| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner meldet sich mit meinem Internet immer wieder nbeu anWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2012, 11:19
| #1 |
 |  Trojaner meldet sich mit meinem Internet immer wieder nbeu an Hallo seit mehreren Tagen meldet sich mein Internet immer wieder ab also es kommt so ein Ausrufezeichen Dreieck neben der Internetverbindung und dann muss ich mich wieder neu einwählen damit es funktioniert. Habe mit Malware analysiert und auch Spybot. Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.26.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Joël :: JOEL-HP [Administrator] Schutz: Aktiviert 26.11.2012 17:42:35 mbam-log-2012-11-26 (17-42-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218319 Laufzeit: 4 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Joël\AppData\Local\Temp\wtf47A1.tmp (Malware.NSPack) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\AppData\Local\Temp\wtfE0D7.tmp (Malware.NSPack) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\Downloads\IZArcInstall.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielend Dank für die Hilfe  |
|
04.12.2012, 13:33
| #2 |
| /// Malware-holic   | Trojaner meldet sich mit meinem Internet immer wieder nbeu an hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.12.2012, 19:39
| #3 |
| |  Trojaner meldet sich mit meinem Internet immer wieder nbeu an Hallo Markus
__________________Hier OTl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 12/4/2012 7:23:31 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joël\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.85% Memory free 15.96 Gb Paging File | 13.40 Gb Available in Paging File | 83.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1848.86 Gb Total Space | 1630.10 Gb Free Space | 88.17% Space Free | Partition Type: NTFS Drive D: | 14.05 Gb Total Space | 1.74 Gb Free Space | 12.35% Space Free | Partition Type: NTFS Computer Name: JOEL-HP | User Name: Joël | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/04 19:02:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joël\Downloads\OTL.exe PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/10/26 22:14:49 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/10/25 03:12:02 | 000,561,152 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\QuickTime\PictureViewer.exe PRC - [2012/10/09 17:00:01 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012/09/29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/10 01:06:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/06/17 18:20:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/03/30 00:58:57 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe PRC - [2011/03/30 08:41:10 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/02/01 09:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/01/26 01:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/10/26 22:14:49 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/10/09 17:00:01 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011/03/30 08:40:56 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/01/26 18:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2010/10/11 10:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/03/02 19:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/10/26 22:14:49 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/09 17:00:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/03/30 00:58:57 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS) SRV - [2011/03/30 08:41:10 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/02/01 09:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/01/26 01:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/05/02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/04/24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/16 13:08:05 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS) DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/03/03 18:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON) DRV:64bit: - [2011/01/26 18:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/11/05 05:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010/07/27 19:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/04/08 19:13:30 | 001,757,952 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64) DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/01/22 20:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2012/04/03 00:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/03/16 03:29:43 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120427.002\EX64.SYS -- (NAVEX15) DRV - [2012/03/16 03:29:43 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/03/16 03:29:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/03/16 03:29:43 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120427.002\ENG64.SYS -- (NAVENG) DRV - [2012/03/15 03:28:52 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120427.001\IDSviA64.sys -- (IDSVia64) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/35 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/35 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{CA84F3A1-C833-4BCE-8DF7-4C8474995A97}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/35 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{CA84F3A1-C833-4BCE-8DF7-4C8474995A97}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/35 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D} IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{CA84F3A1-C833-4BCE-8DF7-4C8474995A97}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D}" FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10011&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/07/18 01:27:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/18 01:27:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/07/18 01:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/03/18 00:33:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2012/12/04 10:35:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/09 00:26:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/15 15:28:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/17 18:20:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/22 14:18:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/22 14:18:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/15 15:28:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/22 14:18:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/22 14:18:40 | 000,000,000 | ---D | M] [2012/03/16 03:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joël\AppData\Roaming\mozilla\Extensions [2012/10/23 00:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joël\AppData\Roaming\mozilla\Firefox\Profiles\6ad22dyw.default\extensions [2012/10/26 22:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/10/26 22:14:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/17 18:20:25 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012/03/13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/30 14:11:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/03/13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [Mondkalender] 22 File not found O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337B5022-886D-4F38-94DC-378FF6852FB0}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F00CAA6-9704-4A17-86C3-14A48620254B}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCDE35C3-BF0D-4F64-BD73-C6893F8246C8}: DhcpNameServer = 195.186.1.162 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b767e69f-37f0-11e1-932e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b767e69f-37f0-11e1-932e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.EXE O33 - MountPoints2\{b767e69f-37f0-11e1-932e-806e6f6e6963}\Shell\dxsetup\command - "" = E:\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/04 19:19:40 | 000,000,000 | ---D | C] -- C:\_OTL [2012/12/03 10:00:36 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Local\ElevatedDiagnostics [2012/12/03 00:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/12/03 00:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012/12/03 00:32:57 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2012/12/03 00:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012/12/03 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Local\Programs [2012/11/26 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Roaming\Malwarebytes [2012/11/26 17:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/26 17:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/26 17:41:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/26 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/26 17:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012/11/26 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012/11/26 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012/11/26 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Local\Apple Computer [2012/11/23 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Roaming\Apple Computer [2012/11/22 14:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/22 14:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/11/22 14:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/11/22 14:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/11/22 14:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/11/22 14:17:49 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Local\Apple [2012/11/22 14:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/11/19 22:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TKM17 [2012/11/19 22:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TKM17 [2012/11/06 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Joël\Documents\Eidos [2012/11/06 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2012/11/06 21:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tomb Raider - Anniversary [2012/11/06 18:54:28 | 000,000,000 | ---D | C] -- C:\Windows\_ISTMP3.DIR [2012/11/05 21:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012/11/05 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Roaming\Origin [2012/11/05 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Local\Origin [2012/11/05 19:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012/11/05 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012/11/05 19:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012/11/05 19:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive [2012/11/05 19:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fox [2012/11/05 19:38:50 | 000,000,000 | ---D | C] -- C:\Windows\_ISTMP2.DIR [2012/11/05 19:38:50 | 000,000,000 | ---D | C] -- C:\Windows\_ISTMP1.DIR [2012/11/05 19:38:50 | 000,000,000 | ---D | C] -- C:\_ISTMP1.DIR [2012/11/05 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Roaming\ImgBurn [2012/11/05 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/11/05 18:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc [2012/11/05 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc [2012/11/05 13:10:15 | 000,000,000 | ---D | C] -- C:\Users\Joël\Documents\MOHW [2012/11/05 13:08:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012/11/05 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\Joël\AppData\Roaming\YourFileDownloader [2012/11/05 12:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader [2012/11/05 12:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthBoost [2012/11/05 11:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor Warfighter - Limited Edition [2012/11/05 10:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medal of Honor Warfighter - Limited Edition [3 C:\Users\Joël\Documents\*.tmp files -> C:\Users\Joël\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/04 19:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/04 19:06:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Joël.job [2012/12/04 18:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/04 10:43:23 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 10:43:23 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 10:41:47 | 001,612,672 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/04 10:41:47 | 000,696,576 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/04 