| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://isearch.babylon.com/?affID=111583&babsrc=lnkryWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2013, 13:36
| #1 |
 |  http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hallo, die im Titel genannte Seite erscheint immer, wenn ich Firefox 18.0 aufrufe. Etliche Versuche, dies abzustellen sind bisher gescheitert. Ist Hilfe möglich? Besten Gruß jws |
|
14.01.2013, 15:03
| #2 |
| /// Malware-holic   | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hi
__________________welche Versuche hast du unternommen? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
14.01.2013, 16:39
| #3 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.01.2013 16:17:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jws\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,94 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 47,72% Memory free 7,87 Gb Paging File | 3,93 Gb Available in Paging File | 49,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 573,14 Gb Total Space | 441,40 Gb Free Space | 77,01% Space Free | Partition Type: NTFS Drive E: | 17,73 Gb Total Space | 2,69 Gb Free Space | 15,18% Space Free | Partition Type: NTFS Drive F: | 4,98 Gb Total Space | 0,70 Gb Free Space | 14,11% Space Free | Partition Type: FAT32 Drive G: | 40,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JWS-HP-MOBIL | User Name: jws | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.14 15:11:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jws\Desktop\OTL.exe PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\jws\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.14 10:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2012.12.14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2012.12.12 18:02:06 | 003,084,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.08.10 10:59:30 | 002,514,560 | ---- | M] (OpenLimit SignCubes AG) -- C:\Program Files (x86)\AusweisApp\siqBootLoader.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.04.05 17:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe PRC - [2012.04.05 16:41:46 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2012.03.19 20:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe PRC - [2012.03.13 14:53:39 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe PRC - [2011.11.10 14:02:18 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011.03.16 11:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011.02.07 19:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011.02.07 19:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011.01.28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe PRC - [2011.01.26 18:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.17 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.01.17 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.07 04:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010.11.29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.11.26 12:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe PRC - [2010.11.11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 18:48:00 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll MOD - [2013.01.11 18:47:20 | 012,082,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\1ff0476d0a610dbd6031b209ec44f842\System.Web.ni.dll MOD - [2013.01.11 18:47:09 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 10:11:48 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013.01.11 10:11:43 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll MOD - [2013.01.10 14:58:47 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll MOD - [2013.01.10 14:58:39 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 14:58:05 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.10 14:57:55 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 14:57:41 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 14:57:32 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 14:57:25 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 14:57:24 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 14:57:17 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.10 14:42:31 | 011,522,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.10 14:42:27 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll MOD - [2013.01.10 14:42:23 | 007,070,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.10 14:42:23 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.10 14:42:20 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.10 14:42:19 | 003,883,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.10 14:42:17 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.10 14:42:15 | 009,095,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.10 14:42:10 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.04.05 17:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe MOD - [2011.09.05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll MOD - [2011.05.03 02:09:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.11.26 12:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.11.29 16:06:08 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2012.08.29 11:12:24 | 009,717,760 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL) SRV:64bit: - [2012.07.03 14:46:00 | 000,308,736 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.07.03 14:45:59 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2012.04.05 16:41:46 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2012.02.28 12:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.11.10 14:02:24 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2011.07.15 14:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011.03.28 07:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.01.28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2011.01.22 03:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.01.11 14:51:54 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.10 09:47:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.31 04:32:58 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\jws\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.12 18:02:06 | 003,084,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.20 12:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.03.19 20:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011.03.07 21:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService) SRV - [2011.02.07 19:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011.01.26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.01.22 03:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011.01.17 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.01.17 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.07 04:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.01.07 04:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.11.29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.11.11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010.09.30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 19:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.04 12:24:49 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.07.03 14:46:00 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.04.05 17:33:24 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2012.04.05 17:32:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 12:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.02.28 12:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.02.15 23:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.15 23:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.29 09:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb) DRV:64bit: - [2011.03.28 08:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.28 07:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.07 15:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011.01.31 11:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.01.27 06:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.12 19:11:20 | 002,611,704 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv) DRV:64bit: - [2011.01.08 16:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.01.07 04:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.01.07 04:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.01.07 04:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.01.07 04:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.01.07 04:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.01.07 04:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.01.07 04:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.12.03 01:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.11.30 17:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.11 08:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 21:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.30 17:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.comdirect.de/inf/index.html" FF - prefs.js..extensions.enabledAddons: bietfuchsbar%40bietfuchs.de:1.0.22 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B4F0963A3-1658-4fde-9585-23A25CC288BF%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.08.14 18:32:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.08.30 14:31:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.08.30 14:31:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 14:51:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.10 14:28:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\extensions\extension@preispilot.com [2012.12.31 12:52:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\extensions\firejump@firejump.net [2012.12.31 13:59:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 14:51:55 | 000,000,000 | ---D | M] [2012.02.13 11:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jws\AppData\Roaming\mozilla\Extensions [2013.01.13 10:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jws\AppData\Roaming\mozilla\Firefox\Profiles\msmxy4le.default\extensions [2013.01.11 14:52:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jws\AppData\Roaming\mozilla\Firefox\Profiles\msmxy4le.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.31 14:21:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\jws\AppData\Roaming\mozilla\Firefox\Profiles\msmxy4le.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.12.31 12:52:35 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\jws\AppData\Roaming\mozilla\Firefox\Profiles\msmxy4le.default\extensions\extension@preispilot.com [2012.12.31 13:59:21 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\jws\AppData\Roaming\mozilla\Firefox\Profiles\msmxy4le.default\extensions\firejump@firejump.net [2012.12.31 12:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jws\AppData\Roaming\mozilla\Firefox\Profiles\msmxy4le.default\extensions\extension@preispilot.com\chrome [2012.03.16 10:32:06 | 000,018,809 | ---- | M] () (No name found) -- C:\Users\jws\AppData\Roaming\mozilla\firefox\profiles\msmxy4le.default\extensions\bietfuchsbar@bietfuchs.de.xpi [2012.12.31 12:52:35 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\jws\AppData\Roaming\mozilla\firefox\profiles\msmxy4le.default\extensions\extension@preispilot.com.xpi [2012.12.31 14:21:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\jws\AppData\Roaming\mozilla\firefox\profiles\msmxy4le.