08 14:41:42 | 000,025,344 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV:64bit: - [2009.10.08 14:41:26 | 000,104,576 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KOBCCID.sys -- (KOBCCID)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 AC 9A AE 6B F5 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.21 10:24:32 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: LastPass = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.05 20:50:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll (DATEV eG)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DVCServ] C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV.exe (DATEV eG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [CS Dispatch] C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe (KaiJet)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\****\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\****\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk = C:\Program Files (x86)\Profi cash\wzed.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Ausfüllformulare - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: LastPass - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0807CC08-D6C4-44E5-B015-989B3AAAECBF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C03464F-34A9-4139-91C2-866ADB9002EF}: DhcpNameServer = 10.0.206.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F288F3C-973E-48F7-B528-C431D387807C}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.21 12:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.15 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.11 10:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.11 10:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.06 20:36:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.03.06 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.05 23:11:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.05 20:52:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.05 20:46:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.05 20:46:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.05 20:46:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.05 20:46:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.05 20:46:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.05 20:45:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.05 20:44:08 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.03.05 18:56:36 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.03.05 12:03:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.05 11:02:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.03.01 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.03.01 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013.03.01 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\PDAppFlex
[2013.03.01 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.03.01 11:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2013.01.18 17:57:37 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.29 18:33:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.29 18:33:50 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 18:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.29 15:11:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.03.29 14:48:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2255338799-3120107091-2216546697-1000.job
[2013.03.29 13:20:00 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 13:20:00 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 13:18:17 | 001,621,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.29 13:18:17 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.29 13:18:17 | 000,655,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.29 13:18:17 | 000,149,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.29 13:18:17 | 000,121,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.29 13:13:06 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.29 13:12:45 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 13:35:01 | 000,001,456 | ---- | M] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.03.27 11:30:46 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk
[2013.03.26 14:15:12 | 000,001,046 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.26 14:15:07 | 000,001,010 | ---- | M] () -- C:\Users\****\Desktop\Dropbox.lnk
[2013.03.25 10:50:31 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.03.22 14:29:01 | 000,014,018 | ---- | M] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1069154.pdf
[2013.03.22 14:28:58 | 000,014,032 | ---- | M] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1066312.pdf
[2013.03.15 15:04:41 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.15 14:54:13 | 000,597,667 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe
[2013.03.15 06:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.14 14:26:31 | 000,028,630 | ---- | M] () -- C:\Users\****\Desktop\picking_note_invoice_sorted_14032013142620.pdf
[2013.03.14 13:04:41 | 000,004,040 | ---- | M] () -- C:\Users\****\Desktop\giesbrecht.pdf
[2013.03.13 17:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.03.11 10:07:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.05 20:50:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.05 20:45:21 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.03.05 18:56:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.03.05 12:47:55 | 000,035,705 | ---- | M] () -- C:\Users\****\Desktop\logs.zip
[2013.03.05 11:24:34 | 000,377,856 | ---- | M] () -- C:\Users\****\Desktop\gmer_2.1.19155.exe
[2013.03.05 11:07:28 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.03.05 11:03:27 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2013.03.05 11:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.03.01 11:51:59 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.03.01 11:26:06 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013.02.28 10:47:33 | 000,000,538 | ---- | M] () -- C:\Users\****\AppData\Local\UserProducts.xml
 