10:41:47 | 000,651,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/04 10:41:47 | 000,147,614 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/04 10:41:47 | 000,120,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/04 10:35:49 | 2133,741,567 | -HS- | M] () -- C:\hiberfil.sys [2012/12/03 01:09:25 | 000,021,248 | ---- | M] () -- C:\Windows\wininit.ini [2012/12/03 00:33:01 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/11/26 17:42:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/26 17:05:45 | 000,003,201 | ---- | M] () -- C:\Users\Joël\Desktop\Sophos Virus Removal Tool.lnk [2012/11/22 14:18:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/06 18:55:17 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Croc 2.lnk [2012/11/05 19:49:48 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012/11/05 19:43:02 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Croc.lnk [2012/11/05 13:06:17 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Warfighter - Limited Edition.lnk [2012/11/05 12:14:55 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk [3 C:\Users\Joël\Documents\*.tmp files -> C:\Users\Joël\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/03 01:01:14 | 000,021,248 | ---- | C] () -- C:\Windows\wininit.ini [2012/12/03 00:33:01 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012/12/03 00:33:01 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/11/26 17:42:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/26 17:05:45 | 000,003,201 | ---- | C] () -- C:\Users\Joël\Desktop\Sophos Virus Removal Tool.lnk [2012/11/22 14:18:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/22 14:17:49 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/11/06 19:24:15 | 001,876,323 | ---- | C] () -- C:\Users\Joël\Desktop\MOV0000001.3gp [2012/11/06 18:55:17 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Croc 2.lnk [2012/11/05 19:49:48 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012/11/05 19:43:02 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Croc.lnk [2012/11/05 12:14:55 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk [2012/11/05 11:26:18 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Warfighter - Limited Edition.lnk [2012/05/15 17:47:27 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2012/05/15 15:25:51 | 000,233,499 | ---- | C] () -- C:\Windows\hpoins47.dat [2012/03/30 00:58:58 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/30 00:58:50 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/03/16 10:50:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012/03/16 03:09:25 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2011/07/18 01:21:07 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011/07/18 01:04:56 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011/07/18 01:04:56 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011/07/18 01:04:56 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011/07/18 01:04:56 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011/07/18 01:04:56 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011/07/18 01:04:56 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011/07/18 01:04:56 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011/07/18 01:04:56 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2011/03/04 05:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/02/11 18:15:43 | 003,411,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/06/14 00:07:54 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\AC3Filter [2012/11/05 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\ImgBurn [2012/10/03 17:28:49 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\Kingsoft [2012/03/30 00:56:25 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\Leadertech [2012/07/12 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\MotioninJoy [2012/11/05 19:49:54 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\Origin [2012/05/02 01:39:33 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\Orneon [2012/06/28 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\RBotPlus [2012/10/16 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\SoftGrid Client [2012/06/05 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\Spotify [2012/10/14 19:36:28 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\TP [2012/11/05 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\Joël\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Custom Scans ========== < > [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/08 18:21:49 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012/10/03 17:29:18 | 000,000,372 | ---- | C] () -- C:\Windows\Tasks\WpsUpdateTask_Joël.job < %SYSTEMDRIVE%\*. > [2012/06/10 14:09:01 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/02/11 18:00:41 | 000,000,000 | -HSD | M] -- C:\Boot [2012/11/26 17:05:45 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/05/07 00:41:59 | 000,000,000 | ---D | M] -- C:\games [2011/07/18 01:32:21 | 000,000,000 | RHSD | M] -- C:\hp [2012/10/15 10:40:59 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/07/12 16:20:17 | 000,000,000 | R--D | M] -- C:\Program Files [2012/12/03 01:11:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/12/03 01:01:18 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012/04/21 14:50:14 | 000,000,000 | ---D | M] -- C:\Programme [2011/02/11 20:24:35 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/12/04 19:24:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/03/16 02:58:27 | 000,000,000 | RH-D | M] -- C:\SYSTEM.SAV [2012/05/11 07:46:40 | 000,000,000 | R--D | M] -- C:\Users [2012/12/03 09:58:06 | 000,000,000 | ---D | M] -- C:\Windows [2012/11/05 19:38:52 | 000,000,000 | ---D | M] -- C:\_ISTMP1.DIR [2012/12/04 19:19:40 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe < MD5 for: IASTOR.SYS > [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Users\Joël\Desktop\swsetup\DRV\Storage\Intel\RST\10.1\x64\iaStor.sys [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_1d61423fcaa98a87\iaStor.sys [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_50540af7bb44a0d6\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012/12/04 19:24:55 | 004,456,448 | -HS- | M] () -- C:\Users\Joël\ntuser.dat [2012/12/04 19:24:55 | 000,262,144 | -HS- | M] () -- C:\Users\Joël\ntuser.dat.LOG1 [2012/03/16 02:53:29 | 000,000,000 | -HS- | M] () -- C:\Users\Joël\ntuser.dat.LOG2 [2012/03/16 03:43:49 | 000,065,536 | -HS- | M] () -- C:\Users\Joël\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012/03/16 03:43:49 | 000,524,288 | -HS- | M] () -- C:\Users\Joël\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012/03/16 03:43:49 | 000,524,288 | -HS- | M] () -- C:\Users\Joël\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/06/18 22:47:30 | 000,065,536 | -HS- | M] () -- C:\Users\Joël\ntuser.dat{735ea272-b98b-11e1-8cf2-e06995a7531d}.TM.blf [2012/06/18 22:47:30 | 000,524,288 | -HS- | M] () -- C:\Users\Joël\ntuser.dat{735ea272-b98b-11e1-8cf2-e06995a7531d}.TMContainer00000000000000000001.regtrans-ms [2012/06/18 22:47:30 | 000,524,288 | -HS- | M] () -- C:\Users\Joël\ntuser.dat{735ea272-b98b-11e1-8cf2-e06995a7531d}.TMContainer00000000000000000002.regtrans-ms [2012/05/10 22:55:08 | 000,065,536 | -HS- | M] () -- C:\Users\Joël\ntuser.dat{94f181e2-9ae1-11e1-83ce-e0469aaac997}.TM.blf [2012/05/10 22:55:08 | 000,524,288 | -HS- | M] () -- C:\Users\Joël\ntuser.dat{94f181e2-9ae1-11e1-83ce-e0469aaac997}.TMContainer00000000000000000001.regtrans-ms [2012/05/10 22:55:08 | 000,524,288 | -HS- | M] () -- C:\Users\Joël\ntuser.dat{94f181e2-9ae1-11e1-83ce-e0469aaac997}.TMContainer00000000000000000002.regtrans-ms [2012/03/16 02:53:29 | 000,000,020 | -HS- | M] () -- C:\Users\Joël\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Und hier Extra.OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/4/2012 7:23:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joël\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
7.98 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.85% Memory free
15.96 Gb Paging File | 13.40 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1848.86 Gb Total Space | 1630.10 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 1.74 Gb Free Space | 12.35% Space Free | Partition Type: NTFS
Computer Name: JOEL-HP | User Name: Joël | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0 -- ()
"AntiSpywareOverride" = 0 -- ()
"FirewallOverride" = 0 -- ()
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0 -- ()
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089453EF-A303-4C02-B504-57D4937B6A7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2129E157-6D3F-4EE4-AE39-C861579E53C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{270A1FE6-7C18-40B4-9B67-2AA1E7752D9A}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BE09A51-47BE-4636-A04D-553B0CF3C46F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2E91A179-3E61-4866-B4D4-744E38B0BD50}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3F1C4BDF-45AB-4205-94DD-1B10D5ACEF54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48E67D02-CFA8-415E-A75C-F8172781F320}" = rport=138 | protocol=17 | dir=out | app=system |
"{4CF9853B-ACC9-4A42-AC6D-54841409B67B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D950B2D-5EE0-4947-AB28-EAB08C21B767}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{530E20BB-6B61-4D4F-850A-AA0848AD09D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E6AFE88-7C88-4956-A52F-E405E7C3B9BB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{73BDE9AA-5EF8-4185-A1B5-B2E76339123D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{781A1002-92E5-45B0-9B5C-B9C2B51D12C9}" = lport=445 | protocol=6 | dir=in | app=system |
"{87EA86A5-AFAA-49BD-9BD9-38F9E543590D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B33D179-30DB-416E-858B-E3431F64EED0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EA155E9-A1B2-4886-8989-796EA329A893}" = rport=137 | protocol=17 | dir=out | app=system |
"{8F065CA3-F36D-43C4-8623-D7AF14BB9097}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3D1C17A-E40E-4803-BFFA-A6EA38DC36CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{B92F6F73-12F4-45E5-BDEF-11B8A70EA2B4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{C470B1B7-9A99-4BB4-841C-7DC047AD6886}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0A75F89-6394-4310-907D-BDF0117F5FD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DED85696-AB81-416A-AC17-F029E03394BE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ECC28396-1A49-4029-9BCF-55ADDD8A50D5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F1ACC64C-0A55-4A22-95D7-3C591955097B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A3A5B6-0907-4CE3-A264-DA9DCEC847CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0519DD8A-3866-4BA4-8E2C-560FC9893C3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{0784B970-CA7E-4A91-B22A-33785B7F26A9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\gu.exe |
"{0BF8F20C-1495-423D-9D2A-7A3583AE203E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0C0892B4-4217-441B-8417-2C60A548E287}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{0FB21388-6383-43DE-ABE4-B331987C7CF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1BC2977B-3357-4FBC-9840-217BA9A52B55}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{1DAD58EA-06D8-415F-A5E6-F46BCF77DB74}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\gamesettings.exe |
"{1DC326D9-48EB-49F5-854B-403730D2BF56}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{1E10E164-360E-4D90-931E-5086C198E5F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2005FF1C-1C3A-4098-8D8D-AB19832A3804}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2A7F26AA-23FB-4911-AC3A-22FC6BD9D1B5}" = dir=in | app=e:\setup\hpznui40.exe |
"{2BB40E9B-0A67-4F0E-892B-673D4FAAD061}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CDD37AC-747F-4CEF-8434-CC3B1D835111}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{33BDD815-66F0-4A6C-8C88-5B77A365B2F5}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{35255016-70DD-430B-A7AC-47A31552F32A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\gu.exe |
