| |
| |||||||
Log-Analyse und Auswertung: Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.10.2012, 10:26
| #1 |
| |  Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Trojaner-Team, Ich habe seit geraumer Zeit ein Problem mit meinem Internetbrowser Opera. Aus Zeitmangel hab ich das Problem lange, ca. 3 Monate, ignoriert. Mir ist irgendwann aufgefallen das der Browser unheimlich lange braucht Seiten zu öffnen. Des Öfteren muss man auch zwei oder dreimal die Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? bis sie endlich auftaucht. Außerdem läuft bei mir meistens der Taskmanager mit, damit ich die Auslastung des Systems beobachten kann. Auch hier ist mir aufgefallen, dass immer mehr Prozesse geladen sind, teilweise einige doppelt, wodurch ich den Überblick verloren habe. Beim online-spielen habe ich immer einen äußerst hohen Ping, wobei die Internet Verbindung (54Mbit/s) recht schnell ist. Youtube-videos oder andere Video-Streams brauchen sehr lange zum laden oder laufen erst gar nicht. Ich habe dann die google-Suche verwendet um nach einer Lösung zu suchen und bin erst über einige Opera-Einstellungen auf euch gestoßen. Hier habe ich zum ersten mal von Backdoor-hack gelesen, Maleware usw. Ich habe versucht die 3 Schritte durchzuführen und mein System zu scannen. Mit der Malwarebytes Anti-Malware habe ich zwei Funde gehabt und diese schon gelöscht (  hätt ich nicht tun sollen)Dann habe ich OTL heruntergeladen und gestartet, läuft nicht wegen Fehlermeldung: „Access violation at address CCCC0460. Read of address CCCC0460“ -keine Ahnung was das heißt? Der nächste empfohlene Schritt war gmer. Den Scann habe ich über 30h laufen lassen und dann abgebrochen. Diesen und den Malware -Log hab ich als .rar angehängt. Liebes Trojaner-Team was hat mein kleiner Lappi und können wir ihn gemeinsam wieder gesund machen?  |
|
03.10.2012, 15:42
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack?Zitat:
Zitat:
Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
03.10.2012, 21:15
| #3 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus,
__________________also der Log sieht so aus: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.29.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 hp :: HP-PC [Administrator] Schutz: Aktiviert 29.09.2007 16:31:57 mbam-log-2007-09-29 (16-31-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203061 Laufzeit: 10 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\hp\Downloads\SoftonicDownloader_fuer_openoffice.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\hp\Downloads\SoftonicDownloader_fuer_windows-media-player-plugin.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2007-10-02 10:29:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909
Running: gmer.exe; Driver: C:\Users\hp\AppData\Local\Temp\pxldipoc.sys
---- System - GMER 1.0.15 ----
SSDT A00B6406 ZwCreateSection
SSDT A00B640B ZwSetContextThread
SSDT A00B63A7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824E88D8 4 Bytes [06, 64, 0B, A0]
.text ntkrnlpa.exe!KeSetEvent + 56D 824E8C30 4 Bytes [0B, 64, 0B, A0] {OR ESP, [EBX+ECX-0x60]}
.text ntkrnlpa.exe!KeSetEvent + 621 824E8CE4 4 Bytes [A7, 63, 0B, A0]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9EE0A000, 0x3C12C5, 0xE8000020]
C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xAFB1941C]
.clc C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xAFB1A000, 0x1000, 0xE0000020]
---- Threads - GMER 1.0.15 ----
Thread System [4:288] 9FB73CC7
Thread System [4:292] 9FB6F488
Thread System [4:300] 9FB73CC7
Thread System [4:308] 9FB73CC7
---- EOF - GMER 1.0.15 ----
bei EOF hab ich den Suchlauf abgebrochen, wie geschrieben, nach 30h! Hoffe jetzt kannst du konkreter werden  |
|
03.10.2012, 21:29
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack?Zitat:
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.10.2012, 21:16
| #5 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus, hat alles länger gedauert, Labtop hatte Urlaub So der aktuelle Maleware log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.09.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 hp :: HP-PC [Administrator] Schutz: Aktiviert 09.10.2012 12:29:46 mbam-log-2012-10-09 (12-29-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 653856 Laufzeit: 4 Stunde(n), 13 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f34617fb111f946a38a4c46d65d89f7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-11 07:57:16
# local_time=2012-10-11 09:57:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 7144302 158959295 759870 0
# compatibility_mode=5892 16776573 100 100 0 187497409 0 0
# compatibility_mode=8192 67108863 100 0 263 263 0 0
# scanned=464033
# found=0
# cleaned=0
# scan_time=20755
Bestimmt kannst du zwischen den Zeilen lesen und mehr erkennen als ich |
|
12.10.2012, 10:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? |
|
23.10.2012, 14:10
| #7 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus: der Inhalt der Log-Datei lautet: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 23/10/2012 um 15:06:21 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : hp - HP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\hp\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\hp\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.1.1532.0
Datei : C:\Users\hp\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1093 octets] - [23/10/2012 15:06:21]
########## EOF - C:\AdwCleaner[R1].txt - [1153 octets] ##########
-was nu? |
|
23.10.2012, 20:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2012, 19:02
| #9 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus, ...ADWcleaner nochmals durchgeführt, ähnliches Ergebnis. Code:
ATTFilter # AdwCleaner v2.005 - Datei am 04/11/2012 um 18:54:35 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : hp - HP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\hp\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\hp\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.1.1532.0
Datei : C:\Users\hp\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1222 octets] - [23/10/2012 14:06:21]
AdwCleaner[R2].txt - [1153 octets] - [04/11/2012 18:54:36]
########## EOF - C:\AdwCleaner[R2].txt - [1213 octets] ##########
 |
|
05.11.2012, 12:26
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.11.2012, 15:17
| #11 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus, danke, da hat sich was getan. Also aswMBR Log folgt: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-05 13:56:42
-----------------------------
13:56:42.685 OS Version: Windows 6.0.6002 Service Pack 2
13:56:42.685 Number of processors: 2 586 0x301
13:56:42.686 ComputerName: HP-PC UserName: hp
13:56:44.552 Initialize success
13:56:58.950 AVAST engine defs: 12110500
13:57:03.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:57:03.410 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
13:57:03.440 Disk 0 MBR read successfully
13:57:03.451 Disk 0 MBR scan
13:57:03.507 Disk 0 unknown MBR code
13:57:03.516 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294390 MB offset 63
13:57:03.552 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10851 MB offset 602912768
13:57:03.587 Disk 0 scanning sectors +625135616
13:57:03.702 Disk 0 scanning C:\Windows\system32\drivers
13:57:24.901 Service scanning
13:58:03.878 Modules scanning
13:58:13.845 Disk 0 trace - called modules:
13:58:13.871 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:58:13.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86060350]
13:58:13.887 3 CLASSPNP.SYS[807a18b3] -> nt!IofCallDriver -> [0x86060d48]
13:58:13.893 5 hpdskflt.sys[8b7abf05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86042030]
13:58:15.999 AVAST engine scan C:\Windows
13:58:19.533 AVAST engine scan C:\Windows\system32
14:03:06.641 AVAST engine scan C:\Windows\system32\drivers
14:03:25.834 AVAST engine scan C:\Users\hp
14:25:04.113 AVAST engine scan C:\ProgramData
14:28:53.416 Scan finished successfully
14:53:53.789 Disk 0 MBR has been saved successfully to "C:\Users\hp\Desktop\MBR.dat"
14:53:53.795 The log file has been saved successfully to "C:\Users\hp\Desktop\aswMBR_Log.txt"
-und ich hatte sogar bei manch dieser Programme im Taskmanager meine Bedenken. Der Log vom TDSS-Killer Code:
ATTFilter 15:06:27.0717 3628 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:06:27.0750 3628 ============================================================
15:06:27.0750 3628 Current date / time: 2012/11/05 15:06:27.0750
15:06:27.0750 3628 SystemInfo:
15:06:27.0750 3628
15:06:27.0751 3628 OS Version: 6.0.6002 ServicePack: 2.0
15:06:27.0751 3628 Product type: Workstation
15:06:27.0751 3628 ComputerName: HP-PC
15:06:27.0751 3628 UserName: hp
15:06:27.0751 3628 Windows directory: C:\Windows
15:06:27.0751 3628 System windows directory: C:\Windows
15:06:27.0751 3628 Processor architecture: Intel x86
15:06:27.0751 3628 Number of processors: 2
15:06:27.0751 3628 Page size: 0x1000
15:06:27.0751 3628 Boot type: Normal boot
15:06:27.0751 3628 ============================================================
15:06:29.0581 3628 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:06:29.0640 3628 ============================================================
15:06:29.0640 3628 \Device\Harddisk0\DR0:
15:06:29.0654 3628 MBR partitions:
15:06:29.0654 3628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23EFB7C1
15:06:29.0654 3628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23EFB800, BlocksNum 0x1531800
15:06:29.0654 3628 ============================================================
15:06:29.0813 3628 C: <-> \Device\Harddisk0\DR0\Partition1
15:06:30.0042 3628 D: <-> \Device\Harddisk0\DR0\Partition2
15:06:30.0042 3628 ============================================================
15:06:30.0043 3628 Initialize success
15:06:30.0043 3628 ============================================================
15:07:12.0857 4284 ============================================================
15:07:12.0857 4284 Scan started
