| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.12.2012, 14:49
| #1 |
| |  Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Hallo, habe vor 2 Tagen auch eine Lufthansa Spam Mail bekommen und den Anhang angeclickt. Daraufhin hat sich sofort mein Antivir gemeldet und ich habe die verdächtige Datei entfernt. Der Anhang ist also nicht entpackt worden. Später an diesem Tag habe ich mir Malwarebytes heruntergeladen und einen Quickscan gemacht. Dabei kam folgender Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.17.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Sandra :: ****-HP [Administrator] 17.12.2012 22:01:52 mbam-log-2012-12-17 (22-01-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212259 Laufzeit: 6 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{600F4BCA-1B1A-6C07-E4BA-DFB249D516F0} (Trojan.ZbotR.Gen) -> Daten: C:\Users\****\AppData\Roaming\Ewa\taylgy.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\****\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. Bin dankbar für jede Hilfe! Geändert von Zondren (19.12.2012 um 14:55 Uhr) |
|
19.12.2012, 14:50
| #2 | |
| /// TB-Ausbilder  | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
19.12.2012, 14:51
| #3 | ||
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Schritt 5:
__________________lesen Zitat:
__________________ |
|
19.12.2012, 15:27
| #4 |
| | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Vielen Dank, denke es sollte alles geklappt haben. Schritt 1: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:59 on 19/12/2012 (Sandra)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Erster Scan ist abgebrochen, 2. Scan dann mit AV - none: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 15:08:59
-----------------------------
15:08:59.995 OS Version: Windows x64 6.1.7600
15:08:59.995 Number of processors: 4 586 0x2505
15:08:59.995 ComputerName: SANDRA-HP UserName: Sandra
15:09:01.009 Initialize success
15:09:12.163 AVAST engine defs: 12121900
15:09:20.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:09:20.462 Disk 0 Vendor: TOSHIBA_ LH00 Size: 238475MB BusType: 3
15:09:20.509 Disk 0 MBR read successfully
15:09:20.509 Disk 0 MBR scan
15:09:20.525 Disk 0 Windows 7 default MBR code
15:09:20.556 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
15:09:20.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220770 MB offset 616448
15:09:20.634 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 452753408
15:09:20.665 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 484210688
15:09:20.712 Disk 0 scanning C:\windows\system32\drivers
15:09:36.078 Service scanning
15:10:04.439 Modules scanning
15:10:04.454 Disk 0 trace - called modules:
15:10:04.501 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
15:10:04.501 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004596060]
15:10:04.517 3 CLASSPNP.SYS[fffff88001b2c43f] -> nt!IofCallDriver -> [0xfffffa8004453b10]
15:10:04.517 5 hpdskflt.sys[fffff88001ad3289] -> nt!IofCallDriver -> [0xfffffa80025e65b0]
15:10:04.532 7 ACPI.sys[fffff88000e1b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80025e7050]
15:10:04.532 Scan finished successfully
15:10:22.988 Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\MBR.dat"
15:10:23.004 The log file has been saved successfully to "C:\Users\Sandra\Desktop\aswMBR.txt"
Code:
ATTFilter 15:11:22.0396 3844 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:11:22.0599 3844 ============================================================
15:11:22.0599 3844 Current date / time: 2012/12/19 15:11:22.0599
15:11:22.0599 3844 SystemInfo:
15:11:22.0599 3844
15:11:22.0599 3844 OS Version: 6.1.7600 ServicePack: 0.0
15:11:22.0599 3844 Product type: Workstation
15:11:22.0599 3844 ComputerName: SANDRA-HP
15:11:22.0599 3844 UserName: Sandra
15:11:22.0599 3844 Windows directory: C:\windows
15:11:22.0599 3844 System windows directory: C:\windows
15:11:22.0599 3844 Running under WOW64
15:11:22.0599 3844 Processor architecture: Intel x64
15:11:22.0599 3844 Number of processors: 4
15:11:22.0599 3844 Page size: 0x1000
15:11:22.0599 3844 Boot type: Normal boot
15:11:22.0599 3844 ============================================================
15:11:23.0676 3844 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:23.0691 3844 ============================================================
15:11:23.0691 3844 \Device\Harddisk0\DR0:
15:11:23.0691 3844 MBR partitions:
15:11:23.0691 3844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
15:11:23.0691 3844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x1AF31000
15:11:23.0691 3844 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1AFC7800, BlocksNum 0x1E00000
15:11:23.0691 3844 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1CDC7800, BlocksNum 0x3FD970
15:11:23.0691 3844 ============================================================
15:11:23.0769 3844 C: <-> \Device\Harddisk0\DR0\Partition2
15:11:23.0800 3844 F: <-> \Device\Harddisk0\DR0\Partition4
15:11:23.0878 3844 ============================================================
15:11:23.0878 3844 Initialize success
15:11:23.0878 3844 ============================================================
15:11:41.0241 1080 ============================================================
15:11:41.0241 1080 Scan started
15:11:41.0241 1080 Mode: Manual; TDLFS;
15:11:41.0241 1080 ============================================================
15:11:41.0382 1080 ================ Scan system memory ========================
15:11:41.0382 1080 System memory - ok
15:11:41.0382 1080 ================ Scan services =============================
15:11:41.0584 1080 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
15:11:41.0584 1080 1394ohci - ok
15:11:41.0631 1080 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
15:11:41.0631 1080 Accelerometer - ok
15:11:41.0694 1080 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:11:41.0725 1080 ACDaemon - ok
15:11:41.0756 1080 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
15:11:41.0756 1080 ACPI - ok
15:11:41.0772 1080 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
15:11:41.0772 1080 AcpiPmi - ok
15:11:41.0834 1080 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:11:41.0850 1080 AdobeARMservice - ok
15:11:41.0974 1080 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:11:42.0006 1080 AdobeFlashPlayerUpdateSvc - ok
15:11:42.0084 1080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:11:42.0084 1080 adp94xx - ok
15:11:42.0130 1080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:11:42.0146 1080 adpahci - ok
15:11:42.0162 1080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:11:42.0162 1080 adpu320 - ok
15:11:42.0193 1080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:11:42.0193 1080 AeLookupSvc - ok
15:11:42.0255 1080 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
15:11:42.0255 1080 AESTFilters - ok
15:11:42.0318 1080 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
15:11:42.0318 1080 Afc - ok
15:11:42.0380 1080 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
15:11:42.0396 1080 AFD - ok
15:11:42.0427 1080 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
15:11:42.0427 1080 AgereModemAudio - ok
15:11:42.0505 1080 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
15:11:42.0520 1080 AgereSoftModem - ok
15:11:42.0552 1080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
15:11:42.0552 1080 agp440 - ok
15:11:42.0583 1080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:11:42.0583 1080 ALG - ok
15:11:42.0614 1080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:11:42.0614 1080 aliide - ok
15:11:42.0645 1080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:11:42.0645 1080 amdide - ok
15:11:42.0676 1080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:11:42.0692 1080 AmdK8 - ok
15:11:42.0708 1080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:11:42.0708 1080 AmdPPM - ok
15:11:42.0754 1080 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:11:42.0754 1080 amdsata - ok
15:11:42.0786 1080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:11:42.0786 1080 amdsbs - ok
15:11:42.0817 1080 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
15:11:42.0817 1080 amdxata - ok
15:11:42.0957 1080 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:11:42.0988 1080 AntiVirSchedulerService - ok
15:11:43.0035 1080 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:11:43.0035 1080 AntiVirService - ok
15:11:43.0082 1080 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
15:11:43.0082 1080 AppID - ok
15:11:43.0098 1080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:11:43.0098 1080 AppIDSvc - ok
15:11:43.0113 1080 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
15:11:43.0113 1080 Appinfo - ok
15:11:43.0144 1080 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
15:11:43.0160 1080 AppMgmt - ok
15:11:43.0191 1080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
15:11:43.0191 1080 arc - ok
15:11:43.0207 1080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:11:43.0222 1080 arcsas - ok
15:11:43.0254 1080 [ CE2168C926927BA926301BAF172BC693 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
15:11:43.0254 1080 ARCVCAM - ok
15:11:43.0269 1080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:11:43.0269 1080 AsyncMac - ok
15:11:43.0300 1080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:11:43.0300 1080 atapi - ok
15:11:43.0347 1080 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:11:43.0363 1080 AudioEndpointBuilder - ok
15:11:43.0363 1080 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
15:11:43.0378 1080 AudioSrv - ok
15:11:43.0441 1080 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
15:11:43.0441 1080 avgntflt - ok
15:11:43.0472 1080 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
15:11:43.0488 1080 avipbb - ok
15:11:43.0503 1080 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
15:11:43.0503 1080 avkmgr - ok
15:11:43.0550 1080 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
15:11:43.0550 1080 AxInstSV - ok
15:11:43.0597 1080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