========== Files Created - No Company Name ==========
 
[2013.03.27 11:30:46 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-Bit.lnk
[2013.03.27 11:30:46 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk
[2013.03.22 14:29:01 | 000,014,018 | ---- | C] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1069154.pdf
[2013.03.22 14:28:58 | 000,014,032 | ---- | C] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1066312.pdf
[2013.03.16 17:41:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.15 14:54:09 | 000,597,667 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe
[2013.03.14 14:26:31 | 000,028,630 | ---- | C] () -- C:\Users\****\Desktop\picking_note_invoice_sorted_14032013142620.pdf
[2013.03.14 13:04:41 | 000,004,040 | ---- | C] () -- C:\Users\****\Desktop\giesbrecht.pdf
[2013.03.11 10:07:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.05 20:46:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 20:46:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 20:46:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 20:46:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 20:46:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.05 12:47:55 | 000,035,705 | ---- | C] () -- C:\Users\****\Desktop\logs.zip
[2013.03.05 11:24:33 | 000,377,856 | ---- | C] () -- C:\Users\****\Desktop\gmer_2.1.19155.exe
[2013.03.05 11:07:28 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2013.03.05 11:03:27 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2013.03.01 11:53:13 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2013.03.01 11:52:36 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013.03.01 11:52:35 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013.03.01 11:52:26 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.03.01 11:52:14 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2013.03.01 11:26:06 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2013.03.01 11:26:06 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013.01.30 14:13:58 | 000,001,456 | ---- | C] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.01.19 14:30:26 | 000,000,538 | ---- | C] () -- C:\Users\****\AppData\Local\UserProducts.xml
[2013.01.18 20:57:07 | 001,598,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.18 17:00:10 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2013.01.18 16:59:01 | 000,000,097 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2013.01.18 16:57:17 | 000,000,098 | ---- | C] () -- C:\Windows\STARTUP.INI
[2013.01.18 13:33:42 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2013.01.18 13:13:26 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2013.01.18 13:13:26 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2012.12.12 16:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.18 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\4Team
[2013.01.18 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis
[2013.03.01 13:27:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.01.18 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CodeTwo
[2013.01.18 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CodeTwo Sync for iCloud
[2013.03.01 11:26:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.01.18 16:56:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DATEV
[2013.03.29 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2013.03.18 12:48:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2013.01.30 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KaiJet
[2013.02.08 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kompozer.net
[2013.01.18 13:19:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PCDr
[2013.03.01 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PDAppFlex
[2013.01.21 10:27:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PDF Architect
[2013.01.21 10:24:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\pdfforge
[2013.03.29 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify
[2013.03.22 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2013.02.12 17:04:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.03.05 23:11:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.03.05 20:52:34 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.01.18 16:59:40 | 000,000,000 | ---D | M] -- C:\DATEV
[2013.01.18 09:58:04 | 000,000,000 | ---D | M] -- C:\Dell
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.01.18 09:06:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.18 22:21:33 | 000,000,000 | ---D | M] -- C:\Intel
[2013.01.18 13:48:35 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.01.18 09:53:56 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2013.02.17 17:46:02 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.15 14:54:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.22 18:20:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.06 20:35:56 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013.01.18 09:06:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.03.05 20:52:34 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.01.18 09:06:00 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.03.29 18:42:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.03.26 16:21:29 | 000,000,000 | ---D | M] -- C:\temp
[2013.02.17 17:48:49 | 000,000,000 | R--D | M] -- C:\Users
[2013.03.26 16:27:44 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,029,106 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.01.18 11:53:35 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.18 11:53:35 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.19 14:30:26 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\update-S-1-5-21-2255338799-3120107091-2216546697-1000.job
[2013.01.19 14:30:26 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\update-sys.job
[2013.03.16 17:41:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Dell\Drivers\8D90T\f6flpy-x64\iaStor.sys
[2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.12 17:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\Dell\Drivers\8D90T\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2013.03.05 11:07:28 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.03.29 18:50:06 | 003,407,872 | -HS- | M] () -- C:\Users\****\NTUSER.DAT
[2013.03.29 18:50:06 | 000,262,144 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG1
[2013.01.18 09:06:03 | 000,000,000 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG2
[2013.01.18 10:24:09 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013.01.18 10:24:09 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013.01.18 10:24:09 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.01.18 09:06:03 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
und die Extra.txt habe ich leider keine neue nur eine alte Version vom 5.3.
Das Programm hat keine andere generiert. Bzw. wo müsste die denn liegen ?

Danke und Gruß
Dachratte

Antwort

Themen zu Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials
achtung, anhang, anweisung, code, einfügen, essen, gestern, hilft, hoffe, mail, meldung, neues, neueste, pdf, poste, posten, programme, rechnung, scan, security, stelle, system, telekom, telekom rechnung, trojaner, Änderungen



Ähnliche Themen: Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials


  1. Windows7 64Bit: mit malwarebyts schädliche Elemente gefunden, außerdem wurde eine "Telekom-Rechnung" mit Anhang geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (5)
  2. Fake Telekom Rechnung geöffnet
    Log-Analyse und Auswertung - 01.12.2014 (29)
  3. Telekom Rechnung geöffnet..
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (5)
  4. Telekom Rechnung auf Firmen-PC geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (1)
  5. Telekom Fake-Rechnung: Anhang geöffnet
    Log-Analyse und Auswertung - 17.11.2014 (7)
  6. Telekom Fake Rechnung geöffnet!
    Log-Analyse und Auswertung - 27.07.2014 (19)
  7. Windows 8.1 / Habe Anhang Telekom Rechnung geöffnet
    Plagegeister aller Art und deren Bekämpfung - 20.07.2014 (7)
  8. Windows 7: Anhang in Fake Telekom-Mail (Rechnung) geöffnet - Trojaner TR/Kryptik.vnyz gefunden
    Log-Analyse und Auswertung - 06.07.2014 (9)
  9. Windows 7: A1 Rechnung mit .rtf Anhang geöffnet...
    Log-Analyse und Auswertung - 01.07.2014 (7)
  10. Email von Telekom mit Rechnung.pdf.exe geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.06.2014 (4)
  11. Win 7: Anhang von Fake Telekom-Rechnung geöffnet. Trojanerinfektion
    Log-Analyse und Auswertung - 19.01.2014 (9)
  12. vodafone Spam: Ihre Rechnung vom 28.06.2013 im Anhang als PDF
    Diskussionsforum - 01.07.2013 (0)
  13. Rechnung mit MS DOS-Anhang geöffnet - Virus?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (25)
  14. Seitensprung AG-Rechnung Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (7)
  15. Anhang von Fake-Rechnung geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (2)
  16. Telekom Spam: RechnungOnline Monat Februar 2013 Buchungskonto
    Diskussionsforum - 22.02.2013 (1)
  17. GMX Mail mit Anhang Rechnung geöffnet= Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (1)

Zum Thema Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials - Hallo, habe durch geistige Umnachtung die Telekom Mail mit der Rechnung geöffnet und sogar den Anhang ausgeführt.Sowas ist mir noch nie passiert, aber jammern hilft jetzt auch nicht mehr. Ich - Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials...
Archiv
Du betrachtest: Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.