15:07:12.0857 4284 Mode: Manual; SigCheck; TDLFS;
15:07:12.0857 4284 ============================================================
15:07:13.0479 4284 ================ Scan system memory ========================
15:07:13.0479 4284 System memory - ok
15:07:13.0480 4284 ================ Scan services =============================
15:07:13.0706 4284 [ 3B10711AD8656C097E0D16A41B29C54C ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:07:13.0947 4284 Accelerometer - ok
15:07:14.0020 4284 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:07:14.0051 4284 ACPI - ok
15:07:14.0126 4284 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
15:07:14.0137 4284 adfs - ok
15:07:14.0184 4284 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:07:14.0229 4284 adp94xx - ok
15:07:14.0257 4284 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:07:14.0284 4284 adpahci - ok
15:07:14.0300 4284 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:07:14.0321 4284 adpu160m - ok
15:07:14.0339 4284 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:07:14.0367 4284 adpu320 - ok
15:07:14.0409 4284 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:07:14.0561 4284 AeLookupSvc - ok
15:07:14.0690 4284 [ 3B1B2EE9DF189F6BBB080BF393D1B2EE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
15:07:14.0744 4284 AESTFilters - ok
15:07:14.0841 4284 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:07:14.0942 4284 AFD - ok
15:07:14.0991 4284 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:07:15.0032 4284 agp440 - ok
15:07:15.0074 4284 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:07:15.0105 4284 aic78xx - ok
15:07:15.0161 4284 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:07:15.0734 4284 ALG - ok
15:07:15.0760 4284 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:07:15.0791 4284 aliide - ok
15:07:16.0081 4284 ALSysIO - ok
15:07:16.0211 4284 [ EC98CA8298F67926FA50876348534B1D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:07:16.0395 4284 AMD External Events Utility - ok
15:07:16.0697 4284 AMD FUEL Service - ok
15:07:16.0799 4284 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:07:16.0862 4284 amdagp - ok
15:07:16.0907 4284 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
15:07:16.0936 4284 amdide - ok
15:07:17.0080 4284 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
15:07:17.0171 4284 amdiox86 - ok
15:07:17.0276 4284 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:07:17.0388 4284 AmdK7 - ok
15:07:17.0419 4284 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:07:17.0495 4284 AmdK8 - ok
15:07:18.0280 4284 [ 65B44179CF184B08E86097BFFBF03F24 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:07:19.0727 4284 amdkmdag - ok
15:07:19.0786 4284 [ 5E1C65524FF1713711CE27879D813384 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:07:19.0845 4284 amdkmdap - ok
15:07:20.0046 4284 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:07:20.0068 4284 AntiVirSchedulerService - ok
15:07:20.0181 4284 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:07:20.0195 4284 AntiVirService - ok
15:07:20.0271 4284 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:07:20.0312 4284 Appinfo - ok
15:07:20.0492 4284 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:07:20.0505 4284 Apple Mobile Device - ok
15:07:20.0543 4284 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:07:20.0578 4284 arc - ok
15:07:20.0616 4284 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:07:20.0643 4284 arcsas - ok
15:07:20.0683 4284 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:20.0826 4284 AsyncMac - ok
15:07:20.0932 4284 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:07:20.0957 4284 atapi - ok
15:07:21.0326 4284 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
15:07:21.0883 4284 athr - ok
15:07:22.0449 4284 [ 9F7CCF1D6FAF646F71F029A30DED2DC7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
15:07:22.0548 4284 AtiHDAudioService - ok
15:07:22.0901 4284 [ 65B44179CF184B08E86097BFFBF03F24 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:07:24.0349 4284 atikmdag - ok
15:07:24.0442 4284 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:07:24.0466 4284 AtiPcie - ok
15:07:24.0616 4284 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:07:24.0700 4284 AudioEndpointBuilder - ok
15:07:24.0719 4284 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:07:24.0769 4284 Audiosrv - ok
15:07:24.0794 4284 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:07:24.0807 4284 avgntflt - ok
15:07:24.0877 4284 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:07:24.0891 4284 avipbb - ok
15:07:26.0830 4284 [ 584F96E8CA59F2EC987E8FD6712D666E ] BBDemon C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
15:07:39.0440 4284 BBDemon ( UnsignedFile.Multi.Generic ) - warning
15:07:39.0440 4284 BBDemon - detected UnsignedFile.Multi.Generic (1)
15:07:39.0979 4284 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:07:40.0122 4284 Beep - ok
15:07:40.0194 4284 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:07:40.0274 4284 BFE - ok
15:07:40.0355 4284 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:07:40.0501 4284 BITS - ok
15:07:40.0558 4284 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:07:40.0621 4284 blbdrive - ok
15:07:40.0663 4284 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:07:40.0726 4284 bowser - ok
15:07:40.0762 4284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:07:40.0829 4284 BrFiltLo - ok
15:07:40.0864 4284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:07:40.0922 4284 BrFiltUp - ok
15:07:40.0973 4284 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:07:41.0079 4284 Browser - ok
15:07:41.0129 4284 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:07:41.0462 4284 Brserid - ok
15:07:41.0500 4284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:07:41.0596 4284 BrSerWdm - ok
15:07:41.0618 4284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:07:41.0687 4284 BrUsbMdm - ok
15:07:41.0705 4284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:07:41.0842 4284 BrUsbSer - ok
15:07:41.0871 4284 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:07:41.0948 4284 BTHMODEM - ok
15:07:41.0981 4284 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:07:42.0018 4284 cdfs - ok
15:07:42.0053 4284 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:07:42.0089 4284 cdrom - ok
15:07:42.0133 4284 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:07:42.0168 4284 CertPropSvc - ok
15:07:42.0188 4284 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:07:42.0240 4284 circlass - ok
15:07:42.0307 4284 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:07:42.0339 4284 CLFS - ok
15:07:42.0446 4284 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:07:42.0460 4284 clr_optimization_v2.0.50727_32 - ok
15:07:42.0553 4284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:07:42.0578 4284 clr_optimization_v4.0.30319_32 - ok
15:07:42.0630 4284 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:07:42.0698 4284 CmBatt - ok
15:07:42.0724 4284 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:07:42.0749 4284 cmdide - ok
15:07:42.0860 4284 [ FE107B05292297F3FE095ADC67CD0095 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:07:42.0900 4284 Com4QLBEx - ok
15:07:42.0942 4284 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:07:42.0992 4284 Compbatt - ok
15:07:43.0013 4284 COMSysApp - ok
15:07:43.0049 4284 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:07:43.0083 4284 crcdisk - ok
15:07:43.0108 4284 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:07:43.0165 4284 Crusoe - ok
15:07:43.0199 4284 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:07:43.0240 4284 CryptSvc - ok
15:07:43.0324 4284 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:07:43.0402 4284 DcomLaunch - ok
15:07:43.0454 4284 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:07:43.0508 4284 DfsC - ok
15:07:43.0630 4284 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:07:43.0864 4284 DFSR - ok
15:07:43.0936 4284 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:07:44.0024 4284 Dhcp - ok
15:07:44.0095 4284 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:07:44.0124 4284 disk - ok
15:07:44.0174 4284 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:07:44.0240 4284 Dnscache - ok
15:07:44.0315 4284 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:07:44.0390 4284 dot3svc - ok
15:07:44.0436 4284 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:07:44.0529 4284 DPS - ok
15:07:44.0577 4284 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:07:44.0684 4284 drmkaud - ok
15:07:44.0778 4284 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:07:44.0875 4284 DXGKrnl - ok
15:07:44.0942 4284 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:07:45.0079 4284 E1G60 - ok
15:07:45.0129 4284 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:07:45.0227 4284 EapHost - ok
15:07:45.0292 4284 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:07:45.0336 4284 Ecache - ok
15:07:45.0452 4284 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:07:45.0509 4284 ehRecvr - ok
15:07:45.0535 4284 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:07:45.0590 4284 ehSched - ok
15:07:45.0626 4284 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:07:45.0689 4284 ehstart - ok
15:07:45.0730 4284 [ 44996A2ADDD2DB7454F2CA40B67D8941 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
15:07:45.0781 4284 ElbyCDIO - ok
15:07:45.0937 4284 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:07:46.0054 4284 elxstor - ok
15:07:46.0165 4284 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:07:46.0277 4284 EMDMgmt - ok
15:07:46.0327 4284 [ 004B2EA6CC2598EC5F0552E43CE29CEF ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:07:46.0393 4284 enecir - ok
15:07:46.0431 4284 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:07:46.0525 4284 ErrDev - ok
15:07:46.0594 4284 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:07:46.0644 4284 EventSystem - ok