15:11:43.0612 1080 b06bdrv - ok
15:11:43.0659 1080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:11:43.0659 1080 b57nd60a - ok
15:11:43.0768 1080 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
15:11:43.0800 1080 BCM43XX - ok
15:11:43.0831 1080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:11:43.0831 1080 BDESVC - ok
15:11:43.0846 1080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:11:43.0846 1080 Beep - ok
15:11:43.0878 1080 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
15:11:43.0893 1080 BFE - ok
15:11:43.0924 1080 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\System32\qmgr.dll
15:11:43.0940 1080 BITS - ok
15:11:43.0971 1080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:11:43.0971 1080 blbdrive - ok
15:11:44.0002 1080 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:11:44.0002 1080 bowser - ok
15:11:44.0034 1080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:11:44.0034 1080 BrFiltLo - ok
15:11:44.0065 1080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:11:44.0065 1080 BrFiltUp - ok
15:11:44.0112 1080 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
15:11:44.0112 1080 Browser - ok
15:11:44.0127 1080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:11:44.0127 1080 Brserid - ok
15:11:44.0143 1080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:11:44.0158 1080 BrSerWdm - ok
15:11:44.0174 1080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:11:44.0174 1080 BrUsbMdm - ok
15:11:44.0190 1080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:11:44.0190 1080 BrUsbSer - ok
15:11:44.0252 1080 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:11:44.0252 1080 BthEnum - ok
15:11:44.0268 1080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:11:44.0268 1080 BTHMODEM - ok
15:11:44.0314 1080 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:11:44.0314 1080 BthPan - ok
15:11:44.0361 1080 [ E10D1912634974EA273A1588C75CCB76 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:11:44.0361 1080 BTHPORT - ok
15:11:44.0408 1080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:11:44.0408 1080 bthserv - ok
15:11:44.0439 1080 [ 19B784B6ECBB3ADBB2242700FEE90BEC ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:11:44.0439 1080 BTHUSB - ok
15:11:44.0486 1080 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
15:11:44.0502 1080 btwampfl - ok
15:11:44.0517 1080 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:11:44.0533 1080 btwaudio - ok
15:11:44.0564 1080 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
15:11:44.0564 1080 btwavdt - ok
15:11:44.0642 1080 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:11:44.0658 1080 btwdins - ok
15:11:44.0673 1080 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:11:44.0673 1080 btwl2cap - ok
15:11:44.0704 1080 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:11:44.0704 1080 btwrchid - ok
15:11:44.0736 1080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:11:44.0736 1080 cdfs - ok
15:11:44.0767 1080 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:11:44.0767 1080 cdrom - ok
15:11:44.0814 1080 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
15:11:44.0814 1080 CertPropSvc - ok
15:11:44.0845 1080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:11:44.0845 1080 circlass - ok
15:11:44.0876 1080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:11:44.0876 1080 CLFS - ok
15:11:44.0954 1080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:44.0970 1080 clr_optimization_v2.0.50727_32 - ok
15:11:45.0016 1080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:11:45.0032 1080 clr_optimization_v2.0.50727_64 - ok
15:11:45.0094 1080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:45.0126 1080 clr_optimization_v4.0.30319_32 - ok
15:11:45.0157 1080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:11:45.0157 1080 clr_optimization_v4.0.30319_64 - ok
15:11:45.0188 1080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:11:45.0188 1080 CmBatt - ok
15:11:45.0204 1080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:11:45.0204 1080 cmdide - ok
15:11:45.0266 1080 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
15:11:45.0266 1080 CNG - ok
15:11:45.0297 1080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:11:45.0297 1080 Compbatt - ok
15:11:45.0328 1080 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
15:11:45.0328 1080 CompositeBus - ok
15:11:45.0344 1080 COMSysApp - ok
15:11:45.0360 1080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:11:45.0360 1080 crcdisk - ok
15:11:45.0406 1080 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\windows\system32\cryptsvc.dll
15:11:45.0422 1080 CryptSvc - ok
15:11:45.0453 1080 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\windows\system32\drivers\csc.sys
15:11:45.0469 1080 CSC - ok
15:11:45.0484 1080 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\windows\System32\cscsvc.dll
15:11:45.0500 1080 CscService - ok
15:11:45.0531 1080 [ A8BA4DA23AC20BDA23CA15234D42A3FA ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
15:11:45.0531 1080 DAMDrv - ok
15:11:45.0562 1080 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
15:11:45.0578 1080 DcomLaunch - ok
15:11:45.0640 1080 [ E6E9610D76418357A7EC725989687CB4 ] DEBridge C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
15:11:45.0656 1080 DEBridge - ok
15:11:45.0687 1080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:11:45.0687 1080 defragsvc - ok
15:11:45.0718 1080 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:11:45.0718 1080 DfsC - ok
15:11:45.0750 1080 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
15:11:45.0750 1080 Dhcp - ok
15:11:45.0765 1080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:11:45.0765 1080 discache - ok
15:11:45.0812 1080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
15:11:45.0812 1080 Disk - ok
15:11:45.0843 1080 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
15:11:45.0843 1080 Dnscache - ok
15:11:45.0859 1080 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
15:11:45.0874 1080 dot3svc - ok
15:11:45.0906 1080 [ E0E65ED0985A28FB18128D6099E985C4 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
15:11:45.0921 1080 DpHost - ok
15:11:45.0921 1080 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
15:11:45.0937 1080 DPS - ok
15:11:45.0952 1080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:11:45.0952 1080 drmkaud - ok
15:11:45.0999 1080 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:11:45.0999 1080 DXGKrnl - ok
15:11:46.0030 1080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:11:46.0030 1080 EapHost - ok
15:11:46.0124 1080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
15:11:46.0155 1080 ebdrv - ok
15:11:46.0202 1080 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
15:11:46.0202 1080 EFS - ok
15:11:46.0264 1080 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:11:46.0296 1080 ehRecvr - ok
15:11:46.0327 1080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:11:46.0342 1080 ehSched - ok
15:11:46.0374 1080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:11:46.0389 1080 elxstor - ok
15:11:46.0452 1080 [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
15:11:46.0452 1080 EPSON_PM_RPCV4_01 - ok
15:11:46.0467 1080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
15:11:46.0467 1080 ErrDev - ok
15:11:46.0530 1080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:11:46.0530 1080 EventSystem - ok
15:11:46.0592 1080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:11:46.0592 1080 exfat - ok
15:11:46.0608 1080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:11:46.0608 1080 fastfat - ok
15:11:46.0639 1080 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
15:11:46.0654 1080 Fax - ok
15:11:46.0670 1080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:11:46.0670 1080 fdc - ok
15:11:46.0701 1080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:11:46.0701 1080 fdPHost - ok
15:11:46.0717 1080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:11:46.0717 1080 FDResPub - ok
15:11:46.0732 1080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:11:46.0732 1080 FileInfo - ok
15:11:46.0748 1080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:11:46.0748 1080 Filetrace - ok
15:11:46.0826 1080 [ 7E728680AA428506A82351D859C32C95 ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
15:11:46.0842 1080 FLCDLOCK - ok
15:11:46.0888 1080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:11:46.0888 1080 flpydisk - ok
15:11:46.0920 1080 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:11:46.0935 1080 FltMgr - ok
15:11:46.0982 1080 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
15:11:46.0998 1080 FontCache - ok
15:11:47.0044 1080 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:11:47.0044 1080 FontCache3.0.0.0 - ok
15:11:47.0060 1080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:11:47.0060 1080 FsDepends - ok
15:11:47.0091 1080 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:11:47.0091 1080 Fs_Rec - ok
15:11:47.0122 1080 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:11:47.0122 1080 fvevol - ok
15:11:47.0138 1080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:11:47.0154 1080 gagp30kx - ok
15:11:47.0200 1080 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\windows\system32\DRIVERS\ggflt.sys
15:11:47.0200 1080 ggflt - ok
15:11:47.0216 1080 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\windows\system32\DRIVERS\ggsemc.sys
15:11:47.0216 1080 ggsemc - ok
15:11:47.0263 1080 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
15:11:47.0263 1080 gpsvc - ok
15:11:47.0372 1080 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:11:47.0388 1080 gupdate - ok
15:11:47.0403 1080 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:11:47.0403 1080 gupdatem - ok
15:11:47.0419 1080 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:11:47.0434 1080 gusvc - ok
15:11:47.0481 1080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:11:47.0481 1080 hcw85cir - ok
15:11:47.0512 1080 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:11:47.0512 1080 HdAudAddService - ok