"{358991EE-2347-41AD-822F-E7C598B24BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3A61D3C2-8A2D-48E8-8E59-F92B9D37400C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5BD45C46-3FA7-4A1F-8E16-BC3792E387C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{628A6AD7-1CFB-4ABA-88C1-7DC37716B24F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{6BAF7179-357F-4C75-9796-E14D561C4B78}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{7AEDF27F-7C1A-4BAC-99D2-F9B4DE6A8BFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7B071BC9-CE0D-4C7B-B48E-4D68D866EBFE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{7C8927F6-5C29-4FE0-B65A-66C57D483BA7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe |
"{7CF80B8B-2F50-421E-A4B8-FC5088F529DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{7DB30E36-FBFD-4F83-AA46-4F4A7CECE709}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{84A7235D-A09B-42ED-A5EE-3253E394044C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{8ABF9E77-C0D4-4E50-BA1D-2CEF918EC08A}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8BF12DE1-F23F-416A-BED7-BEE87C66FCFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{95CFAF9C-0E60-4AB0-B6AB-CEC28E403918}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9BC832C8-2F61-434A-A9ED-D761F26EEEBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A66E91A0-EB38-403D-9DEA-39918C5F9745}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A80E29A0-0C54-4059-A1F6-9D1AC0B0F4B6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{ADB7686E-1F05-40E8-A38D-566727BBB309}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"{B1BF8166-E6D9-441A-84E9-75187AF47797}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B1F07C30-B03D-4102-BE56-7B48FBE3CA69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B63AF6BE-FB99-4153-9C8B-43F5D9D1EE06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B6EEFBC5-3168-4E3B-B0F0-F80FB381E06B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{B92AB693-30B8-46CC-A76C-9BEB5663F798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BE5B46B1-7847-4D70-BD0E-FD385C1372BF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe |
"{BEFB87D7-17B6-43DE-B84E-0D55422D63A4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2528AD3-259D-4CAA-B751-02013C2A4715}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\gamesettings.exe |
"{C71CB90D-7067-46A3-AB0A-2D0FEBC2491B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C7234EFF-CB77-4CBD-8283-78666AA2A9E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{CB1C2D25-5BF7-43F6-A3CF-F40C4ED1093C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D0C7BF56-3FF5-4537-BBC6-CE05B048AF0B}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{D946734E-2946-4FBD-9D04-B59E15A6C92A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"{E56C8528-4AE1-429B-9481-CCD0F03F9856}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{E74136DC-6251-4F09-BE4E-822837ED7AEC}" = dir=in | app=c:\users\joël\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{EA91663C-A703-47DB-8393-50F5D8FD0B8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{EB30DEA5-EADE-4450-9A70-95B89A1A8DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{EDA86D42-E8DB-4E60-B39D-A34C02F6AF04}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{F1F47CFD-C227-4E76-A69D-70E7D19B3FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F2312E75-D41C-4879-B9C6-D739CB2CF013}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{F400A921-7FF1-45F5-A1A5-E722FC100E3E}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{F53446C4-834C-4C98-A265-660E256B03FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{07D7431B-3EFD-4B1E-9DAF-240B04F9F445}C:\program files (x86)\medal of honor warfighter - limited edition\mohw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\medal of honor warfighter - limited edition\mohw.exe |
"TCP Query User{4DED6C48-BD7D-47B2-961A-7E629ABE7463}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{C606AEC7-4648-496D-9C34-85D2A63CEED5}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{EABF71FA-6968-47B4-94BA-C1194328259F}C:\program files (x86)\ea games\need for speed undercover\nfs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed undercover\nfs.exe |
"UDP Query User{7153E984-5301-42FB-A17A-70174EDF6849}C:\program files (x86)\medal of honor warfighter - limited edition\mohw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\medal of honor warfighter - limited edition\mohw.exe |
"UDP Query User{7DF0E5C4-204E-4E6B-A15E-36778228AB0E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8B0A1D71-816C-4CCB-ADF5-459643F158C1}C:\program files (x86)\ea games\need for speed undercover\nfs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed undercover\nfs.exe |
"UDP Query User{FB2A54F7-6B91-4874-BD0C-854032B73E2B}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.95
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C72D4EA-BA65-4B9D-92F9-B916A25A8C4D}_is1" = The Klub 17 [v 6.10]
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1917 - Der Aufstand_is1" = 1917 - Der Aufstand 1.04
"1ClickDownload" = 1ClickDownloader
"AC3Filter_is1" = AC3Filter 2.1a
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Croc" = Croc
"Croc 2" = Croc 2
"Der Mondkalender" = Der Mondkalender
"DivX Setup" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"HP Remote Solution" = HP Remote Solution
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3375)
"Legacy of Kain Soul Reaver_is1" = Legacy of Kain Soul Reaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Medal of Honor Warfighter - Limited Edition_is1" = Medal of Honor Warfighter - Limited Edition
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicStationNetstaller" = MusicStation
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"PKR" = PKR
"PokerStars" = PokerStars
"RBPlus" = Roulette Bot Plus
"RealPlayer 15.0" = RealPlayer
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Torch" = Torch
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/24/2012 7:04:09 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 10/25/2012 3:09:51 PM | Computer Name = Joël-HP | Source = WinMgmt | ID = 10
Description =
Error - 10/25/2012 3:11:25 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 10/25/2012 3:11:57 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 10/25/2012 3:34:10 PM | Computer Name = Joël-HP | Source = WinMgmt | ID = 10
Description =
Error - 10/25/2012 3:36:23 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 10/25/2012 3:37:10 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 10/25/2012 4:59:24 PM | Computer Name = Joël-HP | Source = WinMgmt | ID = 10
Description =
Error - 10/25/2012 5:01:50 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 10/25/2012 5:02:20 PM | Computer Name = Joël-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
[ Spybot - Search and Destroy Events ]
Error - 12/2/2012 8:01:20 PM | Computer Name = Joël-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 12/2/2012 8:02:09 PM | Computer Name = Joël-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 12/2/2012 8:09:31 PM | Computer Name = Joël-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 12/3/2012 4:58:20 AM | Computer Name = Joël-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12/3/2012 4:58:20 AM | Computer Name = Joël-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12/3/2012 5:00:07 AM | Computer Name = Joël-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12/3/2012 5:00:15 AM | Computer Name = Joël-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12/3/2012 5:02:36 AM | Computer Name = Joël-HP | Source = DCOM | ID = 10016
Description =
Error - 12/3/2012 5:45:16 AM | Computer Name = Joël-HP | Source = DCOM | ID = 10016
Description =
Error - 12/3/2012 7:43:24 AM | Computer Name = Joël-HP | Source = DCOM | ID = 10016
Description =
Error - 12/3/2012 4:16:32 PM | Computer Name = Joël-HP | Source = DCOM | ID = 10016
Description =
Error - 12/4/2012 5:36:51 AM | Computer Name = Joël-HP | Source = DCOM | ID = 10016
Description =
Error - 12/4/2012 1:59:03 PM | Computer Name = Joël-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSWNA3100 erreicht.
< End of report >
|
|
04.12.2012, 20:18
| #4 |
| /// Malware-holic | Trojaner meldet sich mit meinem Internet immer wieder nbeu an download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 20:41
| #5 |
| | Trojaner meldet sich mit meinem Internet immer wieder nbeu an 20:33:12.0462 13472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:33:12.0537 13472 ============================================================ 20:33:12.0537 13472 Current date / time: 2012/12/04 20:33:12.0537 20:33:12.0537 13472 SystemInfo: 20:33:12.0537 13472 20:33:12.0537 13472 OS Version: 6.1.7601 ServicePack: 1.0 20:33:12.0537 13472 Product type: Workstation 20:33:12.0538 13472 ComputerName: JOEL-HP 20:33:12.0538 13472 UserName: Joël 20:33:12.0538 13472 Windows directory: C:\Windows 20:33:12.0538 13472 System windows directory: C:\Windows 20:33:12.0538 13472 Running under WOW64 20:33:12.0538 13472 Processor architecture: Intel x64 20:33:12.0538 13472 Number of processors: 4 20:33:12.0538 13472 Page size: 0x1000 20:33:12.0538 13472 Boot type: Normal boot 20:33:12.0538 13472 ============================================================ 20:33:12.0920 13472 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:33:12.0934 13472 ============================================================ 20:33:12.0934 13472 \Device\Harddisk0\DR0: 20:33:12.0934 13472 MBR partitions: 20:33:12.0934 13472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:33:12.0935 13472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE71B9800 20:33:12.0935 13472 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE71EC000, BlocksNum 0x1C1C000 20:33:12.0935 13472 ============================================================ 20:33:12.0955 13472 C: <-> \Device\Harddisk0\DR0\Partition2 20:33:13.0006 13472 D: <-> \Device\Harddisk0\DR0\Partition3 20:33:13.0007 13472 ============================================================ 20:33:13.0007 13472 Initialize success 20:33:13.0007 13472 ============================================================ 20:34:30.0801 13472 ============================================================ 20:34:30.0801 13472 Scan started 20:34:30.0801 13472 Mode: Manual; SigCheck; TDLFS; 20:34:30.0801 13472 ============================================================ 20:34:31.0212 13472 ================ Scan system memory ======================== 20:34:31.0212 13472 System memory - ok 20:34:31.0213 13472 ================ Scan services ============================= 20:34:31.0398 13472 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:34:31.0488 13472 1394ohci - ok 20:34:31.0514 13472 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:34:31.0533 13472 ACPI - ok 20:34:31.0552 13472 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:34:31.0591 13472 AcpiPmi - ok 20:34:31.0682 13472 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:34:31.0695 13472 AdobeFlashPlayerUpdateSvc - ok 20:34:31.0725 13472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:34:31.0747 13472 adp94xx - ok 20:34:31.0768 13472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:34:31.0785 13472 adpahci - ok 20:34:31.0791 13472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:34:31.0801 13472 adpu320 - ok 20:34:31.0816 13472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:34:31.0920 13472 AeLookupSvc - ok 20:34:31.0972 13472 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 20:34:32.0001 13472 AESTFilters - ok 20:34:32.0031 13472 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys 20:34:32.0136 13472 AFD - ok 20:34:32.0155 13472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:34:32.0162 13472 agp440 - ok 20:34:32.0178 13472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:34:32.0187 13472 ALG - ok 20:34:32.0201 13472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:34:32.0207 13472 aliide - ok 20:34:32.0213 13472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:34:32.0219 13472 amdide - ok 20:34:32.0242 13472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:34:32.0251 13472 AmdK8 - ok 20:34:32.0256 