15:07:46.0706 4284 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:07:46.0774 4284 exfat - ok
15:07:46.0831 4284 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
15:07:46.0876 4284 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
15:07:46.0876 4284 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
15:07:46.0897 4284 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:07:46.0951 4284 fastfat - ok
15:07:46.0981 4284 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:07:47.0071 4284 fdc - ok
15:07:47.0096 4284 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:07:47.0127 4284 fdPHost - ok
15:07:47.0159 4284 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:07:47.0255 4284 FDResPub - ok
15:07:47.0300 4284 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:07:47.0314 4284 FileInfo - ok
15:07:47.0345 4284 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:07:47.0405 4284 Filetrace - ok
15:07:47.0564 4284 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:07:47.0649 4284 FLEXnet Licensing Service - ok
15:07:47.0745 4284 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:07:47.0860 4284 flpydisk - ok
15:07:47.0936 4284 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:07:48.0001 4284 FltMgr - ok
15:07:48.0110 4284 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:07:48.0202 4284 FontCache - ok
15:07:48.0365 4284 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:07:48.0398 4284 FontCache3.0.0.0 - ok
15:07:48.0484 4284 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:07:48.0563 4284 Fs_Rec - ok
15:07:48.0636 4284 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:07:48.0667 4284 gagp30kx - ok
15:07:49.0027 4284 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
15:07:49.0095 4284 GameConsoleService - ok
15:07:49.0193 4284 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:07:49.0244 4284 GEARAspiWDM - ok
15:07:49.0471 4284 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:07:49.0632 4284 gpsvc - ok
15:07:49.0731 4284 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:07:49.0795 4284 HdAudAddService - ok
15:07:49.0958 4284 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:07:50.0112 4284 HDAudBus - ok
15:07:50.0240 4284 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:07:50.0488 4284 HidBth - ok
15:07:50.0630 4284 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:07:50.0778 4284 HidIr - ok
15:07:50.0872 4284 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:07:50.0979 4284 hidserv - ok
15:07:51.0068 4284 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:07:51.0181 4284 HidUsb - ok
15:07:51.0286 4284 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:07:51.0425 4284 hkmsvc - ok
15:07:51.0501 4284 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:07:51.0522 4284 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:07:51.0522 4284 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:07:51.0540 4284 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:07:51.0571 4284 HpCISSs - ok
15:07:51.0622 4284 [ 24F3F496C18EFC234777723A67A85F81 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:07:51.0641 4284 hpdskflt - ok
15:07:51.0688 4284 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:07:51.0763 4284 HpqKbFiltr - ok
15:07:51.0919 4284 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:07:51.0965 4284 hpqwmiex - ok
15:07:52.0006 4284 [ 6D0AC28C5BD8D8495F83F5929A45E559 ] hpsrv C:\Windows\system32\Hpservice.exe
15:07:52.0075 4284 hpsrv - ok
15:07:52.0214 4284 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:07:52.0357 4284 HTTP - ok
15:07:52.0407 4284 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:07:52.0485 4284 i2omp - ok
15:07:52.0545 4284 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:07:52.0634 4284 i8042prt - ok
15:07:52.0685 4284 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:07:52.0750 4284 iaStorV - ok
15:07:52.0818 4284 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:07:52.0848 4284 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:07:52.0848 4284 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:07:52.0966 4284 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:07:53.0044 4284 idsvc - ok
15:07:53.0120 4284 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:07:53.0145 4284 iirsp - ok
15:07:53.0206 4284 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:07:53.0350 4284 IKEEXT - ok
15:07:53.0451 4284 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
15:07:53.0477 4284 intelide - ok
15:07:53.0510 4284 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:07:53.0562 4284 intelppm - ok
15:07:53.0603 4284 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:07:53.0691 4284 IPBusEnum - ok
15:07:53.0719 4284 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:07:53.0788 4284 IpFilterDriver - ok
15:07:53.0903 4284 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:07:54.0013 4284 iphlpsvc - ok
15:07:54.0019 4284 IpInIp - ok
15:07:54.0114 4284 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:07:54.0244 4284 IPMIDRV - ok
15:07:54.0282 4284 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:07:54.0340 4284 IPNAT - ok
15:07:54.0607 4284 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:07:54.0648 4284 iPod Service - ok
15:07:54.0711 4284 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:07:54.0790 4284 IRENUM - ok
15:07:54.0837 4284 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:07:54.0878 4284 isapnp - ok
15:07:54.0941 4284 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:07:54.0974 4284 iScsiPrt - ok
15:07:55.0006 4284 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:07:55.0020 4284 iteatapi - ok
15:07:55.0046 4284 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:07:55.0060 4284 iteraid - ok
15:07:55.0103 4284 [ A69A1B991824B98F744913555F665893 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
15:07:55.0149 4284 JMCR - ok
15:07:55.0212 4284 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:07:55.0226 4284 kbdclass - ok
15:07:55.0292 4284 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:07:55.0360 4284 kbdhid - ok
15:07:55.0411 4284 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:07:55.0491 4284 KeyIso - ok
15:07:55.0574 4284 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:07:55.0721 4284 KSecDD - ok
15:07:55.0764 4284 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:07:55.0866 4284 KtmRm - ok
15:07:55.0897 4284 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:07:55.0997 4284 LanmanServer - ok
15:07:56.0131 4284 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:07:56.0217 4284 LanmanWorkstation - ok
15:07:56.0301 4284 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:07:56.0339 4284 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:07:56.0339 4284 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:07:56.0388 4284 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:07:56.0515 4284 lltdio - ok
15:07:56.0604 4284 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:07:56.0756 4284 lltdsvc - ok
15:07:56.0794 4284 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:07:56.0848 4284 lmhosts - ok
15:07:56.0894 4284 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:07:56.0931 4284 LSI_FC - ok
15:07:56.0973 4284 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:07:56.0995 4284 LSI_SAS - ok
15:07:57.0039 4284 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:07:57.0056 4284 LSI_SCSI - ok
15:07:57.0070 4284 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:07:57.0115 4284 luafv - ok
15:07:57.0182 4284 [ CA020DB361524D1182138EFEAA8CF8F3 ] LUMDriver C:\Windows\system32\drivers\LUMDriver.sys
15:07:57.0200 4284 LUMDriver - ok
15:07:57.0283 4284 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:07:57.0315 4284 MBAMProtector - ok
15:07:57.0496 4284 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:07:57.0566 4284 MBAMScheduler - ok
15:07:57.0603 4284 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:07:57.0646 4284 MBAMService - ok
15:07:57.0708 4284 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:07:57.0759 4284 Mcx2Svc - ok
15:07:57.0808 4284 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:07:57.0835 4284 megasas - ok
15:07:57.0876 4284 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:07:57.0957 4284 MegaSR - ok
15:07:58.0051 4284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:07:58.0178 4284 MMCSS - ok
15:07:58.0212 4284 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:07:58.0306 4284 Modem - ok
15:07:58.0396 4284 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:07:58.0518 4284 monitor - ok
15:07:58.0566 4284 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:07:58.0654 4284 mouclass - ok
15:07:58.0695 4284 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:07:58.0830 4284 mouhid - ok
15:07:58.0873 4284 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:07:58.0902 4284 MountMgr - ok
15:07:58.0971 4284 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:07:59.0002 4284 mpio - ok
15:07:59.0056 4284 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:07:59.0200 4284 mpsdrv - ok
15:07:59.0561 4284 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:07:59.0728 4284 MpsSvc - ok
15:07:59.0844 4284 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:07:59.0903 4284 Mraid35x - ok
15:07:59.0942 4284 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:08:00.0033 4284 MRxDAV - ok
15:08:00.0111 4284 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:00.0216 4284 mrxsmb - ok
15:08:00.0360 4284 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:00.0471 4284 mrxsmb10 - ok
15:08:00.0558 4284 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:00.0639 4284 mrxsmb20 - ok
15:08:00.0759 4284 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
15:08:00.0809 4284 msahci - ok
15:08:00.0940 4284 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:08:00.0967 4284 msdsm - ok