15:11:47.0559 1080 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:11:47.0559 1080 HDAudBus - ok
15:11:47.0590 1080 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:11:47.0590 1080 HECIx64 - ok
15:11:47.0622 1080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:11:47.0622 1080 HidBatt - ok
15:11:47.0637 1080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:11:47.0637 1080 HidBth - ok
15:11:47.0668 1080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:11:47.0668 1080 HidIr - ok
15:11:47.0700 1080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:11:47.0700 1080 hidserv - ok
15:11:47.0731 1080 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:11:47.0731 1080 HidUsb - ok
15:11:47.0746 1080 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
15:11:47.0746 1080 hkmsvc - ok
15:11:47.0762 1080 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:11:47.0762 1080 HomeGroupListener - ok
15:11:47.0793 1080 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:11:47.0793 1080 HomeGroupProvider - ok
15:11:47.0856 1080 [ FCD7A3D515B7BA9276E7C82A45B4AB02 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
15:11:47.0856 1080 HP Power Assistant Service - ok
15:11:47.0902 1080 [ 657E81DF0625198C97F91C09AE9611FC ] HP ProtectTools Service C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
15:11:47.0902 1080 HP ProtectTools Service - ok
15:11:47.0980 1080 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:11:47.0980 1080 HP Support Assistant Service - ok
15:11:48.0012 1080 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:11:48.0027 1080 HP Wireless Assistant Service - ok
15:11:48.0074 1080 [ 94C74D758E0F7B1D962DA452B4D28C91 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
15:11:48.0074 1080 HPDayStarterService - ok
15:11:48.0152 1080 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:11:48.0152 1080 HPDrvMntSvc.exe - ok
15:11:48.0168 1080 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
15:11:48.0168 1080 hpdskflt - ok
15:11:48.0199 1080 [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
15:11:48.0199 1080 HpFkCryptService - ok
15:11:48.0246 1080 [ C9D858E20AE696E7A0D9A05B595F850A ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
15:11:48.0261 1080 HPFSService - ok
15:11:48.0339 1080 [ 120C1CEB5E45DB0A04416242BD6C1E3E ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
15:11:48.0355 1080 hpHotkeyMonitor - ok
15:11:48.0370 1080 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
15:11:48.0386 1080 HpqKbFiltr - ok
15:11:48.0464 1080 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:11:48.0480 1080 hpqwmiex - ok
15:11:48.0511 1080 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
15:11:48.0511 1080 HpSAMD - ok
15:11:48.0542 1080 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\windows\system32\Hpservice.exe
15:11:48.0542 1080 hpsrv - ok
15:11:48.0573 1080 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:11:48.0589 1080 HTTP - ok
15:11:48.0604 1080 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:11:48.0604 1080 hwpolicy - ok
15:11:48.0620 1080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:11:48.0636 1080 i8042prt - ok
15:11:48.0651 1080 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:11:48.0667 1080 iaStor - ok
15:11:48.0729 1080 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:11:48.0729 1080 IAStorDataMgrSvc - ok
15:11:48.0776 1080 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:11:48.0776 1080 iaStorV - ok
15:11:48.0838 1080 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:11:48.0885 1080 idsvc - ok
15:11:49.0088 1080 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:11:49.0228 1080 igfx - ok
15:11:49.0260 1080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:11:49.0260 1080 iirsp - ok
15:11:49.0306 1080 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
15:11:49.0322 1080 IKEEXT - ok
15:11:49.0353 1080 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
15:11:49.0353 1080 Impcd - ok
15:11:49.0384 1080 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:11:49.0384 1080 IntcDAud - ok
15:11:49.0400 1080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:11:49.0400 1080 intelide - ok
15:11:49.0447 1080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:11:49.0447 1080 intelppm - ok
15:11:49.0478 1080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:11:49.0478 1080 IPBusEnum - ok
15:11:49.0509 1080 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:11:49.0509 1080 IpFilterDriver - ok
15:11:49.0540 1080 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:11:49.0556 1080 iphlpsvc - ok
15:11:49.0572 1080 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
15:11:49.0572 1080 IPMIDRV - ok
15:11:49.0572 1080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:11:49.0587 1080 IPNAT - ok
15:11:49.0603 1080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:11:49.0618 1080 IRENUM - ok
15:11:49.0634 1080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
15:11:49.0634 1080 isapnp - ok
15:11:49.0681 1080 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
15:11:49.0681 1080 iScsiPrt - ok
15:11:49.0696 1080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:11:49.0696 1080 kbdclass - ok
15:11:49.0728 1080 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:11:49.0728 1080 kbdhid - ok
15:11:49.0743 1080 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
15:11:49.0743 1080 KeyIso - ok
15:11:49.0790 1080 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:11:49.0790 1080 KSecDD - ok
15:11:49.0806 1080 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:11:49.0806 1080 KSecPkg - ok
15:11:49.0821 1080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:11:49.0821 1080 ksthunk - ok
15:11:49.0852 1080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:11:49.0868 1080 KtmRm - ok
15:11:49.0915 1080 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\system32\srvsvc.dll
15:11:49.0915 1080 LanmanServer - ok
15:11:49.0930 1080 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:11:49.0946 1080 LanmanWorkstation - ok
15:11:50.0008 1080 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:11:50.0008 1080 LightScribeService - ok
15:11:50.0040 1080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:11:50.0040 1080 lltdio - ok
15:11:50.0086 1080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:11:50.0086 1080 lltdsvc - ok
15:11:50.0118 1080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:11:50.0118 1080 lmhosts - ok
15:11:50.0164 1080 [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:11:50.0180 1080 LMS - ok
15:11:50.0211 1080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:11:50.0211 1080 LSI_FC - ok
15:11:50.0258 1080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:11:50.0258 1080 LSI_SAS - ok
15:11:50.0289 1080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:11:50.0289 1080 LSI_SAS2 - ok
15:11:50.0305 1080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:11:50.0305 1080 LSI_SCSI - ok
15:11:50.0336 1080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:11:50.0336 1080 luafv - ok
15:11:50.0367 1080 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:11:50.0367 1080 Mcx2Svc - ok
15:11:50.0383 1080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:11:50.0383 1080 megasas - ok
15:11:50.0398 1080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:11:50.0414 1080 MegaSR - ok
15:11:50.0430 1080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:11:50.0445 1080 MMCSS - ok
15:11:50.0476 1080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:11:50.0476 1080 Modem - ok
15:11:50.0492 1080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:11:50.0492 1080 monitor - ok
15:11:50.0523 1080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:11:50.0523 1080 mouclass - ok
15:11:50.0554 1080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:11:50.0554 1080 mouhid - ok
15:11:50.0570 1080 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:11:50.0586 1080 mountmgr - ok
15:11:50.0586 1080 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
15:11:50.0601 1080 mpio - ok
15:11:50.0617 1080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:11:50.0617 1080 mpsdrv - ok
15:11:50.0648 1080 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
15:11:50.0664 1080 MpsSvc - ok
15:11:50.0679 1080 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:11:50.0679 1080 MRxDAV - ok
15:11:50.0710 1080 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:11:50.0710 1080 mrxsmb - ok
15:11:50.0742 1080 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:11:50.0742 1080 mrxsmb10 - ok
15:11:50.0757 1080 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:11:50.0757 1080 mrxsmb20 - ok
15:11:50.0788 1080 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\windows\system32\drivers\msahci.sys
15:11:50.0788 1080 msahci - ok
15:11:50.0820 1080 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
15:11:50.0820 1080 msdsm - ok
15:11:50.0851 1080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:11:50.0851 1080 MSDTC - ok
15:11:50.0882 1080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:11:50.0882 1080 Msfs - ok
15:11:50.0882 1080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:11:50.0882 1080 mshidkmdf - ok
15:11:50.0913 1080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
15:11:50.0913 1080 msisadrv - ok
15:11:50.0944 1080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:11:50.0944 1080 MSiSCSI - ok
15:11:50.0944 1080 msiserver - ok
15:11:50.0976 1080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:11:50.0976 1080 MSKSSRV - ok
15:11:50.0991 1080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:11:50.0991 1080 MSPCLOCK - ok
15:11:50.0991 1080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:11:50.0991 1080 MSPQM - ok
15:11:51.0007 1080 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:11:51.0022 1080 MsRPC - ok
15:11:51.0038 1080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:11:51.0038 1080 mssmbios - ok
15:11:51.0054 1080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:11:51.0054 1080 MSTEE - ok
15:11:51.0069 1080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:11:51.0069 1080 MTConfig - ok