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.07 10:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 10:03:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.30 14:31:41 | 000,000,000 | ---D | M] (AusweisApp) -- C:\PROGRAM FILES (X86)\AUSWEISAPP\MOZILLA\ECARDCLIENTPIN_FFXX_WIN [2013.01.11 14:51:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.11 14:51:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.11 14:51:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.11 14:51:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.11 14:51:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.11 14:51:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.11 14:51:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.iminent.com/?appId=889C7D04-248D-46F1-BEDB-D71F3F5B5A3F CHR - homepage: hxxp://search.iminent.com/?appId=889C7D04-248D-46F1-BEDB-D71F3F5B5A3F CHR - Extension: No name found = C:\Users\jws\AppData\Local\Google\Chrome\User Data\Default\Extensions\2.0.0.0_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (AusweisApp 1.9.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\jws\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe () O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AusweisApp] C:\Program Files (x86)\AusweisApp\siqBootLoader.exe (OpenLimit SignCubes AG) O4 - HKCU..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - Startup: C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jws\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jws\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\jws\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FCD6F96-8C9B-41D8-91D3-A1177389453C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\hpconnectionmanager.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpconnectionmanager.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 15:11:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jws\Desktop\OTL.exe [2013.01.14 14:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.01.14 14:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.01.14 13:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.01.14 13:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2013.01.14 13:38:51 | 000,000,000 | ---D | C] -- C:\Users\jws\Documents\Anti-Malware [2013.01.14 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.01.13 12:18:22 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\Malwarebytes [2013.01.13 12:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.13 12:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 12:18:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.01.13 12:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.13 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs [2013.01.07 12:30:46 | 000,000,000 | ---D | C] -- C:\Users\jws\Desktop\Hendershotgenerator [2013.01.03 16:36:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2013.01.03 14:30:53 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.12.31 09:09:05 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll [2012.12.31 09:09:05 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\uxtuneup.dll [2012.12.31 04:51:20 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe [2012.12.31 04:51:20 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll [2012.12.31 04:51:19 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll [2012.12.31 04:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.12.31 04:51:04 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\TuneUp Software [2012.12.31 04:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2012.12.31 04:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.31 04:50:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.31 04:50:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.31 04:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photobie [2012.12.31 04:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photobie [2012.12.31 04:34:38 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\SysWow64\dhRichClient3.dll [2012.12.31 04:34:07 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\DesktopIconForAmazon [2012.12.31 04:33:02 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\Opera [2012.12.31 04:32:58 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\OCS [2012.12.31 04:24:43 | 000,000,000 | ---D | C] -- C:\windows\Noslip [2012.12.27 17:47:16 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV [2012.12.26 09:14:48 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\Canon [2012.12.24 21:07:02 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Local\Nero_AG [2012.12.24 14:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.12.24 14:36:46 | 000,000,000 | -H-D | C] -- C:\CanoScan [2012.12.24 14:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.12.23 13:51:54 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\Avira [2012.12.23 12:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.23 12:31:20 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2012.12.23 12:31:20 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.12.23 12:31:20 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.12.23 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.22 11:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\femm 4.2 [2012.12.22 11:02:39 | 000,000,000 | ---D | C] -- C:\femm42 [2012.12.17 08:02:23 | 000,000,000 | ---D | C] -- C:\Users\jws\AppData\Roaming\RBotPlus [4 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.14 16:01:07 | 000,000,252 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job [2013.01.14 15:47:08 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.01.14 15:40:14 