15:08:01.0017 4284 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:08:01.0126 4284 MSDTC - ok
15:08:01.0181 4284 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:08:01.0271 4284 Msfs - ok
15:08:01.0332 4284 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:08:01.0359 4284 msisadrv - ok
15:08:01.0482 4284 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:08:01.0598 4284 MSiSCSI - ok
15:08:01.0615 4284 msiserver - ok
15:08:01.0663 4284 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:08:01.0783 4284 MSKSSRV - ok
15:08:01.0812 4284 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:01.0947 4284 MSPCLOCK - ok
15:08:02.0015 4284 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:08:02.0117 4284 MSPQM - ok
15:08:02.0167 4284 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:08:02.0203 4284 MsRPC - ok
15:08:02.0247 4284 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:08:02.0262 4284 mssmbios - ok
15:08:02.0292 4284 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:08:02.0399 4284 MSTEE - ok
15:08:02.0441 4284 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:08:02.0483 4284 Mup - ok
15:08:02.0583 4284 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:08:02.0691 4284 napagent - ok
15:08:02.0746 4284 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:08:02.0815 4284 NativeWifiP - ok
15:08:02.0865 4284 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:08:02.0928 4284 NDIS - ok
15:08:02.0974 4284 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:03.0013 4284 NdisTapi - ok
15:08:03.0065 4284 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:03.0143 4284 Ndisuio - ok
15:08:03.0159 4284 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:03.0203 4284 NdisWan - ok
15:08:03.0233 4284 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:08:03.0255 4284 NDProxy - ok
15:08:03.0273 4284 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:08:03.0328 4284 NetBIOS - ok
15:08:03.0370 4284 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:08:03.0426 4284 netbt - ok
15:08:03.0437 4284 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:08:03.0463 4284 Netlogon - ok
15:08:03.0497 4284 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:08:03.0593 4284 Netman - ok
15:08:03.0625 4284 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:08:03.0695 4284 netprofm - ok
15:08:03.0727 4284 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:08:03.0752 4284 NetTcpPortSharing - ok
15:08:04.0040 4284 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:08:04.0286 4284 NETw3v32 - ok
15:08:04.0320 4284 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:08:04.0344 4284 nfrd960 - ok
15:08:04.0544 4284 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:08:04.0700 4284 NlaSvc - ok
15:08:04.0808 4284 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:08:04.0954 4284 Npfs - ok
15:08:05.0018 4284 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:08:05.0146 4284 nsi - ok
15:08:05.0233 4284 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:08:05.0367 4284 nsiproxy - ok
15:08:05.0538 4284 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:08:05.0643 4284 Ntfs - ok
15:08:05.0698 4284 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:08:05.0858 4284 ntrigdigi - ok
15:08:05.0889 4284 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:08:05.0977 4284 Null - ok
15:08:06.0022 4284 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:08:06.0038 4284 nvraid - ok
15:08:06.0077 4284 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:08:06.0104 4284 nvstor - ok
15:08:06.0249 4284 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:08:06.0295 4284 nv_agp - ok
15:08:06.0312 4284 NwlnkFlt - ok
15:08:06.0332 4284 NwlnkFwd - ok
15:08:06.0601 4284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:08:06.0726 4284 odserv - ok
15:08:06.0817 4284 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:08:06.0933 4284 ohci1394 - ok
15:08:07.0048 4284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:08:07.0091 4284 ose - ok
15:08:07.0202 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:08:07.0372 4284 p2pimsvc - ok
15:08:07.0565 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:08:07.0662 4284 p2psvc - ok
15:08:07.0729 4284 [ 2F886A56D520F872E7E4BA9423A9B07B ] papycpu C:\Windows\system32\drivers\papycpu.sys
15:08:07.0778 4284 papycpu ( UnsignedFile.Multi.Generic ) - warning
15:08:07.0778 4284 papycpu - detected UnsignedFile.Multi.Generic (1)
15:08:07.0827 4284 [ B2FCE3DF242EAAA317FA2E4946D26A03 ] papycpu2 C:\Windows\system32\drivers\papycpu2.sys
15:08:07.0854 4284 papycpu2 ( UnsignedFile.Multi.Generic ) - warning
15:08:07.0854 4284 papycpu2 - detected UnsignedFile.Multi.Generic (1)
15:08:07.0957 4284 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:08:08.0108 4284 Parport - ok
15:08:08.0172 4284 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:08:08.0195 4284 partmgr - ok
15:08:08.0280 4284 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:08:08.0384 4284 Parvdm - ok
15:08:08.0498 4284 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:08:08.0551 4284 PcaSvc - ok
15:08:08.0611 4284 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:08:08.0646 4284 pci - ok
15:08:08.0692 4284 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
15:08:08.0715 4284 pciide - ok
15:08:08.0782 4284 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:08:08.0812 4284 pcmcia - ok
15:08:08.0855 4284 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:08:08.0972 4284 PEAUTH - ok
15:08:09.0329 4284 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:08:09.0553 4284 pla - ok
15:08:09.0751 4284 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:08:09.0961 4284 PlugPlay - ok
15:08:10.0043 4284 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
15:08:10.0081 4284 PnkBstrA - ok
15:08:10.0196 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:08:10.0253 4284 PNRPAutoReg - ok
15:08:10.0318 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:08:10.0362 4284 PNRPsvc - ok
15:08:10.0416 4284 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:08:10.0548 4284 PolicyAgent - ok
15:08:10.0618 4284 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:08:10.0683 4284 PptpMiniport - ok
15:08:10.0709 4284 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:08:10.0747 4284 Processor - ok
15:08:10.0837 4284 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:08:10.0892 4284 ProfSvc - ok
15:08:10.0926 4284 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:08:10.0947 4284 ProtectedStorage - ok
15:08:10.0996 4284 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:08:11.0046 4284 PSched - ok
15:08:11.0129 4284 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:08:11.0195 4284 ql2300 - ok
15:08:11.0219 4284 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:08:11.0262 4284 ql40xx - ok
15:08:11.0298 4284 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:08:11.0341 4284 QWAVE - ok
15:08:11.0358 4284 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:08:11.0378 4284 QWAVEdrv - ok
15:08:11.0395 4284 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:08:11.0451 4284 RasAcd - ok
15:08:11.0486 4284 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:08:11.0572 4284 RasAuto - ok
15:08:11.0593 4284 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:08:11.0628 4284 Rasl2tp - ok
15:08:11.0670 4284 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:08:11.0764 4284 RasMan - ok
15:08:11.0794 4284 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:08:11.0852 4284 RasPppoe - ok
15:08:11.0876 4284 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:08:11.0918 4284 RasSstp - ok
15:08:11.0961 4284 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:08:12.0014 4284 rdbss - ok
15:08:12.0050 4284 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:08:12.0121 4284 RDPCDD - ok
15:08:12.0156 4284 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:08:12.0201 4284 rdpdr - ok
15:08:12.0211 4284 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:08:12.0249 4284 RDPENCDD - ok
15:08:12.0367 4284 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:08:12.0431 4284 RDPWD - ok
15:08:12.0611 4284 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
15:08:12.0682 4284 Recovery Service for Windows - ok
15:08:12.0724 4284 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:08:12.0818 4284 RemoteAccess - ok
15:08:12.0864 4284 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:08:12.0918 4284 RemoteRegistry - ok
15:08:13.0026 4284 [ 2CDCD18EE6EAD0FFF4530D6FBDEE6EAC ] RetroLauncher C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe
15:08:13.0038 4284 RetroLauncher - ok
15:08:13.0628 4284 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
15:08:13.0693 4284 RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:08:13.0694 4284 RichVideo - detected UnsignedFile.Multi.Generic (1)
15:08:13.0802 4284 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:08:13.0899 4284 RpcLocator - ok
15:08:14.0015 4284 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:08:14.0154 4284 RpcSs - ok
15:08:14.0260 4284 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:08:14.0397 4284 rspndr - ok
15:08:14.0508 4284 [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
15:08:14.0599 4284 RTL8169 - ok
15:08:14.0637 4284 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:08:14.0669 4284 SamSs - ok
15:08:14.0815 4284 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:08:14.0867 4284 sbp2port - ok
15:08:14.0980 4284 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:08:15.0079 4284 SCardSvr - ok
15:08:15.0442 4284 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:08:15.0558 4284 Schedule - ok
15:08:15.0616 4284 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:08:15.0699 4284 SCPolicySvc - ok
15:08:15.0773 4284 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:08:15.0926 4284 sdbus - ok