15:11:51.0085 1080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:11:51.0100 1080 Mup - ok
15:11:51.0116 1080 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
15:11:51.0132 1080 napagent - ok
15:11:51.0163 1080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:11:51.0163 1080 NativeWifiP - ok
15:11:51.0256 1080 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
15:11:51.0272 1080 NDIS - ok
15:11:51.0303 1080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:11:51.0319 1080 NdisCap - ok
15:11:51.0334 1080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:11:51.0334 1080 NdisTapi - ok
15:11:51.0350 1080 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:11:51.0350 1080 Ndisuio - ok
15:11:51.0366 1080 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:11:51.0381 1080 NdisWan - ok
15:11:51.0381 1080 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:11:51.0397 1080 NDProxy - ok
15:11:51.0412 1080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:11:51.0412 1080 NetBIOS - ok
15:11:51.0428 1080 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:11:51.0428 1080 NetBT - ok
15:11:51.0459 1080 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
15:11:51.0459 1080 Netlogon - ok
15:11:51.0568 1080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:11:51.0600 1080 Netman - ok
15:11:51.0662 1080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:11:51.0678 1080 netprofm - ok
15:11:51.0818 1080 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:11:51.0834 1080 NetTcpPortSharing - ok
15:11:51.0958 1080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:11:51.0958 1080 nfrd960 - ok
15:11:52.0021 1080 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
15:11:52.0036 1080 NlaSvc - ok
15:11:52.0068 1080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:11:52.0068 1080 Npfs - ok
15:11:52.0083 1080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:11:52.0099 1080 nsi - ok
15:11:52.0114 1080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:11:52.0114 1080 nsiproxy - ok
15:11:52.0255 1080 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:11:52.0286 1080 Ntfs - ok
15:11:52.0302 1080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:11:52.0302 1080 Null - ok
15:11:52.0333 1080 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
15:11:52.0333 1080 nvraid - ok
15:11:52.0364 1080 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
15:11:52.0364 1080 nvstor - ok
15:11:52.0458 1080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
15:11:52.0458 1080 nv_agp - ok
15:11:52.0489 1080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
15:11:52.0489 1080 ohci1394 - ok
15:11:52.0567 1080 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:52.0582 1080 ose - ok
15:11:52.0941 1080 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:11:53.0004 1080 osppsvc - ok
15:11:53.0082 1080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:11:53.0082 1080 p2pimsvc - ok
15:11:53.0144 1080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:11:53.0144 1080 p2psvc - ok
15:11:53.0238 1080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:11:53.0238 1080 Parport - ok
15:11:53.0284 1080 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
15:11:53.0284 1080 partmgr - ok
15:11:53.0316 1080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:11:53.0316 1080 PcaSvc - ok
15:11:53.0362 1080 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
15:11:53.0378 1080 pci - ok
15:11:53.0425 1080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:11:53.0425 1080 pciide - ok
15:11:53.0487 1080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:11:53.0503 1080 pcmcia - ok
15:11:53.0534 1080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:11:53.0534 1080 pcw - ok
15:11:53.0596 1080 pdfcDispatcher - ok
15:11:53.0768 1080 [ 4A8CC4D25525F456069887D5E8C53225 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
15:11:53.0784 1080 PdiService - ok
15:11:53.0799 1080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:11:53.0815 1080 PEAUTH - ok
15:11:53.0908 1080 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
15:11:53.0924 1080 PeerDistSvc - ok
15:11:54.0018 1080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:11:54.0018 1080 PerfHost - ok
15:11:54.0064 1080 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
15:11:54.0080 1080 pla - ok
15:11:54.0127 1080 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:11:54.0127 1080 PlugPlay - ok
15:11:54.0142 1080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:11:54.0142 1080 PNRPAutoReg - ok
15:11:54.0174 1080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:11:54.0174 1080 PNRPsvc - ok
15:11:54.0205 1080 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:11:54.0220 1080 PolicyAgent - ok
15:11:54.0236 1080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:11:54.0252 1080 Power - ok
15:11:54.0283 1080 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:11:54.0283 1080 PptpMiniport - ok
15:11:54.0314 1080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
15:11:54.0314 1080 Processor - ok
15:11:54.0345 1080 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
15:11:54.0345 1080 ProfSvc - ok
15:11:54.0361 1080 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
15:11:54.0361 1080 ProtectedStorage - ok
15:11:54.0392 1080 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:11:54.0392 1080 Psched - ok
15:11:54.0454 1080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:11:54.0470 1080 ql2300 - ok
15:11:54.0501 1080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:11:54.0501 1080 ql40xx - ok
15:11:54.0517 1080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:11:54.0517 1080 QWAVE - ok
15:11:54.0548 1080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:11:54.0548 1080 QWAVEdrv - ok
15:11:54.0564 1080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:11:54.0564 1080 RasAcd - ok
15:11:54.0595 1080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:11:54.0595 1080 RasAgileVpn - ok
15:11:54.0610 1080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:11:54.0610 1080 RasAuto - ok
15:11:54.0626 1080 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:11:54.0626 1080 Rasl2tp - ok
15:11:54.0657 1080 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
15:11:54.0657 1080 RasMan - ok
15:11:54.0673 1080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:11:54.0673 1080 RasPppoe - ok
15:11:54.0688 1080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:11:54.0704 1080 RasSstp - ok
15:11:54.0720 1080 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:11:54.0720 1080 rdbss - ok
15:11:54.0735 1080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:11:54.0735 1080 rdpbus - ok
15:11:54.0751 1080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:11:54.0751 1080 RDPCDD - ok
15:11:54.0782 1080 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
15:11:54.0782 1080 RDPDR - ok
15:11:54.0798 1080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:11:54.0813 1080 RDPENCDD - ok
15:11:54.0813 1080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:11:54.0813 1080 RDPREFMP - ok
15:11:54.0876 1080 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:11:54.0876 1080 RDPWD - ok
15:11:54.0907 1080 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:11:54.0907 1080 rdyboost - ok
15:11:54.0938 1080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:11:54.0938 1080 RemoteAccess - ok
15:11:54.0969 1080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:11:54.0969 1080 RemoteRegistry - ok
15:11:55.0000 1080 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:11:55.0000 1080 RFCOMM - ok
15:11:55.0032 1080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:11:55.0047 1080 RpcEptMapper - ok
15:11:55.0063 1080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:11:55.0063 1080 RpcLocator - ok
15:11:55.0094 1080 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
15:11:55.0094 1080 RpcSs - ok
15:11:55.0110 1080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:11:55.0110 1080 rspndr - ok
15:11:55.0141 1080 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
15:11:55.0156 1080 RSUSBSTOR - ok
15:11:55.0172 1080 [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock C:\windows\system32\drivers\RsvLock.sys
15:11:55.0172 1080 RsvLock - ok
15:11:55.0203 1080 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:11:55.0203 1080 RTL8167 - ok
15:11:55.0234 1080 [ 73157D4A4F6DA18C5148E47CB958AF58 ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys
15:11:55.0234 1080 rtsuvc - ok
15:11:55.0250 1080 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\windows\system32\DRIVERS\vms3cap.sys
15:11:55.0250 1080 s3cap - ok
15:11:55.0312 1080 [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
15:11:55.0312 1080 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
15:11:55.0312 1080 SafeBoot ( LockedFile.Multi.Generic ) - warning
15:11:55.0312 1080 SafeBoot - detected LockedFile.Multi.Generic (1)
15:11:55.0328 1080 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
15:11:55.0328 1080 SamSs - ok
15:11:55.0344 1080 [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg C:\windows\system32\drivers\SbAlg.sys
15:11:55.0344 1080 SbAlg - ok
15:11:55.0375 1080 [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
15:11:55.0375 1080 SbFsLock - ok
15:11:55.0390 1080 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
15:11:55.0390 1080 sbp2port - ok
15:11:55.0422 1080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:11:55.0422 1080 SCardSvr - ok
15:11:55.0437 1080 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:11:55.0437 1080 scfilter - ok
15:11:55.0484 1080 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
15:11:55.0500 1080 Schedule - ok
15:11:55.0531 1080 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
15:11:55.0531 1080 SCPolicySvc - ok
15:11:55.0562 1080 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
15:11:55.0562 1080 sdbus - ok
15:11:55.0578 1080 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:11:55.0578 1080 SDRSVC - ok