13472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 20:34:32.0264 13472 AmdPPM - ok 20:34:32.0278 13472 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:34:32.0285 13472 amdsata - ok 20:34:32.0289 13472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:34:32.0297 13472 amdsbs - ok 20:34:32.0308 13472 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:34:32.0314 13472 amdxata - ok 20:34:32.0380 13472 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 20:34:32.0392 13472 AntiVirSchedulerService - ok 20:34:32.0414 13472 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 20:34:32.0424 13472 AntiVirService - ok 20:34:32.0438 13472 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:34:32.0480 13472 AppID - ok 20:34:32.0499 13472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:34:32.0526 13472 AppIDSvc - ok 20:34:32.0536 13472 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:34:32.0568 13472 Appinfo - ok 20:34:32.0581 13472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:34:32.0589 13472 arc - ok 20:34:32.0592 13472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:34:32.0600 13472 arcsas - ok 20:34:32.0658 13472 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:34:32.0667 13472 aspnet_state - ok 20:34:32.0693 13472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:34:32.0732 13472 AsyncMac - ok 20:34:32.0756 13472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:34:32.0763 13472 atapi - ok 20:34:32.0793 13472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:34:32.0825 13472 AudioEndpointBuilder - ok 20:34:32.0833 13472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:34:32.0861 13472 AudioSrv - ok 20:34:32.0902 13472 [ EB1B01221C444A669F85136C43A40B74 ] AVer7231_x64 C:\Windows\system32\DRIVERS\AVer7231_x64.sys 20:34:32.0941 13472 AVer7231_x64 - ok 20:34:32.0962 13472 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:34:32.0985 13472 avgntflt - ok 20:34:33.0003 13472 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:34:33.0009 13472 avipbb - ok 20:34:33.0017 13472 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:34:33.0022 13472 avkmgr - ok 20:34:33.0043 13472 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:34:33.0089 13472 AxInstSV - ok 20:34:33.0132 13472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:34:33.0152 13472 b06bdrv - ok 20:34:33.0168 13472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:34:33.0183 13472 b57nd60a - ok 20:34:33.0229 13472 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys 20:34:33.0253 13472 BCMH43XX - ok 20:34:33.0281 13472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:34:33.0293 13472 BDESVC - ok 20:34:33.0301 13472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:34:33.0333 13472 Beep - ok 20:34:33.0364 13472 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:34:33.0393 13472 BFE - ok 20:34:33.0486 13472 [ 5B1FE9D351C284701C8051DA2AA81DF6 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys 20:34:33.0515 13472 BHDrvx64 - ok 20:34:33.0542 13472 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:34:33.0575 13472 BITS - ok 20:34:33.0589 13472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:34:33.0597 13472 blbdrive - ok 20:34:33.0608 13472 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:34:33.0633 13472 bowser - ok 20:34:33.0657 13472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:34:33.0666 13472 BrFiltLo - ok 20:34:33.0677 13472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:34:33.0686 13472 BrFiltUp - ok 20:34:33.0709 13472 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 20:34:33.0732 13472 Browser - ok 20:34:33.0748 13472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:34:33.0757 13472 Brserid - ok 20:34:33.0765 13472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:34:33.0775 13472 BrSerWdm - ok 20:34:33.0777 13472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:34:33.0787 13472 BrUsbMdm - ok 20:34:33.0801 13472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:34:33.0808 13472 BrUsbSer - ok 20:34:33.0811 13472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:34:33.0820 13472 BTHMODEM - ok 20:34:33.0836 13472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:34:33.0859 13472 bthserv - ok 20:34:33.0875 13472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:34:33.0898 13472 cdfs - ok 20:34:33.0937 13472 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:34:33.0952 13472 cdrom - ok 20:34:33.0976 13472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:34:34.0015 13472 CertPropSvc - ok 20:34:34.0045 13472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 20:34:34.0061 13472 circlass - ok 20:34:34.0077 13472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:34:34.0096 13472 CLFS - ok 20:34:34.0140 13472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:34:34.0150 13472 clr_optimization_v2.0.50727_32 - ok 20:34:34.0192 13472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:34:34.0202 13472 clr_optimization_v2.0.50727_64 - ok 20:34:34.0251 13472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:34:34.0262 13472 clr_optimization_v4.0.30319_32 - ok 20:34:34.0275 13472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:34:34.0286 13472 clr_optimization_v4.0.30319_64 - ok 20:34:34.0304 13472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:34:34.0317 13472 CmBatt - ok 20:34:34.0332 13472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:34:34.0342 13472 cmdide - ok 20:34:34.0365 13472 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys 20:34:34.0394 13472 CNG - ok 20:34:34.0405 13472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:34:34.0412 13472 Compbatt - ok 20:34:34.0438 13472 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:34:34.0447 13472 CompositeBus - ok 20:34:34.0449 13472 COMSysApp - ok 20:34:34.0462 13472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:34:34.0468 13472 crcdisk - ok 20:34:34.0492 13472 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:34:34.0518 13472 CryptSvc - ok 20:34:34.0583 13472 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:34:34.0603 13472 cvhsvc - ok 20:34:34.0628 13472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:34:34.0657 13472 DcomLaunch - ok 20:34:34.0687 13472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:34:34.0713 13472 defragsvc - ok 20:34:34.0733 13472 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:34:34.0756 13472 DfsC - ok 20:34:34.0783 13472 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:34:34.0809 13472 Dhcp - ok 20:34:34.0819 13472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:34:34.0842 13472 discache - ok 20:34:34.0859 13472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:34:34.0865 13472 Disk - ok 20:34:34.0880 13472 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:34:34.0914 13472 Dnscache - ok 20:34:34.0930 13472 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:34:34.0954 13472 dot3svc - ok 20:34:34.0963 13472 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:34:34.0988 13472 DPS - ok 20:34:35.0009 13472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:34:35.0018 13472 drmkaud - ok 20:34:35.0041 13472 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:34:35.0061 13472 DXGKrnl - ok 20:34:35.0089 13472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:34:35.0113 13472 EapHost - ok 20:34:35.0161 13472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:34:35.0207 13472 ebdrv - ok 20:34:35.0254 13472 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 20:34:35.0272 13472 eeCtrl - ok 20:34:35.0288 13472 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe 20:34:35.0297 13472 EFS - ok 20:34:35.0332 13472 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:34:35.0357 13472 ehRecvr - ok 20:34:35.0374 13472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:34:35.0383 13472 ehSched - ok 20:34:35.0408 13472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:34:35.0422 13472 elxstor - ok 20:34:35.0481 13472 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 20:34:35.0491 13472 EraserUtilRebootDrv - ok 20:34:35.0500 13472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:34:35.0512 13472 ErrDev - ok 20:34:35.0539 13472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:34:35.0567 13472 EventSystem - ok 20:34:35.0591 13472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:34:35.0616 13472 exfat - ok 20:34:35.0645 13472 ezSharedSvc - ok 20:34:35.0664 13472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:34:35.0703 13472 fastfat - ok 20:34:35.0741 13472 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:34:35.0756 13472 Fax - ok 20:34:35.0777 13472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 20:34:35.0785 13472 fdc - ok 20:34:35.0818 13472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:34:35.0855 13472 fdPHost - ok 20:34:35.0861 13472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:34:35.0885 13472 FDResPub - ok 20:34:35.0898 13472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:34:35.0905 13472 FileInfo - ok 20:34:35.0914 13472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:34:35.0937 13472 Filetrace - ok 20:34:35.0952 13472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:34:35.0960 13472 flpydisk - ok 20:34:35.0978 13472 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:34:35.0987 13472 FltMgr - ok 20:34:36.0020 13472 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:34:36.0039 13472 FontCache - ok 20:34:36.0073 13472 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:34:36.0078 13472 FontCache3.0.0.0 - ok 20:34:36.0089 13472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:34:36.0095 13472 FsDepends - ok 20:34:36.0113 13472 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:34:36.0119 13472 Fs_Rec - ok 20:34:36.0132 13472 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:34:36.0143 13472 fvevol - ok 20:34:36.0155 13472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:34:36.0161 13472 gagp30kx - ok 20:34:36.0192 13472 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 20:34:36.0198 13472 GamesAppService - ok 20:34:36.0216 13472 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:34:36.0247 13472 gpsvc - ok 20:34:36.0265 13472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:34:36.0272 13472 hcw85cir - ok 20:34:36.0298 13472 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:34:36.0311 13472 HdAudAddService - ok 20:34:36.0342 13472 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:34:36.0353 13472 HDAudBus - ok 20:34:36.0370 13472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:34:36.0377 13472 HidBatt - ok 20:34:36.0388 13472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:34:36.0398 13472 HidBth - ok 20:34:36.0416 13472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:34:36.0426 13472 HidIr - ok 20:34:36.0444 13472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:34:36.0467 13472 hidserv - ok 20:34:36.0477 13472 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:34:36.0484 13472 HidUsb - ok 20:34:36.0504 13472 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:34:36.0527 13472 hkmsvc - ok 20:34:36.0540 13472 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:34:36.0550 13472 HomeGroupListener - ok 20:34:36.0564 13472 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:34:36.0572 13472 HomeGroupProvider - ok 20:34:36.0618 13472 [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 20:34:36.0623 13472 HP Health Check Service - ok 20:34:36.0652 13472 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 20:34:36.0659 13472 HPClientSvc - ok 20:34:36.0706 13472 [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 20:34:36.0715 13472 HPDrvMntSvc.exe - ok 20:34:36.0780 13472 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 20:34:37.0345 13472 hpqcxs08 - ok 20:34:37.0358 13472 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 20:34:37.0369 13472 hpqddsvc - ok 20:34:37.0405 13472 [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 20:34:37.0431 13472 hpqwmiex - ok 20:34:37.0447 13472 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:34:37.0454 13472 HpSAMD - ok 20:34:37.0477 