15:08:15.0976 4284 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:08:16.0012 4284 SDRSVC - ok
15:08:16.0060 4284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:08:16.0193 4284 secdrv - ok
15:08:16.0236 4284 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:08:16.0300 4284 seclogon - ok
15:08:16.0348 4284 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:08:16.0424 4284 SENS - ok
15:08:16.0490 4284 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:08:16.0661 4284 Serenum - ok
15:08:16.0708 4284 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:08:16.0866 4284 Serial - ok
15:08:16.0911 4284 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:08:16.0957 4284 sermouse - ok
15:08:17.0010 4284 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:08:17.0066 4284 SessionEnv - ok
15:08:17.0116 4284 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:08:17.0166 4284 sffdisk - ok
15:08:17.0193 4284 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:08:17.0283 4284 sffp_mmc - ok
15:08:17.0344 4284 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:08:17.0425 4284 sffp_sd - ok
15:08:17.0459 4284 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:08:17.0537 4284 sfloppy - ok
15:08:17.0757 4284 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:08:17.0912 4284 SharedAccess - ok
15:08:18.0000 4284 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:08:18.0093 4284 ShellHWDetection - ok
15:08:18.0177 4284 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:08:18.0231 4284 sisagp - ok
15:08:18.0289 4284 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:08:18.0304 4284 SiSRaid2 - ok
15:08:18.0364 4284 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:08:18.0383 4284 SiSRaid4 - ok
15:08:18.0538 4284 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:08:18.0553 4284 SkypeUpdate - ok
15:08:19.0086 4284 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:08:19.0389 4284 slsvc - ok
15:08:19.0433 4284 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:08:19.0517 4284 SLUINotify - ok
15:08:19.0556 4284 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:08:19.0580 4284 Smb - ok
15:08:19.0623 4284 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:08:19.0651 4284 SNMPTRAP - ok
15:08:19.0728 4284 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:08:19.0743 4284 spldr - ok
15:08:19.0794 4284 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:08:19.0840 4284 Spooler - ok
15:08:19.0925 4284 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:08:19.0975 4284 srv - ok
15:08:20.0076 4284 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:08:20.0153 4284 srv2 - ok
15:08:20.0226 4284 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:08:20.0295 4284 srvnet - ok
15:08:20.0395 4284 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:08:20.0517 4284 SSDPSRV - ok
15:08:20.0591 4284 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:08:20.0612 4284 ssmdrv - ok
15:08:20.0684 4284 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:08:20.0749 4284 SstpSvc - ok
15:08:21.0532 4284 [ CF7DF19EC6EEE8D51B7FCCF4AAE93906 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
15:08:21.0625 4284 STacSV - ok
15:08:21.0682 4284 Steam Client Service - ok
15:08:21.0760 4284 [ 87A094CA41BC86CE430DF0ED0C846DC8 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
15:08:21.0870 4284 STHDA - ok
15:08:21.0931 4284 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:08:22.0078 4284 stisvc - ok
15:08:22.0167 4284 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:08:22.0233 4284 swenum - ok
15:08:22.0394 4284 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:08:22.0525 4284 swprv - ok
15:08:22.0574 4284 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:08:22.0641 4284 Symc8xx - ok
15:08:22.0681 4284 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:08:22.0730 4284 Sym_hi - ok
15:08:22.0756 4284 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:08:22.0792 4284 Sym_u3 - ok
15:08:22.0877 4284 [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:08:22.0913 4284 SynTP - ok
15:08:23.0002 4284 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:08:23.0144 4284 SysMain - ok
15:08:23.0233 4284 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:08:23.0309 4284 TabletInputService - ok
15:08:23.0362 4284 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:08:23.0425 4284 TapiSrv - ok
15:08:23.0447 4284 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:08:23.0558 4284 TBS - ok
15:08:23.0819 4284 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:08:23.0927 4284 Tcpip - ok
15:08:23.0997 4284 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:08:24.0065 4284 Tcpip6 - ok
15:08:24.0121 4284 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:08:24.0150 4284 tcpipreg - ok
15:08:24.0226 4284 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:08:24.0286 4284 TDPIPE - ok
15:08:24.0340 4284 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:08:24.0391 4284 TDTCP - ok
15:08:24.0430 4284 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:08:24.0464 4284 tdx - ok
15:08:24.0502 4284 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:08:24.0519 4284 TermDD - ok
15:08:24.0600 4284 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:08:24.0700 4284 TermService - ok
15:08:24.0748 4284 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:08:24.0780 4284 Themes - ok
15:08:24.0810 4284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:08:24.0845 4284 THREADORDER - ok
15:08:24.0915 4284 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:08:25.0032 4284 TrkWks - ok
15:08:25.0178 4284 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:08:25.0248 4284 TrustedInstaller - ok
15:08:25.0315 4284 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:08:25.0404 4284 tssecsrv - ok
15:08:25.0447 4284 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:08:25.0488 4284 tunmp - ok
15:08:25.0529 4284 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:08:25.0569 4284 tunnel - ok
15:08:25.0601 4284 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:08:25.0644 4284 uagp35 - ok
15:08:25.0698 4284 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:08:25.0766 4284 udfs - ok
15:08:25.0837 4284 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:08:25.0924 4284 UI0Detect - ok
15:08:25.0974 4284 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:08:25.0996 4284 uliagpkx - ok
15:08:26.0043 4284 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:08:26.0089 4284 uliahci - ok
15:08:26.0118 4284 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:08:26.0132 4284 UlSata - ok
15:08:26.0194 4284 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:08:26.0224 4284 ulsata2 - ok
15:08:26.0252 4284 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:08:26.0286 4284 umbus - ok
15:08:26.0416 4284 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:08:26.0571 4284 upnphost - ok
15:08:26.0641 4284 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:08:26.0686 4284 USBAAPL - ok
15:08:26.0734 4284 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:08:26.0779 4284 usbaudio - ok
15:08:26.0845 4284 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:08:26.0928 4284 usbccgp - ok
15:08:26.0957 4284 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:08:27.0066 4284 usbcir - ok
15:08:27.0133 4284 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:08:27.0179 4284 usbehci - ok
15:08:27.0221 4284 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:08:27.0244 4284 usbfilter - ok
15:08:27.0277 4284 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:08:27.0330 4284 usbhub - ok
15:08:27.0368 4284 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:08:27.0419 4284 usbohci - ok
15:08:27.0481 4284 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:08:27.0589 4284 usbprint - ok
15:08:27.0653 4284 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:08:27.0720 4284 USBSTOR - ok
15:08:27.0810 4284 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:08:27.0869 4284 usbuhci - ok
15:08:27.0910 4284 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:08:27.0974 4284 usbvideo - ok
15:08:28.0012 4284 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:08:28.0067 4284 UxSms - ok
15:08:28.0109 4284 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
15:08:28.0148 4284 VClone - ok
15:08:28.0189 4284 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:08:28.0263 4284 vds - ok
15:08:28.0312 4284 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:08:28.0340 4284 vga - ok
15:08:28.0370 4284 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:08:28.0407 4284 VgaSave - ok
15:08:28.0437 4284 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:08:28.0468 4284 viaagp - ok
15:08:28.0495 4284 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:08:28.0524 4284 ViaC7 - ok
15:08:28.0555 4284 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
15:08:28.0569 4284 viaide - ok
15:08:28.0585 4284 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:08:28.0600 4284 volmgr - ok
15:08:28.0643 4284 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:08:28.0676 4284 volmgrx - ok
15:08:28.0714 4284 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:08:28.0738 4284 volsnap - ok
15:08:28.0771 4284 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:08:28.0801 4284 vsmraid - ok
15:08:28.0966 4284 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:08:29.0150 4284 VSS - ok
15:08:29.0253 4284 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:08:29.0358 4284 W32Time - ok
15:08:29.0411 4284 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:08:29.0587 4284 WacomPen - ok
15:08:29.0616 4284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:08:29.0691 4284 Wanarp - ok
15:08:29.0700 4284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:08:29.0740 4284 Wanarpv6 - ok
15:08:29.0812 4284 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:08:29.0853 4284 wcncsvc - ok