15:11:55.0593 1080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:11:55.0593 1080 secdrv - ok
15:11:55.0609 1080 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
15:11:55.0609 1080 seclogon - ok
15:11:55.0624 1080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:11:55.0640 1080 SENS - ok
15:11:55.0656 1080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:11:55.0656 1080 SensrSvc - ok
15:11:55.0687 1080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:11:55.0687 1080 Serenum - ok
15:11:55.0702 1080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:11:55.0702 1080 Serial - ok
15:11:55.0734 1080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:11:55.0734 1080 sermouse - ok
15:11:55.0780 1080 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
15:11:55.0780 1080 SessionEnv - ok
15:11:55.0796 1080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
15:11:55.0796 1080 sffdisk - ok
15:11:55.0827 1080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
15:11:55.0827 1080 sffp_mmc - ok
15:11:55.0843 1080 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
15:11:55.0843 1080 sffp_sd - ok
15:11:55.0858 1080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:11:55.0874 1080 sfloppy - ok
15:11:55.0890 1080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:11:55.0890 1080 SharedAccess - ok
15:11:55.0921 1080 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:11:55.0921 1080 ShellHWDetection - ok
15:11:55.0952 1080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:11:55.0952 1080 SiSRaid2 - ok
15:11:55.0968 1080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:11:55.0968 1080 SiSRaid4 - ok
15:11:56.0014 1080 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:11:56.0077 1080 SkypeUpdate - ok
15:11:56.0092 1080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:11:56.0108 1080 Smb - ok
15:11:56.0124 1080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:11:56.0124 1080 SNMPTRAP - ok
15:11:56.0217 1080 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
15:11:56.0233 1080 Sony PC Companion - ok
15:11:56.0248 1080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:11:56.0248 1080 spldr - ok
15:11:56.0295 1080 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
15:11:56.0311 1080 Spooler - ok
15:11:56.0373 1080 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
15:11:56.0420 1080 sppsvc - ok
15:11:56.0436 1080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:11:56.0436 1080 sppuinotify - ok
15:11:56.0467 1080 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
15:11:56.0482 1080 srv - ok
15:11:56.0498 1080 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:11:56.0498 1080 srv2 - ok
15:11:56.0529 1080 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:11:56.0529 1080 srvnet - ok
15:11:56.0560 1080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:11:56.0560 1080 SSDPSRV - ok
15:11:56.0576 1080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:11:56.0576 1080 SstpSvc - ok
15:11:56.0623 1080 [ F8807AAF697E1D20C9D7716A4941E574 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:11:56.0623 1080 STacSV - ok
15:11:56.0654 1080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:11:56.0654 1080 stexstor - ok
15:11:56.0701 1080 [ 96DF19A03D37F8568141612D31F0D035 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
15:11:56.0716 1080 STHDA - ok
15:11:56.0748 1080 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
15:11:56.0748 1080 stisvc - ok
15:11:56.0779 1080 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
15:11:56.0779 1080 storflt - ok
15:11:56.0810 1080 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
15:11:56.0810 1080 StorSvc - ok
15:11:56.0841 1080 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\windows\system32\DRIVERS\storvsc.sys
15:11:56.0841 1080 storvsc - ok
15:11:56.0841 1080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:11:56.0841 1080 swenum - ok
15:11:56.0872 1080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:11:56.0872 1080 swprv - ok
15:11:56.0935 1080 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:11:56.0950 1080 SynTP - ok
15:11:57.0028 1080 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
15:11:57.0044 1080 SysMain - ok
15:11:57.0060 1080 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
15:11:57.0060 1080 TabletInputService - ok
15:11:57.0075 1080 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
15:11:57.0091 1080 TapiSrv - ok
15:11:57.0106 1080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:11:57.0122 1080 TBS - ok
15:11:57.0200 1080 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:11:57.0216 1080 Tcpip - ok
15:11:57.0247 1080 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:11:57.0262 1080 TCPIP6 - ok
15:11:57.0294 1080 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:11:57.0294 1080 tcpipreg - ok
15:11:57.0325 1080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:11:57.0325 1080 TDPIPE - ok
15:11:57.0356 1080 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:11:57.0372 1080 TDTCP - ok
15:11:57.0387 1080 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:11:57.0387 1080 tdx - ok
15:11:57.0418 1080 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:11:57.0418 1080 TermDD - ok
15:11:57.0450 1080 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
15:11:57.0450 1080 TermService - ok
15:11:57.0465 1080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:11:57.0465 1080 Themes - ok
15:11:57.0481 1080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:11:57.0481 1080 THREADORDER - ok
15:11:57.0496 1080 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
15:11:57.0496 1080 TPM - ok
15:11:57.0512 1080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:11:57.0512 1080 TrkWks - ok
15:11:57.0559 1080 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:11:57.0559 1080 TrustedInstaller - ok
15:11:57.0574 1080 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:11:57.0574 1080 tssecsrv - ok
15:11:57.0606 1080 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:11:57.0606 1080 tunnel - ok
15:11:57.0637 1080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:11:57.0637 1080 uagp35 - ok
15:11:57.0684 1080 [ 9EEA84226ED2A028BC3FDFDDE03FE95C ] uArcCapture C:\windows\system\uArcCapture.exe
15:11:57.0684 1080 uArcCapture - ok
15:11:57.0715 1080 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:11:57.0715 1080 udfs - ok
15:11:57.0746 1080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:11:57.0746 1080 UI0Detect - ok
15:11:57.0762 1080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
15:11:57.0762 1080 uliagpkx - ok
15:11:57.0793 1080 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:11:57.0793 1080 umbus - ok
15:11:57.0824 1080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:11:57.0824 1080 UmPass - ok
15:11:57.0855 1080 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\windows\System32\umrdp.dll
15:11:57.0855 1080 UmRdpService - ok
15:11:57.0949 1080 [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:11:57.0980 1080 UNS - ok
15:11:57.0996 1080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:11:57.0996 1080 upnphost - ok
15:11:58.0027 1080 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:11:58.0027 1080 usbccgp - ok
15:11:58.0042 1080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
15:11:58.0042 1080 usbcir - ok
15:11:58.0074 1080 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\windows\system32\drivers\usbehci.sys
15:11:58.0074 1080 usbehci - ok
15:11:58.0089 1080 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:11:58.0089 1080 usbhub - ok
15:11:58.0105 1080 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:11:58.0105 1080 usbohci - ok
15:11:58.0136 1080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:11:58.0136 1080 usbprint - ok
15:11:58.0152 1080 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:11:58.0152 1080 USBSTOR - ok
15:11:58.0167 1080 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:11:58.0167 1080 usbuhci - ok
15:11:58.0183 1080 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
15:11:58.0198 1080 usbvideo - ok
15:11:58.0214 1080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:11:58.0214 1080 UxSms - ok
15:11:58.0261 1080 [ 5D66F58CD73F19C59D8C80202473D721 ] VAD_DEV C:\windows\system32\drivers\vad.sys
15:11:58.0261 1080 VAD_DEV - ok
15:11:58.0276 1080 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
15:11:58.0292 1080 VaultSvc - ok
15:11:58.0401 1080 [ BBE2B5036D2FF45458C747FB2513591D ] vcsFPService C:\windows\system32\vcsFPService.exe
15:11:58.0432 1080 vcsFPService - ok
15:11:58.0464 1080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
15:11:58.0464 1080 vdrvroot - ok
15:11:58.0495 1080 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
15:11:58.0495 1080 vds - ok
15:11:58.0526 1080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:11:58.0526 1080 vga - ok
15:11:58.0542 1080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:11:58.0542 1080 VgaSave - ok
15:11:58.0573 1080 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
15:11:58.0573 1080 vhdmp - ok
15:11:58.0604 1080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:11:58.0604 1080 viaide - ok
15:11:58.0620 1080 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\windows\system32\DRIVERS\vmbus.sys
15:11:58.0620 1080 vmbus - ok
15:11:58.0635 1080 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\windows\system32\DRIVERS\VMBusHID.sys
15:11:58.0635 1080 VMBusHID - ok
15:11:58.0651 1080 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
15:11:58.0651 1080 volmgr - ok
15:11:58.0666 1080 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:11:58.0682 1080 volmgrx - ok
15:11:58.0713 1080 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:11:58.0713 1080 volsnap - ok
15:11:58.0744 1080 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
15:11:58.0744 1080 vpcbus - ok
15:11:58.0776 1080 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
15:11:58.0776 1080 vpcnfltr - ok
15:11:58.0807 1080 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
15:11:58.0822 1080 vpcusb - ok