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.14 15:11:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jws\Desktop\OTL.exe [2013.01.14 14:40:31 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.14 13:39:41 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.01.14 12:47:28 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.01.14 12:47:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.14 11:14:34 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.14 11:14:34 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.14 10:31:53 | 000,001,926 | ---- | M] () -- C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk [2013.01.14 10:29:56 | 4226,138,112 | -HS- | M] () -- C:\hiberfil.sys [2013.01.13 12:18:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 10:25:07 | 000,554,087 | ---- | M] () -- C:\Users\jws\Desktop\adwcleaner2.101.exe [2013.01.11 16:01:23 | 000,011,768 | ---- | M] () -- C:\Users\jws\Desktop\Zugriffe.ods [2013.01.11 10:28:27 | 000,228,753 | ---- | M] () -- C:\Users\jws\Desktop\13_745.pdf [2013.01.10 14:49:17 | 000,302,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.10 14:43:29 | 001,591,930 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.01.10 14:43:29 | 000,697,322 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.10 14:43:29 | 000,652,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.10 14:43:29 | 000,148,328 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.10 14:43:29 | 000,121,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.10 14:43:23 | 001,591,930 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.10 13:11:14 | 003,797,872 | ---- | M] () -- C:\Users\jws\Desktop\Ablesebelege-Heizung-10-01-2013.pdf [2013.01.10 11:19:19 | 000,000,350 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForJWS-HP-MOBIL$.job [2013.01.09 17:40:05 | 000,000,866 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog [2013.01.09 17:04:27 | 000,030,154 | ---- | M] () -- C:\Users\jws\Desktop\Überweisung.pdf [2013.01.06 18:24:01 | 000,008,157 | ---- | M] () -- C:\Users\jws\Desktop\Rechnung neu.ods [2013.01.06 18:23:51 | 000,007,188 | ---- | M] () -- C:\Users\jws\Desktop\Probieren.ods [2013.01.06 18:23:42 | 000,008,256 | ---- | M] () -- C:\Users\jws\Desktop\source.ods [2013.01.03 17:31:28 | 000,013,761 | ---- | M] () -- C:\Users\jws\Desktop\Merken.odt [2013.01.03 14:36:21 | 000,001,239 | ---- | M] () -- C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.03 08:28:06 | 000,035,529 | ---- | M] () -- C:\Users\jws\Desktop\Anleitung.odt [2012.12.31 09:25:20 | 000,001,051 | ---- | M] () -- C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.31 04:40:51 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Photobie.lnk [2012.12.31 04:24:53 | 000,000,024 | ---- | M] () -- C:\windows\SysWow64\Kene32.uns [2012.12.29 18:44:44 | 000,018,957 | ---- | M] () -- C:\Users\jws\Desktop\conrad_1012_festplatte_04a[1].gif [2012.12.28 09:37:53 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForjws.job [2012.12.26 12:18:43 | 000,010,593 | ---- | M] () -- C:\windows\CSTBox.INI [4 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.14 13:39:41 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.01.13 12:18:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 10:24:59 | 000,554,087 | ---- | C] () -- C:\Users\jws\Desktop\adwcleaner2.101.exe [2013.01.11 10:35:12 | 000,228,753 | ---- | C] () -- C:\Users\jws\Desktop\13_745.pdf [2013.01.10 13:11:08 | 003,797,872 | ---- | C] () -- C:\Users\jws\Desktop\Ablesebelege-Heizung-10-01-2013.pdf [2013.01.09 17:04:42 | 000,030,154 | ---- | C] () -- C:\Users\jws\Desktop\Überweisung.pdf [2013.01.08 13:13:46 | 000,001,440 | ---- | C] () -- C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.06 17:49:38 | 000,008,256 | ---- | C] () -- C:\Users\jws\Desktop\source.ods [2013.01.06 17:32:43 | 000,007,188 | ---- | C] () -- C:\Users\jws\Desktop\Probieren.ods [2013.01.03 14:36:21 | 000,001,239 | ---- | C] () -- C:\Users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.02 17:00:13 | 000,035,529 | ---- | C] () -- C:\Users\jws\Desktop\Anleitung.odt [2012.12.31 14:37:35 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012.12.31 04:51:17 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.12.31 04:40:51 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Photobie.lnk [2012.12.31 04:34:38 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll [2012.12.31 04:24:53 | 000,000,024 | ---- | C] () -- C:\windows\SysWow64\Kene32.uns [2012.12.30 19:43:14 | 000,018,957 | ---- | C] () -- C:\Users\jws\Desktop\conrad_1012_festplatte_04a[1].gif [2012.12.26 12:18:43 | 000,010,593 | ---- | C] () -- C:\windows\CSTBox.INI [2012.12.24 14:35:51 | 000,001,104 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.24 14:35:50 | 000,001,100 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.21 18:20:14 | 000,011,768 | ---- | C] () -- C:\Users\jws\Desktop\Zugriffe.ods [2012.11.16 08:39:05 | 000,000,199 | ---- | C] () -- C:\windows\ODBCINST.INI [2012.07.26 19:58:23 | 000,000,394 | ---- | C] () -- C:\windows\hbcikrnl.ini [2012.07.26 19:58:13 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\SerialXP.dll [2012.07.26 19:58:13 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\win32com.dll [2012.04.25 15:38:55 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.02.24 14:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2012.02.24 14:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2011.11.10 14:02:22 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign [2011.11.10 14:02:20 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign [2011.11.10 14:02:18 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign [2011.09.05 09:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011.08.30 10:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign [2011.08.30 10:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign [2011.08.30 10:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll [2011.08.24 15:30:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign [2011.08.24 13:55:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign [2011.08.16 00:46:38 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdeccdf.sys [2011.08.16 00:33:05 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.08.16 00:30:03 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2011.08.16 00:28:43 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe [2011.08.16 00:28:43 | 000,014,409 | ---- | C] () -- C:\windows\TWAIN2080.ini [2011.08.16 00:28:42 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe [2011.08.16 00:28:42 | 000,003,892 | ---- | C] () -- C:\windows\Dext_27.ini [2011.08.16 00:28:42 | 000,003,884 | ---- | C] () -- C:\windows\Dext_25.ini [2011.08.16 00:28:42 | 000,003,882 | ---- | C] () -- C:\windows\Dext_21.ini [2011.08.16 00:28:42 | 000,003,802 | ---- | C] () -- C:\windows\Dext_14.ini [2011.08.16 00:28:42 | 000,003,700 | ---- | C] () -- C:\windows\Dext_16.ini [2011.08.16 00:28:42 | 000,003,672 | ---- | C] () -- C:\windows\Dext_31.ini [2011.08.16 00:28:42 | 000,003,648 | ---- | C] () -- C:\windows\Dext_36.ini [2011.08.16 00:28:42 | 000,003,622 | ---- | C] () -- C:\windows\Dext_20.ini [2011.08.16 00:28:42 | 000,003,586 | ---- | C] () -- C:\windows\Dext_22.ini [2011.08.16 00:28:42 | 000,003,550 | ---- | C] () -- C:\windows\Dext_19.ini [2011.08.16 00:28:42 | 000,003,492 | ---- | C] () -- C:\windows\Dext_24.ini [2011.08.16 00:28:42 | 000,003,450 | ---- | C] () -- C:\windows\Dext_29.ini [2011.08.16 00:28:42 | 000,003,342 | ---- | C] () -- C:\windows\Dext_30.ini [2011.08.16 00:28:42 | 000,003,174 | ---- | C] () -- C:\windows\Dext_13.ini [2011.08.16 00:28:42 | 000,002,750 | ---- | C] () -- C:\windows\Dext_17.ini [2011.08.16 00:28:42 | 000,002,674 | ---- | C] () -- C:\windows\Dext_18.ini [2011.08.16 00:28:42 | 000,002,638 | ---- | C] () -- C:\windows\Dext_2052.ini [2011.08.16 00:28:42 | 000,002,153 | ---- | C] () -- C:\windows\remove.ini [2011.08.16 00:28:41 | 000,003,926 | ---- | C] () -- C:\windows\Dext_12.ini [2011.08.16 00:28:41 | 000,003,820 | ---- | C] () -- C:\windows\Dext_11.ini [2011.08.16 00:28:41 | 000,003,802 | ---- | C] () -- C:\windows\Dext_05.ini [2011.08.16 00:28:41 | 000,003,704 | ---- | C] () -- C:\windows\Dext_10.ini [2011.08.16 00:28:41 | 000,003,682 | ---- | C] () -- C:\windows\Dext_08.ini [2011.08.16 00:28:41 | 000,003,624 | ---- | C] () -- C:\windows\Dext_1046.ini [2011.08.16 00:28:41 | 000,003,588 | ---- | C] () -- C:\windows\Dext_06.ini [2011.08.16 00:28:41 | 000,003,550 | ---- | C] () -- C:\windows\Dext_07.ini [2011.08.16 00:28:41 | 000,003,522 | ---- | C] () -- C:\windows\Dext_02.ini [2011.08.16 00:28:41 | 000,003,416 | ---- | C] () -- C:\windows\Dext_01.ini [2011.08.16 00:28:41 | 000,003,220 | ---- | C] () -- C:\windows\Dext_09.ini [2011.08.16 00:28:41 | 000,002,850 | ---- | C] () -- C:\windows\Dext_04.ini [2011.05.03 02:42:26 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecibj.sys [2011.05.03 02:18:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecied.sys [2011.05.03 01:50:35 | 001,591,930 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.03.28 20:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [2011.03.17 18:05:12 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.02.25 23:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011.02.21 09:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe [2011.01.27 06:55:20 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.01.27 06:55:20 | 000,213,332 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.01.27 06:55:20 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011.01.22 20:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.27 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\4Free [2012.02.22 07:25:11 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Amazon [2012.11.16 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\AvERP [2012.03.28 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Canneverbe Limited [2012.12.26 09:14:48 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Canon [2012.02.22 08:02:12 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager [2013.01.10 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\CoreFTP [2013.01.09 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\DesktopIconForAmazon [2012.02.13 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\DigitalPersona [2013.01.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Dropbox [2012.02.18 08:14:17 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\DVDVideoSoft [2012.02.18 08:14:06 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.11 07:48:15 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\FRITZ! [2012.07.10 09:02:59 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.02.14 09:32:57 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\FXTS2 [2012.05.14 07:57:16 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Lvisu [2012.05.27 13:40:56 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\MetaQuotes [2012.12.31 04:32:58 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\OCS [2012.02.13 12:47:51 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\OpenOffice.org [2012.12.31 04:33:02 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Opera [2012.12.21 07:55:29 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\RBotPlus [2012.12.09 