15:08:29.0890 4284 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:08:29.0951 4284 WcsPlugInService - ok
15:08:30.0012 4284 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:08:30.0047 4284 Wd - ok
15:08:30.0084 4284 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:08:30.0142 4284 Wdf01000 - ok
15:08:30.0179 4284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:08:30.0279 4284 WdiServiceHost - ok
15:08:30.0291 4284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:08:30.0352 4284 WdiSystemHost - ok
15:08:30.0394 4284 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:08:30.0438 4284 WebClient - ok
15:08:30.0493 4284 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:08:30.0544 4284 Wecsvc - ok
15:08:30.0584 4284 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:08:30.0660 4284 wercplsupport - ok
15:08:30.0705 4284 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:08:30.0752 4284 WerSvc - ok
15:08:30.0894 4284 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:08:30.0960 4284 WinDefend - ok
15:08:30.0981 4284 WinHttpAutoProxySvc - ok
15:08:31.0101 4284 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:08:31.0134 4284 Winmgmt - ok
15:08:31.0258 4284 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:08:31.0384 4284 WinRM - ok
15:08:31.0485 4284 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:08:31.0560 4284 Wlansvc - ok
15:08:31.0780 4284 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:08:31.0978 4284 wlidsvc - ok
15:08:32.0030 4284 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:08:32.0112 4284 WmiAcpi - ok
15:08:32.0180 4284 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:08:32.0231 4284 wmiApSrv - ok
15:08:32.0392 4284 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:08:32.0484 4284 WMPNetworkSvc - ok
15:08:32.0551 4284 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:08:32.0591 4284 WPCSvc - ok
15:08:32.0643 4284 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:08:32.0690 4284 WPDBusEnum - ok
15:08:32.0872 4284 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:08:32.0946 4284 WPFFontCache_v0400 - ok
15:08:33.0011 4284 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:08:33.0049 4284 ws2ifsl - ok
15:08:33.0084 4284 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:08:33.0137 4284 wscsvc - ok
15:08:33.0148 4284 WSearch - ok
15:08:33.0340 4284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:08:33.0527 4284 wuauserv - ok
15:08:33.0571 4284 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:33.0692 4284 WUDFRd - ok
15:08:33.0762 4284 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:08:33.0890 4284 wudfsvc - ok
15:08:33.0970 4284 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:08:34.0112 4284 yukonwlh - ok
15:08:34.0234 4284 [ BDFDE977F5E88A539187AEF24DED7C40 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
15:08:34.0290 4284 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:08:34.0304 4284 ================ Scan global ===============================
15:08:34.0355 4284 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:08:34.0442 4284 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:08:34.0508 4284 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:08:34.0598 4284 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:08:34.0616 4284 [Global] - ok
15:08:34.0618 4284 ================ Scan MBR ==================================
15:08:34.0644 4284 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
15:08:36.0790 4284 \Device\Harddisk0\DR0 - ok
15:08:36.0791 4284 ================ Scan VBR ==================================
15:08:36.0810 4284 [ A12DC835CCDA676C8F327C11A2AD882A ] \Device\Harddisk0\DR0\Partition1
15:08:36.0826 4284 \Device\Harddisk0\DR0\Partition1 - ok
15:08:36.0859 4284 [ 4C8ADFD4160C1700C0772B27526AC43E ] \Device\Harddisk0\DR0\Partition2
15:08:36.0865 4284 \Device\Harddisk0\DR0\Partition2 - ok
15:08:36.0867 4284 ============================================================
15:08:36.0867 4284 Scan finished
15:08:36.0867 4284 ============================================================
15:08:36.0905 2440 Detected object count: 8
15:08:36.0905 2440 Actual detected object count: 8
15:10:03.0432 2440 BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0432 2440 BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0440 2440 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0440 2440 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0449 2440 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0449 2440 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0459 2440 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0459 2440 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0460 2440 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0460 2440 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0469 2440 papycpu ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0469 2440 papycpu ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0477 2440 papycpu2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0478 2440 papycpu2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:03.0478 2440 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0478 2440 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.11.2012, 15:27
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.11.2012, 16:53
| #13 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus, so der Combofix Logfile: Code:
ATTFilter ComboFix 12-11-05.01 - hp 05.11.2012 16:19:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.2050 [GMT 1:00]
ausgeführt von:: c:\users\hp\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\users\hp\AppData\Roaming\Local
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\intro_banksy_sub.divx.ddr
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0b559e83547461a3b8b0a557ac5e5d06.avi(2).ddp
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0b559e83547461a3b8b0a557ac5e5d06.avi.ddp
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Dieter.Der.Film.German.2006.DVDRiP.XviD.avi.ddp
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_banksy_sub.divx.ddp
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Twelve.avi.ddp
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\vcf_takers(2).avi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\vcf_takers(3).avi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\vcf_takers.avi
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\Twelve.avi.ddr
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\vcf_takers.avi(2).ddr
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\vcf_takers.avi(3).ddr
c:\users\hp\AppData\Roaming\Local\Temp\DDM\Settings\vcf_takers.avi.ddr
c:\users\hp\videos\Constantine CD1.bin
c:\users\hp\videos\Constantine CD2.bin
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-05 bis 2012-11-05 ))))))))))))))))))))))))))))))
.
.
2012-11-05 15:31 . 2012-11-05 15:31 -------- d-----w- c:\users\hp\AppData\Local\temp
2012-11-05 15:31 . 2012-11-05 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 11:47 . 2012-11-05 11:47 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E2701EB-9479-49AA-B23D-9DB4F9DA4D18}\offreg.dll
2012-11-02 11:26 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E2701EB-9479-49AA-B23D-9DB4F9DA4D18}\mpengine.dll
2012-10-11 20:27 . 2012-10-11 20:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 20:27 . 2012-10-11 20:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 14:06 . 2012-10-11 14:06 -------- d-----w- c:\program files\ESET
2012-10-10 12:00 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 12:00 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 12:00 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 12:00 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 12:00 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 11:59 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 11:59 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 17:07 . 2011-02-01 21:19 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-03 17:07 . 2011-02-01 21:18 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-03 17:07 . 2007-02-16 15:15 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-11-03 16:28 . 2011-02-01 21:18 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-07 15:04 . 2007-09-29 14:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59 . 2012-10-03 09:31 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-10-03 09:31 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-10-03 09:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-10-03 09:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-10-03 09:31 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-10-03 09:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-08 20:08 . 2011-02-01 21:18 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-09-05 206128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe" [2003-11-27 733184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-09-26 00:36 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-10-03 07:47 912688 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-01-21 10:38 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 36142538
*NewlyCreated* - ASWMBR
*Deregistered* - 36142538
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-02 c:\windows\Tasks\HPCeeScheduleForhp.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-03 10:34]
.
2011-01-03 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
AddRemove-7DE39862CC26DCE2446838AAF7CD5C163F835A57 - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
AddRemove-Grand Prix Legends - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-05 16:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\TMP0000007477E2263E40C8B8E0 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Zeit der Fertigstellung: 2012-11-05 16:33:59
ComboFix-quarantined-files.txt 2012-11-05 15:33
.
Vor Suchlauf: 13 Verzeichnis(se), 13.075.173.376 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.365.567.488 Bytes frei
.