15:11:58.0838 1080 [ A5D16559D80CFA1DCB98F46410BE5551 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
15:11:58.0854 1080 vpcvmm - ok
15:11:58.0885 1080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:11:58.0900 1080 vsmraid - ok
15:11:58.0947 1080 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
15:11:58.0963 1080 VSS - ok
15:11:58.0978 1080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:11:58.0978 1080 vwifibus - ok
15:11:59.0010 1080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:11:59.0010 1080 vwififlt - ok
15:11:59.0041 1080 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:11:59.0041 1080 vwifimp - ok
15:11:59.0072 1080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:11:59.0072 1080 W32Time - ok
15:11:59.0103 1080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:11:59.0103 1080 WacomPen - ok
15:11:59.0119 1080 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:11:59.0119 1080 WANARP - ok
15:11:59.0134 1080 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:11:59.0134 1080 Wanarpv6 - ok
15:11:59.0166 1080 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
15:11:59.0181 1080 wbengine - ok
15:11:59.0197 1080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:11:59.0212 1080 WbioSrvc - ok
15:11:59.0244 1080 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
15:11:59.0244 1080 wcncsvc - ok
15:11:59.0259 1080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:11:59.0259 1080 WcsPlugInService - ok
15:11:59.0290 1080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
15:11:59.0290 1080 Wd - ok
15:11:59.0322 1080 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:11:59.0337 1080 Wdf01000 - ok
15:11:59.0353 1080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:11:59.0353 1080 WdiServiceHost - ok
15:11:59.0353 1080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:11:59.0368 1080 WdiSystemHost - ok
15:11:59.0384 1080 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
15:11:59.0384 1080 WebClient - ok
15:11:59.0400 1080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:11:59.0400 1080 Wecsvc - ok
15:11:59.0415 1080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:11:59.0415 1080 wercplsupport - ok
15:11:59.0431 1080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:11:59.0431 1080 WerSvc - ok
15:11:59.0462 1080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:11:59.0462 1080 WfpLwf - ok
15:11:59.0493 1080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:11:59.0493 1080 WIMMount - ok
15:11:59.0509 1080 WinDefend - ok
15:11:59.0509 1080 WinHttpAutoProxySvc - ok
15:11:59.0571 1080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:11:59.0587 1080 Winmgmt - ok
15:11:59.0649 1080 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
15:11:59.0680 1080 WinRM - ok
15:11:59.0727 1080 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
15:11:59.0727 1080 WinUSB - ok
15:11:59.0758 1080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:11:59.0774 1080 Wlansvc - ok
15:11:59.0852 1080 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:11:59.0883 1080 wlidsvc - ok
15:11:59.0899 1080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
15:11:59.0899 1080 WmiAcpi - ok
15:11:59.0914 1080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:11:59.0930 1080 wmiApSrv - ok
15:11:59.0961 1080 WMPNetworkSvc - ok
15:11:59.0992 1080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:11:59.0992 1080 WPCSvc - ok
15:12:00.0008 1080 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:12:00.0008 1080 WPDBusEnum - ok
15:12:00.0024 1080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:12:00.0024 1080 ws2ifsl - ok
15:12:00.0055 1080 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\System32\wscsvc.dll
15:12:00.0055 1080 wscsvc - ok
15:12:00.0055 1080 WSearch - ok
15:12:00.0148 1080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:12:00.0164 1080 wuauserv - ok
15:12:00.0211 1080 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:12:00.0211 1080 WudfPf - ok
15:12:00.0242 1080 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:12:00.0242 1080 WUDFRd - ok
15:12:00.0289 1080 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:12:00.0289 1080 wudfsvc - ok
15:12:00.0320 1080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:12:00.0320 1080 WwanSvc - ok
15:12:00.0351 1080 ================ Scan global ===============================
15:12:00.0367 1080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:12:00.0398 1080 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\windows\system32\winsrv.dll
15:12:00.0414 1080 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\windows\system32\winsrv.dll
15:12:00.0429 1080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:12:00.0476 1080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:12:00.0492 1080 [Global] - ok
15:12:00.0492 1080 ================ Scan MBR ==================================
15:12:00.0507 1080 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:12:01.0225 1080 \Device\Harddisk0\DR0 - ok
15:12:01.0225 1080 ================ Scan VBR ==================================
15:12:01.0256 1080 [ F5BFE633C9CFB67EF0D2DFE69A95E6D9 ] \Device\Harddisk0\DR0\Partition1
15:12:01.0256 1080 \Device\Harddisk0\DR0\Partition1 - ok
15:12:01.0272 1080 [ 7290CF2386657563FB421FD8700A82F2 ] \Device\Harddisk0\DR0\Partition2
15:12:01.0272 1080 \Device\Harddisk0\DR0\Partition2 - ok
15:12:01.0303 1080 [ B2403FB8296DB4B74D938474017786A5 ] \Device\Harddisk0\DR0\Partition3
15:12:01.0303 1080 \Device\Harddisk0\DR0\Partition3 - ok
15:12:01.0318 1080 [ E0372FA0514CF8A44C3040D19940A67C ] \Device\Harddisk0\DR0\Partition4
15:12:01.0318 1080 \Device\Harddisk0\DR0\Partition4 - ok
15:12:01.0318 1080 ============================================================
15:12:01.0318 1080 Scan finished
15:12:01.0318 1080 ============================================================
15:12:01.0318 2648 Detected object count: 1
15:12:01.0318 2648 Actual detected object count: 1
15:12:14.0829 2648 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
15:12:14.0829 2648 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
15:16:02.0453 2832 Deinitialize success
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31
Run by Sandra at 15:17:03 on 2012-12-19
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1903.828 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\spool\drivers\x64\3\E_FATIBZE.EXE
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmx.net/
uURLSearchHooks: {7e111a5c-3d11-4f56-9463-5310c3c69025} - <orphaned>
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [EPSON Stylus D92 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\windows\TEMP\E_S7021.tmp" /EF "HKCU"
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableLUA = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{72E5036D-C3F4-4B76-A526-CEDCCCD763EA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{72E5036D-C3F4-4B76-A526-CEDCCCD763EA}\14365627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{72E5036D-C3F4-4B76-A526-CEDCCCD763EA}\34F6E6E656364796F6E605F696E647 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freeware.de Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\plugins\np-mswmp.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;C:\windows\System32\drivers\SbAlg.sys [2009-6-4 60160]
R0 SbFsLock;SbFsLock;C:\windows\System32\drivers\SbFsLock.sys [2010-2-1 15688]
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2012-12-17 27800]
R1 RsvLock;RsvLock;C:\windows\System32\drivers\RsvLock.sys [2010-2-1 58184]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-9 89600]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-17 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-17 109344]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2012-12-17 99912]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-9-12 142904]
R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-5-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-1 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-1 280120]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2009-7-8 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-6 1128952]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-3-31 113264]
R2 uArcCapture;ArcCapture;C:\Windows\system\uArcCapture.exe [2011-2-8 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-8 2320920]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-2-8 32640]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-2-8 342056]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-2-8 39464]
R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-1 704512]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 rtsuvc;HP Webcam [2 MP Fixed];C:\windows\System32\drivers\rtsuvc.sys [2011-2-8 96384]
R3 VAD_DEV;Virtual Audio Service;C:\windows\System32\drivers\vad.sys [2012-1-4 24992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2010-2-18 2045232]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2009-10-21 40760]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2012-2-24 13352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-6 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-12-6 325152]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-2-24 155320]
S3 StorSvc;Speicherdienst;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2012-12-18 14:43:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC2CFA6D-0B7C-402E-9E6A-B65CA1BAFA49}\mpengine.dll
2012-12-17 21:00:34 -------- d-----w- C:\Users\Sandra\AppData\Roaming\Malwarebytes
2012-12-17 21:00:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-17 21:00:07 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-12-17 21:00:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-17 18:49:18 -------- d-----w- C:\Users\Sandra\AppData\Roaming\Avira
2012-12-17 18:43:42 99912 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2012-12-17 18:43:42 27800 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2012-12-17 18:43:37 -------- d-----w- C:\ProgramData\Avira
2012-12-17 18:43:37 -------- d-----w- C:\Program Files (x86)\Avira
.
==================== Find3M ====================
.