13472 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 20:34:37.0496 13472 HPSLPSVC - ok 20:34:37.0512 13472 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:34:37.0542 13472 HTTP - ok 20:34:37.0554 13472 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:34:37.0559 13472 hwpolicy - ok 20:34:37.0595 13472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:34:37.0610 13472 i8042prt - ok 20:34:37.0635 13472 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys 20:34:37.0651 13472 iaStor - ok 20:34:37.0670 13472 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:34:37.0686 13472 iaStorV - ok 20:34:37.0726 13472 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:34:37.0732 13472 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:34:37.0732 13472 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:34:37.0769 13472 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:34:37.0798 13472 idsvc - ok 20:34:37.0839 13472 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120427.001\IDSvia64.sys 20:34:37.0857 13472 IDSVia64 - ok 20:34:37.0966 13472 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:34:38.0051 13472 igfx - ok 20:34:38.0082 13472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:34:38.0088 13472 iirsp - ok 20:34:38.0118 13472 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:34:38.0151 13472 IKEEXT - ok 20:34:38.0172 13472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:34:38.0178 13472 intelide - ok 20:34:38.0202 13472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:34:38.0210 13472 intelppm - ok 20:34:38.0230 13472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:34:38.0254 13472 IPBusEnum - ok 20:34:38.0262 13472 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:34:38.0284 13472 IpFilterDriver - ok 20:34:38.0302 13472 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:34:38.0333 13472 iphlpsvc - ok 20:34:38.0347 13472 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:34:38.0355 13472 IPMIDRV - ok 20:34:38.0358 13472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:34:38.0381 13472 IPNAT - ok 20:34:38.0392 13472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:34:38.0403 13472 IRENUM - ok 20:34:38.0422 13472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:34:38.0427 13472 isapnp - ok 20:34:38.0432 13472 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:34:38.0440 13472 iScsiPrt - ok 20:34:38.0454 13472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:34:38.0460 13472 kbdclass - ok 20:34:38.0477 13472 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:34:38.0484 13472 kbdhid - ok 20:34:38.0504 13472 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe 20:34:38.0513 13472 KeyIso - ok 20:34:38.0525 13472 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:34:38.0532 13472 KSecDD - ok 20:34:38.0536 13472 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:34:38.0543 13472 KSecPkg - ok 20:34:38.0556 13472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:34:38.0579 13472 ksthunk - ok 20:34:38.0592 13472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:34:38.0619 13472 KtmRm - ok 20:34:38.0640 13472 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:34:38.0665 13472 LanmanServer - ok 20:34:38.0677 13472 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:34:38.0701 13472 LanmanWorkstation - ok 20:34:38.0732 13472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:34:38.0755 13472 lltdio - ok 20:34:38.0780 13472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:34:38.0808 13472 lltdsvc - ok 20:34:38.0818 13472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:34:38.0841 13472 lmhosts - ok 20:34:38.0875 13472 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:34:38.0888 13472 LMS - ok 20:34:38.0916 13472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:34:38.0928 13472 LSI_FC - ok 20:34:38.0951 13472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:34:38.0963 13472 LSI_SAS - ok 20:34:38.0974 13472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:34:38.0984 13472 LSI_SAS2 - ok 20:34:38.0997 13472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:34:39.0008 13472 LSI_SCSI - ok 20:34:39.0028 13472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:34:39.0063 13472 luafv - ok 20:34:39.0108 13472 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 20:34:39.0114 13472 MBAMProtector - ok 20:34:39.0149 13472 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 20:34:39.0169 13472 MBAMScheduler - ok 20:34:39.0197 13472 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 20:34:39.0208 13472 MBAMService - ok 20:34:39.0228 13472 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:34:39.0238 13472 Mcx2Svc - ok 20:34:39.0248 13472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:34:39.0254 13472 megasas - ok 20:34:39.0282 13472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:34:39.0291 13472 MegaSR - ok 20:34:39.0318 13472 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 20:34:39.0323 13472 MEIx64 - ok 20:34:39.0330 13472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:34:39.0354 13472 MMCSS - ok 20:34:39.0363 13472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:34:39.0386 13472 Modem - ok 20:34:39.0405 13472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:34:39.0414 13472 monitor - ok 20:34:39.0447 13472 [ FC44AD48746FFA5FD640EF1260AB5EC2 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys 20:34:39.0457 13472 MotioninJoyXFilter - ok 20:34:39.0485 13472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:34:39.0496 13472 mouclass - ok 20:34:39.0512 13472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:34:39.0526 13472 mouhid - ok 20:34:39.0545 13472 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:34:39.0556 13472 mountmgr - ok 20:34:39.0596 13472 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:34:39.0608 13472 MozillaMaintenance - ok 20:34:39.0641 13472 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:34:39.0654 13472 mpio - ok 20:34:39.0658 13472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:34:39.0693 13472 mpsdrv - ok 20:34:39.0721 13472 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:34:39.0751 13472 MpsSvc - ok 20:34:39.0764 13472 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:34:39.0775 13472 MRxDAV - ok 20:34:39.0795 13472 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:34:39.0818 13472 mrxsmb - ok 20:34:39.0823 13472 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:34:39.0848 13472 mrxsmb10 - ok 20:34:39.0851 13472 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:34:39.0874 13472 mrxsmb20 - ok 20:34:39.0881 13472 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:34:39.0887 13472 msahci - ok 20:34:39.0899 13472 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:34:39.0905 13472 msdsm - ok 20:34:39.0923 13472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:34:39.0933 13472 MSDTC - ok 20:34:39.0948 13472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:34:39.0972 13472 Msfs - ok 20:34:39.0981 13472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:34:40.0004 13472 mshidkmdf - ok 20:34:40.0012 13472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:34:40.0017 13472 msisadrv - ok 20:34:40.0044 13472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:34:40.0082 13472 MSiSCSI - ok 20:34:40.0084 13472 msiserver - ok 20:34:40.0099 13472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:34:40.0121 13472 MSKSSRV - ok 20:34:40.0134 13472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:34:40.0157 13472 MSPCLOCK - ok 20:34:40.0169 13472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:34:40.0192 13472 MSPQM - ok 20:34:40.0213 13472 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:34:40.0223 13472 MsRPC - ok 20:34:40.0234 13472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:34:40.0240 13472 mssmbios - ok 20:34:40.0247 13472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:34:40.0270 13472 MSTEE - ok 20:34:40.0280 13472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:34:40.0287 13472 MTConfig - ok 20:34:40.0299 13472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:34:40.0305 13472 Mup - ok 20:34:40.0327 13472 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:34:40.0355 13472 napagent - ok 20:34:40.0377 13472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:34:40.0390 13472 NativeWifiP - ok 20:34:40.0423 13472 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120427.002\ENG64.SYS 20:34:40.0429 13472 NAVENG - ok 20:34:40.0466 13472 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120427.002\EX64.SYS 20:34:40.0502 13472 NAVEX15 - ok 20:34:40.0530 13472 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 20:34:40.0551 13472 NDIS - ok 20:34:40.0567 13472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:34:40.0590 13472 NdisCap - ok 20:34:40.0610 13472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:34:40.0633 13472 NdisTapi - ok 20:34:40.0636 13472 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:34:40.0658 13472 Ndisuio - ok 20:34:40.0662 13472 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:34:40.0685 13472 NdisWan - ok 20:34:40.0692 13472 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:34:40.0714 13472 NDProxy - ok 20:34:40.0736 13472 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:34:40.0739 13472 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:34:40.0739 13472 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:34:40.0753 13472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:34:40.0778 13472 NetBIOS - ok 20:34:40.0787 13472 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:34:40.0812 13472 NetBT - ok 20:34:40.0829 13472 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe 20:34:40.0838 13472 Netlogon - ok 20:34:40.0868 13472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:34:40.0896 13472 Netman - ok 20:34:40.0914 13472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:34:40.0921 13472 NetMsmqActivator - ok 20:34:40.0924 13472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:34:40.0929 13472 NetPipeActivator - ok 20:34:40.0936 13472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:34:40.0962 13472 netprofm - ok 20:34:40.0997 13472 [ 24CF1304D899124336F67F88F3C15E21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 20:34:41.0015 13472 netr28x - ok 20:34:41.0017 13472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:34:41.0023 13472 NetTcpActivator - ok 20:34:41.0025 13472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:34:41.0031 13472 NetTcpPortSharing - ok 20:34:41.0057 13472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:34:41.0063 13472 nfrd960 - ok 20:34:41.0110 13472 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe 20:34:41.0121 13472 NIS - ok 20:34:41.0152 13472 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:34:41.0193 13472 NlaSvc - ok 20:34:41.0254 13472 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 20:34:41.0296 13472 NOBU - ok 20:34:41.0331 13472 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys 20:34:41.0336 13472 NPF - ok 20:34:41.0346 13472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:34:41.0372 13472 Npfs - ok 20:34:41.0387 13472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:34:41.0410 13472 nsi - ok 20:34:41.0422 13472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:34:41.0446 13472 nsiproxy - ok 20:34:41.0476 13472 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:34:41.0507 13472 Ntfs - ok 20:34:41.0519 13472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:34:41.0542 13472 Null - ok 20:34:41.0573 13472 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 20:34:41.0594 13472 nusb3hub - ok 20:34:41.0618 13472 [ 20BC4B57A6DBA0447ADB3B623C200F8E ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 20:34:41.0640 13472 nusb3xhc - ok 20:34:41.0668 13472 [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 20:34:41.0677 13472 NVHDA - ok 20:34:41.0877 13472 [ 67D098D7DE8B881A4190EDB392DF9BB0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:34:42.0105 13472 nvlddmkm - ok 20:34:42.0128 13472 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:34:42.0135 