- - End Of File - - 063666E269C8854E4EA1A758A0538E4C
wie gehts weiter? |
|
06.11.2012, 10:26
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2012, 20:23
| #15 |
| | Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? Hallo Cosinus, nach OTL Scan sieht´s wie folgt aus OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 15:06:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hp\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,03% Memory free 6,23 Gb Paging File | 5,16 Gb Available in Paging File | 82,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,49 Gb Total Space | 12,93 Gb Free Space | 4,50% Space Free | Partition Type: NTFS Drive D: | 10,60 Gb Total Space | 1,73 Gb Free Space | 16,37% Space Free | Partition Type: NTFS Drive E: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\hp\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Retrospect\Retrospect 7.7\retrorun.exe (Sonic Solutions) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\SMINST\BLService.exe () PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (IDT, Inc.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\System32\atitmpxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RetroLauncher) -- C:\Programme\Retrospect\Retrospect 7.7\retrorun.exe (Sonic Solutions) SRV - (BBDemon) -- C:\Programme\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe () SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Andrea Electronics Corporation) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\hp\AppData\Local\Temp\catchme.sys File not found DRV - (ALSysIO) -- C:\Users\hp\AppData\Local\Temp\ALSysIO.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys () DRV - (papycpu) -- C:\Windows\System32\drivers\papycpu.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{75D6318D-D0EC-4D3C-9AD0-689B2E6FB7E6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{C6B4804F-7101-4AD6-96E3-4BEBA5045EE9}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{E1DA5AAA-89F9-4794-918E-0CFC9D5C5B23}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\..\SearchScopes,DefaultScope = {C6B4804F-7101-4AD6-96E3-4BEBA5045EE9} IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\..\SearchScopes\{75D6318D-D0EC-4D3C-9AD0-689B2E6FB7E6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\..\SearchScopes\{C6B4804F-7101-4AD6-96E3-4BEBA5045EE9}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\..\SearchScopes\{E1DA5AAA-89F9-4794-918E-0CFC9D5C5B23}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-1255780481-815738553-736189358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) ========== Chrome ========== CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ O1 HOSTS File: ([2012.11.05 16:31:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1255780481-815738553-736189358-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1255780481-815738553-736189358-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1255780481-815738553-736189358-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1255780481-815738553-736189358-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC56C50-90CD-400B-B568-13CA553A0004}: DhcpNameServer = 10.25.1.6 10.25.1.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B6FC2C3-7405-4255-B76C-6D7878D4A5F7}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.21 14:52:11 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 00:07:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.05 16:34:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.05 16:34:01 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\temp [2012.11.05 16:33:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.05 16:17:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.05 16:17:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.05 16:17:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.05 16:17:23 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.05 16:17:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.05 16:16:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.05 16:15:22 | 004,996,984 | R--- | C] (Swearware) -- C:\Users\hp\Desktop\ComboFix.exe [2012.11.05 15:04:21 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\hp\Desktop\tdsskiller.exe [2012.11.05 13:51:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\hp\Desktop\aswMBR.exe [2012.10.24 12:10:43 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\XXXnameFolder ========== Files - Modified Within 30 Days ========== [2012.11.15 15:05:11 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 15:03:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2012.11.15 13:40:43 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 13:40:43 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 13:40:43 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 13:40:43 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 13:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 13:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 13:35:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 13:35:35 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 00:18:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.14 00:18:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.14 00:07:49 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.11.13 22:07:26 | 000,139,832 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.11.13 22:07:17 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.11.13 21:12:40 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.11.12 10:00:27 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhp.job [2012.11.07 12:06:05 | 000,017,253 | ---- | M] () -- C:\Users\hp\Desktop\Rennrad-Tagebuch.ods [2012.11.06 15:53:01 | 000,011,612 | ---- | M] () -- C:\Users\hp\gsview32.ini [2012.11.05 16:31:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.05 16:15:22 | 004,996,984 | R--- | M] (Swearware) -- C:\Users\hp\Desktop\ComboFix.exe [2012.11.05 15:04:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\hp\Desktop\tdsskiller.exe [2012.11.05 14:53:53 | 000,000,512 | ---- | M] () -- C:\Users\hp\Desktop\MBR.dat [2012.11.05 13:51:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\hp\Desktop\aswMBR.exe [2012.10.31 18:51:55 | 000,413,073 | ---- | M] () -- C:\Users\hp\Desktop\XXXname.rar [2012.10.31 18:51:31 | 000,158,681 | ---- | M] () -- C:\Users\hp\Desktop\XXXname1.pdf [2012.10.31 18:32:26 | 000,289,414 | ---- | M] () -- C:\Users\hp\Desktop\XXXname3.pdf [2012.10.26 21:17:49 | 000,146,944 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.23 14:05:37 | 000,538,941 | ---- | M] () -- C:\Users\hp\Desktop\adwcleaner.exe ========== Files Created - No Company Name ========== [2012.11.14 00:07:49 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.11.14 00:07:48 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.11.05 16:17:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.05 16:17:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.05 16:17:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.05 16:17:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.05 16:17:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.05 14:53:53 | 000,000,512 | ---- | C] () -- C:\Users\hp\Desktop\MBR.dat [2012.10.31 18:51:55 | 000,413,073 | ---- | C] () -- C:\Users\hp\Desktop\XXXname.rar [2012.10.31 18:51:28 | 000,158,681 | ---- | C] () -- C:\Users\hp\Desktop\XXXname1.pdf [2012.10.31 18:33:05 | 000,017,195 | ---- | C] () -- C:\Users\hp\Desktop\XXXname2.pdf [2012.10.28 16:27:27 | 000,289,414 | ---- | C] () -- C:\Users\hp\Desktop\XXXname.pdf [2012.10.23 14:05:36 | 000,538,941 | ---- | C] () -- C:\Users\hp\Desktop\adwcleaner.exe [2012.08.01 16:54:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll [2011.12.06 03:10:38 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.26 12:14:47 | 000,011,612 | ---- | C] () -- C:\Users\hp\gsview32.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.21 00:49:47 | 000,356,352 | ---- | C] () -- C:\Windows\System32\GPLPatchDLL.dll [2011.02.18 18:33:38 | 000,002,016 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys [2011.02.18 18:15:40 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu.sys [2011.02.18 18:15:40 | 000,001,888 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys [2011.02.18 18:13:19 | 000,000,174 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.02.01 22:19:03 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.01 22:19:02 | 000,022,328 | ---- | C] () -- C:\Users\hp\AppData\Roaming\PnkBstrK.sys [2011.02.01 22:18:49 | 000,281,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.02.01 22:18:47 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.02.01 22:18:45 | 000,000,301 | ---- | C] () -- C:\Windows\game.ini [2010.11.09 18:56:14 | 000,007,944 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat [2010.08.03 14:52:27 | 000,146,944 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.01 11:02:35 | 000,000,000 | ---- | C] () -- C:\Users\hp\defogger_reenable ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und die Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 15:06:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,03% Memory free
6,23 Gb Paging File | 5,16 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,49 Gb Total Space | 12,93 Gb Free Space | 4,50% Space Free | Partition Type: NTFS
Drive D: | 10,60 Gb Total Space | 1,73 Gb Free Space | 16,37% Space Free | Partition Type: NTFS
Drive E: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1255780481-815738553-736189358-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24678616-B8DD-408E-A834-0B9204A28106}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3494D1E6-F751-4935-8D56-0DC488785FB2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F34F5E3-AD9A-4F64-BE64-ECA17349832E}" = lport=28960 | protocol=17 | dir=in | name=callofduty |
"{7317EAD5-1DA3-46B6-B718-6DD5D213251F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{880387F0-8A6B-4FD5-95CD-F4D7123DBF1C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F76B38EE-92FD-437A-8739-D29E8B3F7074}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015C5DD8-761A-45D2-AD51-9FE43CB77549}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{03CD107D-318C-4CB7-ABD6-98F08C767012}" = protocol=6 | dir=in | app=c:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"{06FB489F-3582-432A-9F17-02C0E374FAC8}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0F8992DB-5BBF-47E0-B556-1A924E5C0EEE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1F68E354-55AE-483E-B5D9-5D4A45424BB1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{24D54FD1-8AA4-4DFE-BF36-43CB5EE3C78F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{319D4886-CA6F-49F9-B84A-8B3D28D761F1}" = protocol=17 | dir=in | app=c:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"{39FFF562-E0B8-4DC8-9A5A-E99DBA6ED216}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4276BEDA-24FB-4E42-931F-4BD2C93F4577}" = protocol=6 | dir=in | app=c:\spiele\red faction guerrilla\rfg.exe |