2012-12-13 21:28:48 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 21:28:48 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 08:20:36 3147264 ----a-w- C:\windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-05 16:25:51 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-11-05 14:17:16 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-11-05 14:03:21 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-11-05 14:03:13 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-11-02 05:27:51 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-10-16 21:20:49 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20:46 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34:37 559104 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-10-04 17:38:56 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-10-04 17:38:56 243200 ----a-w- C:\windows\System32\wow64.dll
2012-10-04 17:38:56 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-10-04 17:38:24 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-10-04 17:35:22 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-10-04 17:32:16 425984 ----a-w- C:\windows\System32\KernelBase.dll
2012-10-04 16:54:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-10-04 16:54:17 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-10-04 15:19:57 338432 ----a-w- C:\windows\System32\conhost.exe
2012-10-04 14:49:27 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-10-04 14:49:24 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-10-04 14:49:22 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-10-04 14:49:22 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-10-04 14:44:29 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-09-25 22:39:14 95744 ----a-w- C:\windows\System32\synceng.dll
2012-09-25 21:55:17 78336 ----a-w- C:\windows\SysWow64\synceng.dll
.
============= FINISH: 15:19:15,55 ===============
--- --- --- Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24.06.2011 13:01:52
System Uptime: 19.12.2012 14:30:49 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1413
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 145,92 GiB free.
F: is FIXED (FAT32) - 2 GiB total, 1,398 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth-Peripheriegerät
Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&E7DEA17&0&5CB52491ED78_C00000000
Manufacturer:
Name: Bluetooth-Peripheriegerät
PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&E7DEA17&0&5CB52491ED78_C00000000
Service:
.
==== System Restore Points ===================
.
RP247: 23.11.2012 13:50:01 - Windows Update
RP248: 23.11.2012 13:53:44 - Sony PC Companion
RP249: 27.11.2012 20:30:47 - Windows Update
RP250: 28.11.2012 13:39:05 - Windows Update
RP251: 01.12.2012 21:08:25 - Windows Update
RP252: 07.12.2012 13:49:48 - Windows Update
RP253: 11.12.2012 18:01:30 - Windows Update
RP254: 13.12.2012 14:23:17 - Windows Update
RP255: 18.12.2012 15:41:13 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Amazon MP3-Downloader 1.0.9
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
Avira Free Antivirus
Bing Rewards Client Installer
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Access Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
Energy Star Digital Logo
EPSON-Drucker-Software
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
Free Video to MP3 Converter version 5.0.19.1015
Free YouTube Download version 3.1.39.1015
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Power Assistant
HP Power Data
HP ProtectTools Security Manager
HP QuickLook
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP Webcam Driver
HP Wireless Assistant
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 30 (64-bit)
Java(TM) 6 Update 31
K-Lite Codec Pack 7.9.0 (Full)
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware Version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 5.0.1 (x86 de)
PDF Complete Special Edition
PDF24 Creator 3.8.0
PPTexpert PPTmovie
Pre-Boot Security for HP ProtectTools
Privacy Manager for HP ProtectTools
Realtek Ethernet Controller All-In-One Windows Driver
Realtek USB 2.0 Card Reader
SCHLECKER Foto Digital Service
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 5.10
Sony Ericsson Update Engine
Sony PC Companion 2.10.115
Sprint & FineReader 5.0 Office Try&Buy
Synaptics Pointing Device Driver
Testing My English
Theft Recovery
TotalMedia Suite update
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity Fingerprint Driver
Vallen Zipper
Windows 7 Default Setting
Windows Live ID Sign-in Assistant
WINZD 2010-12
Wondershare PPT2Video Pro 6.1.10
.
==== End Of File ===========================
Gelesen - Es wird mir eine Lehre sein!!! |
|
19.12.2012, 15:31
| #5 | ||
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Sehr gut  Dann bitte: Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen
Schritt 2: Temporäre Dateien löschen mit TFC
Schritt 3: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
19.12.2012, 16:36
| #6 |
| | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Ok, weiter geht's: Schritt 1: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 19/12/2012 um 15:39:06 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzer : Sandra - SANDRA-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sandra\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Temp\CT2736476
Ordner Gelöscht : C:\Users\Sandra\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\ConduitCommon
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\CT2736476
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v5.0.1 (de)
Profilname : default
Datei : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\prefs.js
C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2736476..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2736476.CTID", "CT2736476");
Gelöscht : user_pref("CT2736476.CurrentServerDate", "18-11-2012");
Gelöscht : user_pref("CT2736476.DSInstall", true);
Gelöscht : user_pref("CT2736476.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2736476.DialogsGetterLastCheckTime", "Sun Nov 18 2012 21:19:17 GMT+0100");
Gelöscht : user_pref("CT2736476.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2736476.FeedLastCount129257621460541612", 0);
Gelöscht : user_pref("CT2736476.FeedLastCount129257621968979554", 10);
Gelöscht : user_pref("CT2736476.FeedLastCount129258323135539557", 0);
Gelöscht : user_pref("CT2736476.FeedPollDate129257621460541612", "Sat Oct 08 2011 21:17:19 GMT+0200");
Gelöscht : user_pref("CT2736476.FeedPollDate129257621968979554", "Sat Oct 08 2011 21:17:19 GMT+0200");
Gelöscht : user_pref("CT2736476.FeedPollDate129258323135539557", "Sat Oct 08 2011 21:17:19 GMT+0200");
Gelöscht : user_pref("CT2736476.FirstServerDate", "8-10-2011");
Gelöscht : user_pref("CT2736476.FirstTime", true);
Gelöscht : user_pref("CT2736476.FirstTimeFF3", true);
Gelöscht : user_pref("CT2736476.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2736476.HPInstall", false);
Gelöscht : user_pref("CT2736476.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2736476.HomePageProtectorEnabled", true);
Gelöscht : user_pref("CT2736476.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=[...]
Gelöscht : user_pref("CT2736476.Initialize", true);
Gelöscht : user_pref("CT2736476.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2736476.InstallationId", "ConduitStubGeneric");
Gelöscht : user_pref("CT2736476.InstallationType", "ConduitStubIntegration");
Gelöscht : user_pref("CT2736476.InstalledDate", "Sat Oct 08 2011 21:17:18 GMT+0200");
Gelöscht : user_pref("CT2736476.InvalidateCache", false);
Gelöscht : user_pref("CT2736476.IsGrouping", false);
Gelöscht : user_pref("CT2736476.IsInitSetupIni", true);
Gelöscht : user_pref("CT2736476.IsMulticommunity", false);
Gelöscht : user_pref("CT2736476.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2736476.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2736476.IsProtectorsInit", true);
Gelöscht : user_pref("CT2736476.LanguagePackLastCheckTime", "Sun Nov 18 2012 21:19:17 GMT+0100");
Gelöscht : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2736476.LastLogin_3.13.0.6", "Mon Jul 16 2012 19:06:29 GMT+0200");
Gelöscht : user_pref("CT2736476.LastLogin_3.14.1.0", "Thu Sep 06 2012 15:34:16 GMT+0200");
Gelöscht : user_pref("CT2736476.LastLogin_3.15.1.0", "Mon Nov 12 2012 20:52:56 GMT+0100");
Gelöscht : user_pref("CT2736476.LastLogin_3.16.0.3", "Sun Nov 18 2012 21:19:17 GMT+0100");
Gelöscht : user_pref("CT2736476.LastLogin_3.7.0.6", "Sat Oct 08 2011 21:17:22 GMT+0200");
Gelöscht : user_pref("CT2736476.LatestVersion", "3.16.0.3");
Gelöscht : user_pref("CT2736476.Locale", "de");
Gelöscht : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2736476.OriginalFirstVersion", "3.7.0.6");
Gelöscht : user_pref("CT2736476.RadioIsPodcast", false);
Gelöscht : user_pref("CT2736476.RadioLastCheckTime", "Sat Oct 08 2011 21:17:22 GMT+0200");
Gelöscht : user_pref("CT2736476.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2736476.RadioLastUpdateServer", "129570411865130000");
Gelöscht : user_pref("CT2736476.RadioMediaID", "21930450");
Gelöscht : user_pref("CT2736476.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2736476.RadioMenuSelectedID", "EBRadioMenu_CT273647621930450");
Gelöscht : user_pref("CT2736476.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2736476.RadioStationName", "California%20Rock%20-%20Rock");
Gelöscht : user_pref("CT2736476.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Gelöscht : user_pref("CT2736476.SavedHomepage", "hxxp://www.gmx.net/");
Gelöscht : user_pref("CT2736476.SearchCaption", "Freeware.de Customized Web Search");
Gelöscht : user_pref("CT2736476.SearchEngineBeforeUnload", "Freeware.de Customized Web Search");
Gelöscht : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Gelöscht : user_pref("CT2736476.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Sun Nov 18 2012 21:19:18 GMT+0100");
Gelöscht : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2736476.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2736476.SearchProtectorEnabled", true);
Gelöscht : user_pref("CT2736476.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2736476.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2736476.ServiceMapLastCheckTime", "Sun Nov 18 2012 21:19:16 GMT+0100");
Gelöscht : user_pref("CT2736476.SettingsLastCheckTime", "Sun Nov 18 2012 21:19:16 GMT+0100");
Gelöscht : user_pref("CT2736476.SettingsLastUpdate", "1352142245");
Gelöscht : user_pref("CT2736476.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13");
Gelöscht : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Sat Oct 08 2011 21:17:17 GMT+0200");
Gelöscht : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Gelöscht : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2736476.UserID", "UN04419376261033991");
Gelöscht : user_pref("CT2736476.alertChannelId", "1128724");
Gelöscht : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Sat Oct 08 2011 21:17:18 GMT+0200");
Gelöscht : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2736476.initDone", true);
Gelöscht : user_pref("CT2736476.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2736476.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2736476.myStuffEnabled", true);
Gelöscht : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2736476.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2736476.testingCtid", "");
Gelöscht : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Sun Nov 18 2012 21:19:17 GMT+0100");
Gelöscht : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Sat Oct 08 2011 21:17:21 GMT+0200");
Gelöscht : user_pref("CT2736476.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&Search[...]