13472 nvraid - ok 20:34:42.0147 13472 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:34:42.0154 13472 nvstor - ok 20:34:42.0190 13472 [ C5EACD90D63253C8DC11718EF0D63CA9 ] NVSvc C:\Windows\system32\nvvsvc.exe 20:34:42.0209 13472 NVSvc - ok 20:34:42.0232 13472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:34:42.0238 13472 nv_agp - ok 20:34:42.0254 13472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:34:42.0263 13472 ohci1394 - ok 20:34:42.0302 13472 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:34:42.0313 13472 ose - ok 20:34:42.0419 13472 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:34:42.0495 13472 osppsvc - ok 20:34:42.0521 13472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:34:42.0531 13472 p2pimsvc - ok 20:34:42.0543 13472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:34:42.0555 13472 p2psvc - ok 20:34:42.0575 13472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 20:34:42.0583 13472 Parport - ok 20:34:42.0599 13472 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:34:42.0605 13472 partmgr - ok 20:34:42.0615 13472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:34:42.0627 13472 PcaSvc - ok 20:34:42.0631 13472 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:34:42.0639 13472 pci - ok 20:34:42.0656 13472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:34:42.0662 13472 pciide - ok 20:34:42.0674 13472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:34:42.0682 13472 pcmcia - ok 20:34:42.0699 13472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:34:42.0705 13472 pcw - ok 20:34:42.0719 13472 pdfcDispatcher - ok 20:34:42.0730 13472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:34:42.0759 13472 PEAUTH - ok 20:34:42.0815 13472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:34:42.0824 13472 PerfHost - ok 20:34:42.0866 13472 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:34:42.0906 13472 pla - ok 20:34:42.0941 13472 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:34:42.0968 13472 PlugPlay - ok 20:34:43.0019 13472 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:34:43.0025 13472 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:34:43.0025 13472 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:34:43.0039 13472 PnkBstrA - ok 20:34:43.0054 13472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:34:43.0062 13472 PNRPAutoReg - ok 20:34:43.0072 13472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:34:43.0083 13472 PNRPsvc - ok 20:34:43.0101 13472 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:34:43.0136 13472 PolicyAgent - ok 20:34:43.0150 13472 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:34:43.0174 13472 Power - ok 20:34:43.0191 13472 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:34:43.0214 13472 PptpMiniport - ok 20:34:43.0226 13472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:34:43.0233 13472 Processor - ok 20:34:43.0253 13472 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 20:34:43.0278 13472 ProfSvc - ok 20:34:43.0287 13472 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe 20:34:43.0295 13472 ProtectedStorage - ok 20:34:43.0313 13472 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:34:43.0335 13472 Psched - ok 20:34:43.0372 13472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:34:43.0399 13472 ql2300 - ok 20:34:43.0413 13472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:34:43.0419 13472 ql40xx - ok 20:34:43.0441 13472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:34:43.0454 13472 QWAVE - ok 20:34:43.0461 13472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:34:43.0471 13472 QWAVEdrv - ok 20:34:43.0486 13472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:34:43.0508 13472 RasAcd - ok 20:34:43.0527 13472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:34:43.0550 13472 RasAgileVpn - ok 20:34:43.0562 13472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:34:43.0587 13472 RasAuto - ok 20:34:43.0613 13472 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:34:43.0651 13472 Rasl2tp - ok 20:34:43.0666 13472 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:34:43.0692 13472 RasMan - ok 20:34:43.0698 13472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:34:43.0721 13472 RasPppoe - ok 20:34:43.0724 13472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:34:43.0747 13472 RasSstp - ok 20:34:43.0752 13472 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:34:43.0778 13472 rdbss - ok 20:34:43.0787 13472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 20:34:43.0796 13472 rdpbus - ok 20:34:43.0806 13472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:34:43.0828 13472 RDPCDD - ok 20:34:43.0849 13472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:34:43.0871 13472 RDPENCDD - ok 20:34:43.0874 13472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:34:43.0897 13472 RDPREFMP - ok 20:34:43.0917 13472 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:34:43.0925 13472 RDPWD - ok 20:34:43.0938 13472 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:34:43.0946 13472 rdyboost - ok 20:34:43.0964 13472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:34:43.0987 13472 RemoteAccess - ok 20:34:44.0008 13472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:34:44.0032 13472 RemoteRegistry - ok 20:34:44.0035 13472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:34:44.0058 13472 RpcEptMapper - ok 20:34:44.0077 13472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:34:44.0085 13472 RpcLocator - ok 20:34:44.0102 13472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:34:44.0128 13472 RpcSs - ok 20:34:44.0145 13472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:34:44.0168 13472 rspndr - ok 20:34:44.0185 13472 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:34:44.0194 13472 RTL8167 - ok 20:34:44.0204 13472 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe 20:34:44.0212 13472 SamSs - ok 20:34:44.0225 13472 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:34:44.0232 13472 sbp2port - ok 20:34:44.0243 13472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:34:44.0268 13472 SCardSvr - ok 20:34:44.0281 13472 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:34:44.0304 13472 scfilter - ok 20:34:44.0324 13472 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:34:44.0358 13472 Schedule - ok 20:34:44.0437 13472 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys 20:34:44.0446 13472 SCMNdisP - ok 20:34:44.0467 13472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:34:44.0509 13472 SCPolicySvc - ok 20:34:44.0525 13472 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:34:44.0534 13472 SDRSVC - ok 20:34:44.0660 13472 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 20:34:44.0689 13472 SDScannerService - ok 20:34:44.0758 13472 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 20:34:44.0785 13472 SDUpdateService - ok 20:34:44.0803 13472 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 20:34:44.0810 13472 SDWSCService - ok 20:34:44.0840 13472 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 20:34:44.0848 13472 SeaPort - ok 20:34:44.0868 13472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:34:44.0891 13472 secdrv - ok 20:34:44.0903 13472 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:34:44.0925 13472 seclogon - ok 20:34:44.0937 13472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:34:44.0961 13472 SENS - ok 20:34:44.0978 13472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:34:44.0986 13472 SensrSvc - ok 20:34:45.0011 13472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 20:34:45.0018 13472 Serenum - ok 20:34:45.0032 13472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 20:34:45.0039 13472 Serial - ok 20:34:45.0046 13472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:34:45.0054 13472 sermouse - ok 20:34:45.0064 13472 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:34:45.0088 13472 SessionEnv - ok 20:34:45.0096 13472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:34:45.0105 13472 sffdisk - ok 20:34:45.0111 13472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:34:45.0120 13472 sffp_mmc - ok 20:34:45.0131 13472 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:34:45.0140 13472 sffp_sd - ok 20:34:45.0143 13472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:34:45.0150 13472 sfloppy - ok 20:34:45.0168 13472 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 20:34:45.0183 13472 Sftfs - ok 20:34:45.0206 13472 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:34:45.0217 13472 sftlist - ok 20:34:45.0227 13472 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 20:34:45.0234 13472 Sftplay - ok 20:34:45.0245 13472 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 20:34:45.0250 13472 Sftredir - ok 20:34:45.0254 13472 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 20:34:45.0258 13472 Sftvol - ok 20:34:45.0269 13472 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 20:34:45.0276 13472 sftvsa - ok 20:34:45.0298 13472 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:34:45.0324 13472 SharedAccess - ok 20:34:45.0343 13472 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:34:45.0369 13472 ShellHWDetection - ok 20:34:45.0396 13472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:34:45.0402 13472 SiSRaid2 - ok 20:34:45.0411 13472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:34:45.0417 13472 SiSRaid4 - ok 20:34:45.0436 13472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:34:45.0459 13472 Smb - ok 20:34:45.0481 13472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:34:45.0490 13472 SNMPTRAP - ok 20:34:45.0498 13472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:34:45.0504 13472 spldr - ok 20:34:45.0521 13472 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 20:34:45.0549 13472 Spooler - ok 20:34:45.0596 13472 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:34:45.0658 13472 sppsvc - ok 20:34:45.0668 13472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:34:45.0692 13472 sppuinotify - ok 20:34:45.0753 13472 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS 20:34:45.0778 13472 SRTSP - ok 20:34:45.0788 13472 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS 20:34:45.0794 13472 SRTSPX - ok 20:34:45.0805 13472 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:34:45.0841 13472 srv - ok 20:34:45.0854 13472 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:34:45.0881 13472 srv2 - ok 20:34:45.0885 13472 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:34:45.0908 13472 srvnet - ok 20:34:45.0933 13472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:34:45.0958 13472 SSDPSRV - ok 20:34:45.0965 13472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:34:45.0989 13472 SstpSvc - ok 20:34:46.0030 13472 [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 20:34:46.0045 13472 STacSV - ok 20:34:46.0093 13472 [ 230F0D65431489B01DFA85749DEBF625 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 20:34:46.0106 13472 Stereo Service - ok 20:34:46.0116 13472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:34:46.0125 13472 stexstor - ok 20:34:46.0148 13472 [ 5C8D6072D1D09F11789C6A014688048A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 20:34:46.0165 13472 STHDA - ok 20:34:46.0181 13472 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 20:34:46.0190 13472 StillCam - ok 20:34:46.0211 13472 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:34:46.0229 13472 stisvc - ok 20:34:46.0251 13472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:34:46.0257 13472 swenum - ok 20:34:46.0280 13472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:34:46.0310 13472 swprv - ok 20:34:46.0328 13472 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS 20:34:46.0337 13472 SymDS - ok 20:34:46.0389 13472 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS 20:34:46.0413 13472 SymEFA - ok 20:34:46.0438 13472 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 20:34:46.0444 13472 SymEvent - ok 20:34:46.0475 13472 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS 20:34:46.0481 13472 SymIRON - ok 20:34:46.0496 13472 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS 20:34:46.0506 13472 SymNetS - ok 20:34:46.0541 13472 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:34:46.0573 13472 SysMain - ok 20:34:46.0579 13472 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:34:46.0591 13472 TabletInputService - ok 20:34:46.0604 13472 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:34:46.0632 13472 TapiSrv - ok 20:34:46.0643 13472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:34:46.0667 13472 TBS - ok 20:34:46.0708 13472 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:34:46.0742 13472 Tcpip - ok 20:34:46.0770 13472 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:34:46.0795 13472 TCPIP6 - ok 20:34:46.0808 13472 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:34:46.0830 13472 tcpipreg - ok 20:34:46.0842 13472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:34:46.0849 13472 TDPIPE - ok 20:34:46.0870 13472 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:34:46.0877 13472 TDTCP - ok 20:34:46.0882 13472 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:34:46.0905 13472 tdx - ok 20:34:46.0918 13472 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:34:46.0924 13472 TermDD - ok 20:34:46.0952 13472 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:34:46.0983 13472 TermService - ok 20:34:46.0994 13472 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:34:47.0005 13472 Themes - ok 20:34:47.0021 13472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:34:47.0044 13472 THREADORDER - ok 20:34:47.0051 13472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:34:47.0075 13472 TrkWks - ok 20:34:47.0111 13472 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:34:47.0143 13472 TrustedInstaller - ok 20:34:47.0151 13472 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:34:47.0173 13472 tssecsrv - ok 20:34:47.0188 13472 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:34:47.0195 13472 TsUsbFlt - ok 20:34:47.0202 13472 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:34:47.0208 13472 TsUsbGD - ok 20:34:47.0226 13472 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:34:47.0249 13472 tunnel - ok 20:34:47.0256 13472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:34:47.0262 13472 uagp35 - ok 20:34:47.0278 13472 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:34:47.0303 13472 udfs - ok 20:34:47.0321 13472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:34:47.0330 13472 UI0Detect - ok 20:34:47.0340 13472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:34:47.0346 13472 uliagpkx - ok 20:34:47.0362 13472 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:34:47.0370 13472 umbus - ok 20:34:47.0384 13472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:34:47.0391 13472 UmPass - ok 20:34:47.0471 13472 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:34:47.0509 13472 UNS - ok 20:34:47.0527 13472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:34:47.0554 13472 upnphost - ok 20:34:47.0578 13472 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:34:47.0586 13472 usbccgp - ok 20:34:47.0599 13472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:34:47.0609 13472 usbcir - ok 20:34:47.0621 13472 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:34:47.0629 13472 usbehci - ok 20:34:47.0648 13472 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:34:47.0659 13472 usbhub - ok 20:34:47.0668 13472 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:34:47.0675 13472 usbohci - ok 20:34:47.0683 13472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:34:47.0692 13472 usbprint - ok 20:34:47.0695 13472 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:34:47.0703 13472 USBSTOR - ok 20:34:47.0714 13472 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:34:47.0721 13472 usbuhci - ok 20:34:47.0729 13472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:34:47.0754 13472 UxSms - ok 20:34:47.0763 13472 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe 20:34:47.0771 13472 VaultSvc - ok 20:34:47.0805 13472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:34:47.0811 13472 vdrvroot - ok 20:34:47.0840 13472 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:34:47.0867 13472 vds - ok 20:34:47.0893 13472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:34:47.0902 13472 vga - ok 20:34:47.0930 13472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:34:47.0953 13472 VgaSave - ok 20:34:47.0957 13472 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:34:47.0964 13472 vhdmp - ok 20:34:47.0990 13472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:34:47.0996 13472 viaide - ok 20:34:48.0006 13472 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:34:48.0012 13472 volmgr - ok 20:34:48.0023 13472 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:34:48.0034 13472 volmgrx - ok 20:34:48.0039 13472 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:34:48.0049 13472 volsnap - ok 20:34:48.0071 13472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:34:48.0078 13472 vsmraid - ok 20:34:48.0105 13472 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:34:48.0144 13472 VSS - ok 20:34:48.0152 13472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:34:48.0161 13472 vwifibus - ok 20:34:48.0179 13472 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:34:48.0189 13472 vwififlt - ok 20:34:48.0203 13472 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 20:34:48.0214 13472 vwifimp - ok 20:34:48.0240 13472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:34:48.0267 13472 W32Time - ok 20:34:48.0284 13472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:34:48.0291 13472 WacomPen - ok 20:34:48.0307 13472 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:34:48.0329 13472 WANARP - ok 20:34:48.0332 13472 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:34:48.0354 13472 Wanarpv6 - ok 20:34:48.0384 13472 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:34:48.0402 13472 wbengine - ok 20:34:48.0416 13472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:34:48.0428 13472 WbioSrvc - ok 20:34:48.0441 13472 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:34:48.0456 13472 wcncsvc - ok 20:34:48.0463 13472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:34:48.0471 13472 WcsPlugInService - ok 20:34:48.0484 13472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:34:48.0490 13472 Wd - ok 20:34:48.0498 13472 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:34:48.0513 13472 Wdf01000 - ok 20:34:48.0528 13472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:34:48.0540 13472 WdiServiceHost - ok 20:34:48.0542 13472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:34:48.0554 13472 WdiSystemHost - ok 20:34:48.0572 13472 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:34:48.0586 13472 WebClient - ok 20:34:48.0600 13472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:34:48.0627 13472 Wecsvc - ok 20:34:48.0633 13472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:34:48.0657 13472 wercplsupport - ok 20:34:48.0673 13472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:34:48.0697 13472 WerSvc - ok 20:34:48.0719 13472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:34:48.0742 13472 WfpLwf - ok 20:34:48.0752 13472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:34:48.0758 13472 WIMMount - ok 20:34:48.0776 13472 WinDefend - ok 20:34:48.0779 13472 WinHttpAutoProxySvc - ok 20:34:48.0816 13472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:34:48.0858 13472 Winmgmt - ok 20:34:48.0901 13472 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:34:48.0950 13472 WinRM - ok 20:34:48.0981 13472 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:34:48.0990 13472 WinUsb - ok 20:34:49.0017 13472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:34:49.0038 13472 Wlansvc - ok 20:34:49.0073 13472 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:34:49.0080 13472 wlcrasvc - ok 20:34:49.0137 13472 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:34:49.0179 13472 wlidsvc - ok 20:34:49.0204 13472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:34:49.0211 13472 WmiAcpi - ok 20:34:49.0234 13472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:34:49.0244 13472 wmiApSrv - ok 20:34:49.0261 13472 WMPNetworkSvc - ok 20:34:49.0278 13472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:34:49.0286 13472 WPCSvc - ok 20:34:49.0297 13472 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:34:49.0328 13472 WPDBusEnum - ok 20:34:49.0343 13472 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:34:49.0375 13472 ws2ifsl - ok 20:34:49.0387 13472 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:34:49.0399 13472 wscsvc - ok 20:34:49.0423 13472 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:34:49.0432 13472 WSDPrintDevice - ok 20:34:49.0434 13472 WSearch - ok 20:34:49.0464 13472 [ D0697918519A4CF059C2C7E3B9E93A53 ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 20:34:49.0471 13472 WSWNA3100 - ok 20:34:49.0505 13472 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll 20:34:49.0557 13472 wuauserv - ok 20:34:49.0566 13472 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:34:49.0589 13472 WudfPf - ok 20:34:49.0612 13472 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:34:49.0637 13472 WUDFRd - ok 20:34:49.0649 13472 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:34:49.0673 13472 wudfsvc - ok 20:34:49.0683 13472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:34:49.0696 13472 WwanSvc - ok 20:34:49.0717 13472 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 20:34:49.0722 13472 xusb21 - ok 20:34:49.0731 13472 ================ Scan global =============================== 20:34:49.0747 13472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:34:49.0761 13472 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll 20:34:49.0766 13472 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll 20:34:49.0791 13472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:34:49.0803 13472 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:34:49.0808 13472 [Global] - ok 20:34:49.0808 13472 ================ Scan MBR ================================== 20:34:49.0817 13472 [ EAC59A77FB3AF705888E6920B4D66969 ] \Device\Harddisk0\DR0 20:34:50.0110 13472 \Device\Harddisk0\DR0 - ok 20:34:50.0110 13472 ================ Scan VBR ================================== 20:34:50.0113 13472 [ 04090573FD4F677CBFF5362CC45DE38E ] \Device\Harddisk0\DR0\Partition1 20:34:50.0114 13472 \Device\Harddisk0\DR0\Partition1 - ok 20:34:50.0148 13472 [ 77FEF98645BA1AF7F2D0FEFB2BEE7C34 ] \Device\Harddisk0\DR0\Partition2 20:34:50.0150 13472 \Device\Harddisk0\DR0\Partition2 - ok 20:34:50.0184 13472 [ 3227AA7D2508F0AD8EF6E93405A6BD7E ] \Device\Harddisk0\DR0\Partition3 20:34:50.0186 13472 \Device\Harddisk0\DR0\Partition3 - ok 20:34:50.0186 13472 ============================================================ 20:34:50.0187 13472 Scan finished 20:34:50.0187 13472 ============================================================ 20:34:50.0197 15072 Detected object count: 3 20:34:50.0197 15072 Actual detected object count: 3 20:36:06.0053 15072 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:36:06.0053 15072 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:36:06.0054 15072 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:36:06.0054 15072 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:36:06.0056 15072 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:36:06.0056 15072 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip Vielen Dank für die Hilfe  |
|
04.12.2012, 20:49
| #6 | |
| /// Malware-holic | Trojaner meldet sich mit meinem Internet immer wieder nbeu an combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojaner meldet sich mit meinem Internet immer wieder nbeu an |
|
04.12.2012, 21:31
| #7 |
| | Trojaner meldet sich mit meinem Internet immer wieder nbeu an Combofix Logfile: Code:
ATTFilter ComboFix 12-12-04.01 - Joël 04.12.2012 21:16:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1031.18.8175.6468 [GMT 1:00]
ausgeführt von:: c:\users\JoÙl\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-04 bis 2012-12-04 ))))))))))))))))))))))))))))))
.
.