"{4F0E63CB-5AB4-4181-AA43-29D76FC807E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BF99752-D211-45BF-AA7F-6857F62E45A4}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{70CA2A62-D57C-417C-AEB6-764433C3DD97}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker clear sky tech demo\smp.exe |
"{71B5CBBF-6103-4B9C-A80F-147B9D253950}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{72353E70-1F69-4760-9F94-7E83C2742850}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7B1B4DBF-FDE3-485A-BAEA-402EEE10D561}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{7B419FD2-196E-4CA7-A23F-7BD01DD0FED0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{9D751784-8049-446A-934B-0468699F21F2}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A4193909-2F8F-44A6-8A95-364C3C3E97DE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B269CE0A-EFFD-4E0B-AAC2-73ED76504CAE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{B4C1B83F-71A7-4036-9C1C-E46D406847DE}" = protocol=17 | dir=in | app=c:\spiele\red faction guerrilla\rfg.exe |
"{B7553EBA-4908-4F39-AFF4-8CBB7E8C7EEC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B7870FC4-ED36-41A9-A12B-34CDCB49DF14}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{BA87231E-A44D-46EE-8C37-60153A3A5348}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker clear sky tech demo\smp.exe |
"{BD684351-61CF-40D3-B46B-EE9F71D7F407}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D0DFD075-10AB-4978-89EA-DB208F7D9747}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{D44A8611-09FD-4B92-A6CB-F819D14FFFB4}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{DE87D458-4377-47C5-AC16-341193B13499}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EE88D7A5-D3EE-47BB-9147-02F233943A47}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EF58F096-D49F-4F32-80E8-9B3D0138DE4B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{2B25420F-661C-4900-B1F7-297D43BCBEA6}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"TCP Query User{3F5FF148-443E-4705-A6D8-4D1CC772C2EC}C:\spiele\gplsecrets\igor\igor.exe" = protocol=6 | dir=in | app=c:\spiele\gplsecrets\igor\igor.exe |
"TCP Query User{4BF38254-5844-4F5C-B01E-E754A5C186FB}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{5FCF38A2-234B-4ECF-A5CD-5E7F6C0AF3EE}C:\spiele\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\spiele\red faction guerrilla\rfg.exe |
"TCP Query User{8E6A4056-92F5-4381-93DE-1648B50392F9}C:\program files\steam\steamapps\XXXname\race 07\race_steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\XXXname\race 07\race_steam.exe |
"TCP Query User{B614A697-B18F-448B-918A-FA8B5D205263}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{C22FEEC6-45BA-48C1-B8AE-687D4761E95F}C:\spiele\gplsecrets\igor\igor.exe" = protocol=6 | dir=in | app=c:\spiele\gplsecrets\igor\igor.exe |
"TCP Query User{C9A5A1FE-7358-4911-8FD3-3557D7CF1F3C}C:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{EDE5B5BD-13E4-4B8C-BDE4-AF9607231878}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"TCP Query User{F5521555-FFD9-4409-B3D7-923A852FAF39}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{039EC46C-C633-4026-BE64-D0AEB9721C68}C:\spiele\gplsecrets\igor\igor.exe" = protocol=17 | dir=in | app=c:\spiele\gplsecrets\igor\igor.exe |
"UDP Query User{09705328-065E-4EBC-B138-F99546B87504}C:\spiele\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\spiele\red faction guerrilla\rfg.exe |
"UDP Query User{4073337A-5CC7-41D4-92FA-61A8E4932DF2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{52E739A9-FA00-4452-81BF-397E37F05F7D}C:\program files\steam\steamapps\hackbert1\race 07\race_steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hackbert1\race 07\race_steam.exe |
"UDP Query User{670020B1-2527-4252-8F10-321D52C1CBE4}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"UDP Query User{854F0408-2517-4790-BA30-C0121C9B78C1}C:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{975A5FFF-8C57-4B57-9AEB-84DA858F133F}C:\spiele\gplsecrets\igor\igor.exe" = protocol=17 | dir=in | app=c:\spiele\gplsecrets\igor\igor.exe |
"UDP Query User{A03128F4-332C-4C2D-8A6C-51156315BBCF}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{B50A65AC-2D3D-4D98-8903-82EB51A238AB}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"UDP Query User{C65D887B-7AD1-4827-8528-CB5CB5053A5B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06870F63-4D1C-171F-9552-368D3890D92F}" = CCC Help French
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14CE04AF-0EBC-B865-382F-1FB466CAC301}" = CCC Help English
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBC5882-96E2-3A01-A32C-9B6F6EF6CF25}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F36B20F-7408-EC75-2825-E9FE81B0339D}" = CCC Help Norwegian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FD35451-F1E2-4D19-8C7E-DFAE65F9D7BF}" = Retrospect 7.7
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30DAAF05-3679-C10C-953C-BB422FCDF557}" = CCC Help Swedish
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 J1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{428536FB-25A0-8531-75EF-D7A7C340B0A4}" = Catalyst Pro Control Center
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6B7C9-65AE-BE8B-687A-6F1A2D7F9705}" = CCC Help Czech
"{4C8E1E1B-175F-AF47-8B21-E12C7C8B5D40}" = CCC Help Thai
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EAF46A2-DB90-6B67-F640-5CC876A2B5C4}" = CCC Help Greek
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D5B8455-50E0-F94A-4C82-0F9303BB4C0E}" = CCC Help Danish
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65AEB203-D3AA-6B95-1251-7B992C151C1F}" = Catalyst Control Center InstallProxy
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{740F4905-7AE2-0721-C25E-2BF63132606F}" = AMD Catalyst Install Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7765BB73-D985-42C9-C7EE-AB434D59429F}" = CCC Help Chinese Traditional
"{7ADFB885-8E98-6AAE-8687-D6EFB5127F6B}" = Catalyst Control Center Graphics Previews Common
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F7C616E-6971-77D9-7D59-82DC35DF81AC}" = CCC Help Russian
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FA5B08F-9162-BCCB-AFAC-28DF1751BEC3}" = Catalyst Control Center Localization All
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4F0373-5FAD-507D-0B65-90B3AD85547A}" = AMD Fuel
"{AAE19456-3757-AA99-773E-D257C0976758}" = ccc-utility
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF859F36-5F97-F6EC-A617-62771A8B4FDC}" = CCC Help Finnish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BB095F3E-0A7D-7DD4-B2A8-47CB12E416B0}" = CCC Help Japanese
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC71B06F-BFAE-6A73-091C-F18ACF00A04C}" = CCC Help Italian
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BDCBA80C-A3BD-9DA5-E43F-EBBBE779C032}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEA6219-8792-3E40-D361-4FB5F0FBBB0F}" = CCC Help Portuguese
"{CF053286-7F4C-CAFB-616B-58EC562BB28E}" = CCC Help Chinese Standard
"{D07BB56A-7DB4-4564-A1F9-EBCE75FBE3C6}" = Catalyst Control Center InstallProxy
"{D3689EED-3943-9E90-1D65-D2246EB58AD1}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BB0945-B990-47DC-BFE3-3FDE1E165B30}" = HP MediaSmart SmartMenu
"{DBA5EE42-A143-A658-9F86-C611BFDBEFCA}" = CCC Help Dutch
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF0F475-CFE2-9F4D-F26A-875FF09AD40E}" = CCC Help Spanish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1F1CCD6-34FE-81C6-CE0C-F22695E6409F}" = CCC Help German
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F71A71E1-285C-95CE-A8F7-231E3827138E}" = CCC Help Polish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Anno 1503 GOLD_is1" = Anno 1503 GOLD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"GEM+/iGOR & Lee's GPL Setup Manager_is1" = GEM+/iGOR & Lee's GPL Setup Manager 2.5.0.32
"GPL Ghostscript 9.02" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Opera 12.01.1532" = Opera 12.01
"RACE 07 Offline_1.0_is1" = RACE 07 Offline
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 8600" = RACE 07
"Steam App 8610" = RACE 07 Dedicated Server
"Steam App 8660" = GTR Evolution
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1255780481-815738553-736189358-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2011 16:42:48 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:49 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:49 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:49 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:50 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:50 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:50 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:51 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:51 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
Error - 26.12.2011 16:42:51 | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description =
[ System Events ]
Error - 14.11.2012 09:55:31 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_3622103C&REV_00\4&3b127f56&0&0150)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 14.11.2012 09:55:31 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_3622103C&REV_00\4&3b127f56&0&0250)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 14.11.2012 09:55:31 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3622103C&REV_00\4&3b127f56&0&0350)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 14.11.2012 09:55:31 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3622103C&REV_00\4&3b127f56&0&0450)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 15.11.2012 08:36:50 | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.11.2012 08:40:28 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_3622103C&REV_00\4&3b127f56&0&0050)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 15.11.2012 08:40:28 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_3622103C&REV_00\4&3b127f56&0&0150)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 15.11.2012 08:40:28 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_3622103C&REV_00\4&3b127f56&0&0250)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 15.11.2012 08:40:28 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3622103C&REV_00\4&3b127f56&0&0350)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 15.11.2012 08:40:28 | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3622103C&REV_00\4&3b127f56&0&0450)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
ich hoffe alle Namen sind raus. Was schlägst du vor? Beste Grüße |
|
| Themen zu Opera Internet browser langsam wegen Malware, Trojaner oder Back door hack? |
| anti-malware, auslastung, browser, browser langsam, fehlermeldung, gelöscht, gmer, google, hack, highjack, internet, internet browser, laden, langsam, lösung, maleware, malware, malwarebytes, neu, opera, problem, prozesse, scan, seite, seiten, taskmanager, trojaner, verbindung |
Linear-Darstellung