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Freeware.de Customized Web Search");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2736476/CT2736476[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2736476&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"4c5[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Sandra\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2736476");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2736476");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "2265453b-fe34-4e3a-8023-3f29477d207a");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Oct 08 2011 21:17:1[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Oct 08 2011 21:17:27 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Oct 08 2011 21:17:17 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "b7d71dee-4928-4869-a376-ce75664f0a1d");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.gmx.net/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [16142 octets] - [19/12/2012 15:37:50]
AdwCleaner[S1].txt - [16174 octets] - [19/12/2012 15:39:06]
########## EOF - C:\AdwCleaner[S1].txt - [16235 octets] ##########
Code:
ATTFilter ComboFix 12-12-19.02 - Sandra 19.12.2012 15:57:38.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1903.408 [GMT 1:00]
ausgeführt von:: c:\users\Sandra\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\Sandra\Documents\pptD2E2.tmp
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCont32.dll.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-19 bis 2012-12-19 ))))))))))))))))))))))))))))))
.
.
2012-12-19 15:09 . 2012-12-19 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-19 15:03 . 2012-12-19 15:03 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC2CFA6D-0B7C-402E-9E6A-B65CA1BAFA49}\offreg.dll
2012-12-18 14:43 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC2CFA6D-0B7C-402E-9E6A-B65CA1BAFA49}\mpengine.dll
2012-12-17 21:00 . 2012-12-17 21:00 -------- d-----w- c:\users\Sandra\AppData\Roaming\Malwarebytes
2012-12-17 21:00 . 2012-12-17 21:00 -------- d-----w- c:\programdata\Malwarebytes
2012-12-17 21:00 . 2012-12-17 21:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-17 21:00 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-17 18:49 . 2012-12-17 18:49 -------- d-----w- c:\users\Sandra\AppData\Roaming\Avira
2012-12-17 18:43 . 2012-12-03 14:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-17 18:43 . 2012-12-03 14:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-17 18:43 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-17 18:43 . 2012-12-17 18:43 -------- d-----w- c:\programdata\Avira
2012-12-17 18:43 . 2012-12-17 18:43 -------- d-----w- c:\program files (x86)\Avira
2012-12-13 13:26 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-13 13:26 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 21:28 . 2012-08-20 13:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 21:28 . 2011-06-24 11:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 13:31 . 2011-12-28 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 21:20 . 2012-11-27 19:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-27 19:31 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-27 19:31 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:45 . 2012-12-12 14:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-04 11:44 . 2011-11-05 15:42 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-04 11:44 . 2011-11-05 15:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-25 22:39 . 2012-11-16 13:04 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 21:55 . 2012-11-16 13:04 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-21 16:00 . 2011-12-25 17:46 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 16:00 . 2011-12-25 17:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-11-03 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-11 658424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-02-24 13352]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-09 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-05-21 02:06 96384]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-18 24992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 21:28]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8ea93073323e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-14 19:38]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-14 19:38]
.
2012-12-19 c:\windows\Tasks\HPCeeScheduleForSandra.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-24 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-24 410648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-09 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\fdm1o3wj.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-19 16:31:47
ComboFix-quarantined-files.txt 2012-12-19 15:31
.
Vor Suchlauf: 13 Verzeichnis(se), 163.679.248.384 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 163.415.101.440 Bytes frei
.
- - End Of File - - A0D32FB2C9AF58615C7DBEF646218C58
|
|
19.12.2012, 17:46
| #7 | |
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 20:26
| #8 |
| | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Nächste drei Schritte ausgeführt: Schritt 1: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.20.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Sandra :: SANDRA-HP [Administrator] 20.12.2012 14:17:43 mbam-log-2012-12-20 (14-17-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211118 Laufzeit: 5 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET hat nichts gefunden Schritt 3: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java(TM) 6 Update 31 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (5.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Der Trojaner sitzt immer noch in der Quarantäne bei Malwarebytes. Kann ich den löschen? |
|
20.12.2012, 21:09
| #9 |
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Am Ende wenn wir fertig sind, der stört da erstmal nicht. Schritt 1: Benutzerkontensteuerung aktivieren Die Benutzerkontensteuerung warnt dich davor, wenn ein Programm Administratorrechte anfordert. Sie ist vielleicht etwas nervig, aber sie schützt dich unter Umständen davor, dass sich ein Schädling bei dir einnistet. Schritt 2: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können. Schritt 3: Windows 7 Service Pack 1 installieren
Schritt 4: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Schritt 5: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 22:07
| #10 |
| | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Bin gerade dabei die letztgenannten fünf Schritte durchzuführen und habe eine Zwischenfrage. Seit ich Schritt 2 durchgeführt habe, funktioniert mein Internet Explorer nicht mehr richtig. Woran kann das liegen? |
|
20.12.2012, 22:10
| #11 |
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Kann man so nicht sagen, mache mal alles fertig, dann Neustart und dann sehen wir weiter.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 22:13
| #12 |
| | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Hab vor Schritt 3 schon zweimal neu gestartet, aber das hat keine Veränderung gebracht. Kann auf meine gmx-Startseite beispielweise gar nicht zugreifen. Bin im Moment im Firefox statt im Explorer. Downloadgeschwindigkeit ist auch extrem langsam. Aber gut, ich mach erstmal alles fertig. Alle 5 Schritte durchgeführt, hier der Inhalt von Schritt 5: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.135 Mozilla Firefox (5.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Problem mit dem Explorer besteht leider immer noch. Hier nochmal der aktuelleste Log von Security Check, nachdem ich beim letzten gesehen hab, dass es wohl noch ein Problem gab  :Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Adobe Flash Player 11.5.502.135 Mozilla Firefox (5.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ... Ich glaube, das Problem mit dem IE konnte ich inzwischen selbst lösen. Da war wohl ein Haken da, wo er vorher nicht war. Jedenfalls kann ich jetzt alle Seiten wieder aufrufen. Wie geht's jetzt weiter? |
|
21.12.2012, 22:16
| #13 | ||||
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Update: Firefox, Addons und Plugins
Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.12.2012, 22:25
| #14 |
| | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Das Deinstallieren klappt leider nicht. Es zeigt immer an: Durch die Internetsicherheitsoptionen wurde verhindert, dass eine oder mehrere Dateien geöffnet wurden. Erscheint sowohl beim Defogger und bei Combofix. Bitte also nochmal um Hilfe, was ich an den Internetsicherheitsoptionen ändern muss, damit es geht.  |
|
21.12.2012, 22:33
| #15 |
| /// TB-Ausbilder | Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? Deaktiviere Avira mal dabei.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Trojan.ZbotR.Gen nach Lufthansa Spam? Wie vorgehen? |
| administrator, anti-malware, antivir, appdata, autostart, code, datei, dateien, e-banking, explorer, folge, gelöscht, hilfe!, laptop, log, lufthansa, mail, malwarebytes, microsoft, nicht entpackt, online-banking, quarantäne, roaming, software, spam, speicher, trojaner, version, zbot-trojaner, zbotr.gen |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