2074-05-18 16:44 . 2008-03-21 13:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-12-04 20:19 . 2012-12-04 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 18:19 . 2012-12-04 18:19 -------- d-----w- C:\_OTL
2012-12-03 09:00 . 2012-12-03 09:00 -------- d-----w- c:\users\Joël\AppData\Local\ElevatedDiagnostics
2012-12-02 23:33 . 2012-12-04 20:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-02 23:32 . 2012-12-04 20:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-02 23:32 . 2012-12-02 23:32 -------- d-----w- c:\users\Joël\AppData\Local\Programs
2012-11-26 16:42 . 2012-11-26 16:42 -------- d-----w- c:\users\Joël\AppData\Roaming\Malwarebytes
2012-11-26 16:41 . 2012-11-26 16:41 -------- d-----w- c:\programdata\Malwarebytes
2012-11-26 16:41 . 2012-11-26 16:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-26 16:41 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-26 16:05 . 2012-11-26 16:05 -------- d-----w- c:\programdata\Sophos
2012-11-26 16:05 . 2012-11-26 16:05 73728 ----a-r- c:\users\Joël\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-26 16:05 . 2012-11-26 16:05 73728 ----a-r- c:\users\Joël\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-26 16:05 . 2012-11-26 16:05 73728 ----a-r- c:\users\Joël\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-11-26 16:05 . 2012-11-26 16:05 -------- d-----w- c:\program files (x86)\Sophos
2012-11-26 12:06 . 2012-11-26 12:06 -------- d-----w- c:\users\Joël\AppData\Local\Apple Computer
2012-11-23 10:54 . 2012-11-23 10:54 -------- d-----w- c:\users\Joël\AppData\Roaming\Apple Computer
2012-11-22 13:17 . 2012-11-22 13:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-11-22 13:17 . 2012-11-22 13:17 -------- d-----w- c:\users\Joël\AppData\Local\Apple
2012-11-22 13:17 . 2012-11-22 13:17 -------- d-----w- c:\programdata\Apple
2012-11-22 13:17 . 2012-11-22 13:17 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-19 21:16 . 2012-11-19 21:17 -------- d-----w- c:\program files (x86)\TKM17
2012-11-06 20:58 . 2006-03-31 11:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-11-06 20:55 . 2012-11-09 16:35 -------- d-----w- c:\program files (x86)\Tomb Raider - Anniversary
2012-11-06 17:54 . 2012-11-06 17:55 -------- d-----w- c:\windows\_ISTMP3.DIR
2012-11-05 20:22 . 2012-11-05 20:22 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-05 18:49 . 2012-11-05 18:49 -------- d-----w- c:\users\Joël\AppData\Roaming\Origin
2012-11-05 18:49 . 2012-11-05 18:49 -------- d-----w- c:\users\Joël\AppData\Local\Origin
2012-11-05 18:49 . 2012-11-05 20:22 -------- d-----w- c:\programdata\Origin
2012-11-05 18:49 . 2012-11-05 18:49 -------- d-----w- c:\programdata\Electronic Arts
2012-11-05 18:49 . 2012-11-05 18:49 -------- d-----w- c:\program files (x86)\Origin
2012-11-05 18:42 . 2012-11-06 17:55 -------- d-----w- c:\program files (x86)\Fox
2012-11-05 18:39 . 1997-03-24 15:42 314368 ----a-w- c:\windows\IsUninst.exe
2012-11-05 18:38 . 2012-11-05 18:38 -------- d-----w- c:\windows\_ISTMP2.DIR
2012-11-05 18:38 . 2012-11-05 18:38 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-11-05 18:38 . 2012-11-05 18:38 -------- d-----w- C:\_ISTMP1.DIR
2012-11-05 18:30 . 2012-11-05 18:32 -------- d-----w- c:\users\Joël\AppData\Roaming\ImgBurn
2012-11-05 18:26 . 2012-11-05 18:26 -------- d-----w- c:\program files (x86)\ImgBurn
2012-11-05 17:57 . 2012-11-05 18:02 -------- d-----w- c:\program files (x86)\IZArc
2012-11-05 12:09 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-05 12:09 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-11-05 12:09 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-11-05 12:09 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-05 12:09 . 2010-06-02 03:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2012-11-05 11:14 . 2012-12-03 02:01 -------- d-----w- c:\program files (x86)\YourFileDownloader
2012-11-05 11:14 . 2012-11-05 11:14 -------- d-----w- c:\users\Joël\AppData\Roaming\YourFileDownloader
2012-11-05 11:06 . 2012-11-25 15:44 -------- d-----w- c:\program files (x86)\PC HealthBoost
2012-11-05 09:44 . 2012-11-05 12:06 -------- d-----w- c:\program files (x86)\Medal of Honor Warfighter - Limited Edition
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 16:05 . 2012-11-26 16:05 73728 ----a-r- c:\users\Joël\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-11-26 16:05 . 2012-11-26 16:05 73728 ----a-r- c:\users\Joël\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-09 16:00 . 2012-04-08 17:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:00 . 2012-03-16 17:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Mondkalender"="22" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-02-10 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-17 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-3-16 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-03-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-30 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-04-08 1757952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-07-27 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 16:00]
.
2012-12-04 c:\windows\Tasks\WpsUpdateTask_Joël.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-26 835072]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
FF - ProfilePath - c:\users\Joël\AppData\Roaming\Mozilla\Firefox\Profiles\6ad22dyw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={DEACF660-F7A7-11E1-B64D-E06995A7531D}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10011&q=
FF - ExtSQL: !HIDDEN! 2012-05-15 16:28; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
AddRemove-Croc 2 - c:\windows\IsUn0407.exe
AddRemove-Der Mondkalender - c:\windows\IsUn0407.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4072727702-2463935606-4169030245-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:eb,b2,bc,6e,8e,43,99,57,4e,0a,9d,d4,32,5d,44,fb,f3,87,98,7c,84,a4,c1,
55,d6,27,ec,96,f2,9d,f7,65,a3,f9,c7,9c,b5,83,60,ca,3d,a4,e3,b2,1c,78,a7,1b,\
"??"=hex:a0,85,c7,63,d7,4e,60,f5,47,d3,99,36,01,6b,b9,5f
.
[HKEY_USERS\S-1-5-21-4072727702-2463935606-4169030245-1000\Software\SecuROM\License information*]
"datasecu"=hex:94,25,dc,d4,8a,ba,93,2e,7e,52,7e,3b,f9,77,b2,41,d9,b3,0f,f7,df,
ee,38,76,d6,3d,6e,66,db,42,2e,0a,5b,10,c4,f6,2a,17,94,79,5e,3b,bc,ab,61,fc,\
"rkeysecu"=hex:2a,0a,6f,e7,76,11,d8,6b,ed,e5,f8,80,92,8b,87,8c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-04 21:24:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-04 20:24
.
Vor Suchlauf: 1750563717120 Bytes frei
Nach Suchlauf: 1750364930048 Bytes frei
.
- - End Of File - - F77ADDC546044B0A83D75FFC20DE3A12
Vielen Dank für deine Hilfe Bin dir echt dankbar das Problem scheint gelöst zu sein. Gerne werde ich euch unterstützen und weiterempfehlen. Noch ein paar Fragen zu dem Verschlüsselungstrojaner Soll ich nie mehr bittorrent benutzen oder kann man sich irgendwie dagegen schützen dass so etwas nicht mehr passiert? Soll ich die Spiele die ich von Bittorrent heruntergeladen habe löschen? Wie kann ich allgemein verhindern dass wieder so etwas passiert? Habe gerade gemerkt dass es immer noch passiert  |
|
05.12.2012, 22:23
| #8 |
| /// Malware-holic | Trojaner meldet sich mit meinem Internet immer wieder nbeu an Hi, 1. besteht das Problem noch? 2. Nutzt du LAN oder WLAN? 3. haben, falls vorhanden, andere PCs im Haushalt das selbe Problem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.12.2012, 23:19
| #9 |
| | Trojaner meldet sich mit meinem Internet immer wieder nbeu an ja das Problem besteht noch. Das heisst ab und zu. Bei anderen Computern gibt es das Problem nicht so oft. Ist jedoch auch schon vorgekommen. Aber eher selten. Ich habe w-lan |
|
05.12.2012, 23:24
| #10 |
| /// Malware-holic | Trojaner meldet sich mit meinem Internet immer wieder nbeu an Hi, na wenn das Problem auch bei anderen PC'S besteht, könnte es auch ein Problem mit dem WLAN sein. 1. wie stark ist das Signal? 2. Wie weit steht der Router vom PC, evtl. auch mehr etagen Haus? 3. Router Modell? 4. Wie viele andere Wlan Netze sind denn noch in der Umgebung?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.12.2012, 23:30
| #11 |
| | Trojaner meldet sich mit meinem Internet immer wieder nbeu an Kann sein das Mein W-lan am weitesten entfernt ist von meinem Computer. Habe jetz wieder das Netgear usb Stick an meinen Computer angeschlossen und momentan geht es. Ich halte dich auf dem Laufenden lg Joël |
|
05.12.2012, 23:42
| #12 |
| /// Malware-holic | Trojaner meldet sich mit meinem Internet immer wieder nbeu an Naja, sieht man doch an der Signal stärke. häufig kann man in der Router konfig noch was nach konfigurieren, bzw den router anders stellen etc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 00:15
| #13 |
| | Trojaner meldet sich mit meinem Internet immer wieder nbeu an ¨Meine Internetverbindung hat zwei Striche Ist das zu wenig? Das Modem ist von meinem Freund Mitbewohner. Keine Ahnung was man da einstellen kann. Aber das Virus Problem scheint gelöst zu sein. Danke Vielmals Joël |
|
06.12.2012, 00:19
| #14 |
| /// Malware-holic | Trojaner meldet sich mit meinem Internet immer wieder nbeu an ja, 2 Striche ist wenig. schau doch mal, was am Router steht. lade den CCleaner standard: http://filepony.de/download-ccleaner/ falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 00:36
| #15 |
| | Trojaner meldet sich mit meinem Internet immer wieder nbeu an Wenn ich lange nichts du und dann wieder mit etwas verbinden möchte habe ich wieder eingeschränkten Zugriff |
|
| Themen zu Trojaner meldet sich mit meinem Internet immer wieder nbeu an |
| administrator, anti-malware, appdata, autostart, dateien, erfolgreich, explorer, gelöscht, interne, internet, internetverbindung, malware, malware.nspack, meldet, pup.bundleinstaller.bi, quarantäne, registrierung, service, speicher, temp, trojaner, verbindung, version |
Linear-Darstellung