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Samsung [2013.01.08 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\SoftGrid Client [2012.11.23 14:23:16 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Steganos [2012.02.13 11:05:31 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Synaptics [2012.10.31 12:31:33 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\TeamViewer [2012.09.10 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Thunderbird [2012.02.17 06:49:07 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\TP [2012.12.31 04:51:04 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\TuneUp Software [2013.01.08 07:14:07 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\UseNeXT [2012.11.27 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\VSO [2012.02.14 02:48:45 | 000,000,000 | ---D | M] -- C:\Users\jws\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.17 10:18:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.09 14:18:47 | 000,000,000 | ---D | M] -- C:\AllShare [2012.11.16 09:36:16 | 000,000,000 | ---D | M] -- C:\AVERP [2009.07.27 16:04:41 | 000,000,000 | -HSD | M] -- C:\boot [2012.12.24 14:36:46 | 000,000,000 | -H-D | M] -- C:\CanoScan [2012.02.14 19:09:01 | 000,000,000 | ---D | M] -- C:\dabd182bf01eb00f85c26d [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.09 14:22:55 | 000,000,000 | ---D | M] -- C:\Download [2011.05.03 01:06:54 | 000,000,000 | ---D | M] -- C:\EFI [2012.12.22 11:02:41 | 000,000,000 | ---D | M] -- C:\femm42 [2011.05.03 02:42:53 | 000,000,000 | -H-D | M] -- C:\hp [2012.02.17 06:48:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.11.27 13:34:04 | 000,000,000 | -HSD | M] -- C:\Nsi.pending [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.16 17:42:27 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.14 14:05:05 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.13 12:18:19 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.04 12:25:02 | 000,000,000 | ---D | M] -- C:\swsetup [2013.01.14 16:19:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.13 11:04:19 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2012.12.25 15:15:01 | 000,000,000 | ---D | M] -- C:\Temp [2012.02.13 10:55:35 | 000,000,000 | R--D | M] -- C:\Users [2012.12.31 13:59:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2007.02.05 17:07:26 | 000,087,552 | ---- | M] (AVM Berlin) -- C:\Windows\system32\avmtfbox.tsp [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,530 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.02.13 10:55:15 | 000,000,350 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForJWS-HP-MOBIL$.job [2012.02.14 11:56:17 | 000,000,324 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForjws.job [2012.04.13 06:29:19 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job [2012.04.25 15:42:02 | 000,000,252 | ---- | C] () -- C:\windows\Tasks\HP Photo Creations Messager.job [2012.12.24 14:35:50 | 000,001,100 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.12.24 14:35:51 | 000,001,104 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.10.29 06:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.10.29 06:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.10.29 06:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.10.29 06:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.10.29 06:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.10.29 06:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.10.29 06:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.10.29 06:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys [2011.01.13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010.05.12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010.05.12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.05.12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010.05.12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.10.29 06:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.10.29 06:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll [4 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.01.14 16:32:55 | 003,670,016 | -HS- | M] () -- C:\Users\jws\NTUSER.DAT [2013.01.14 16:32:55 | 000,262,144 | -HS- | M] () -- C:\Users\jws\ntuser.dat.LOG1 [2012.02.13 10:55:35 | 000,000,000 | -HS- | M] () -- C:\Users\jws\ntuser.dat.LOG2 [2012.02.13 12:50:53 | 000,065,536 | -HS- | M] () -- C:\Users\jws\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.02.13 12:50:53 | 000,524,288 | -HS- | M] () -- C:\Users\jws\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.02.13 12:50:53 | 000,524,288 | -HS- | M] () -- C:\Users\jws\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2009.07.27 15:09:59 | 000,000,020 | -HS- | M] () -- C:\Users\jws\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Hallo Markus, danke für die schnelle Antwort! Eine Datei "Extra.txt" wurde leider nicht erstellt. Habe ich vergessen, etwas einzustellen? Bisher habe ich alle Einstellungen und Löschungen im Browser vorgenommen, die mit dem Zugriff auf diese Website zu tun haben könnten. Ich habe verschiedene Scanner laufen lassen und auch diverse Malware gefunden. Hat aber das Problem nicht gelöst .... Besten Gruß |
|
14.01.2013, 17:04
| #4 |
| /// Malware-holic | http://isearch.babylon.com/?affID=111583&babsrc=lnkry hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 17:28
| #5 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry 17:19:01.0576 5088 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:19:01.0779 5088 ============================================================ 17:19:01.0779 5088 Current date / time: 2013/01/14 17:19:01.0779 17:19:01.0779 5088 SystemInfo: 17:19:01.0779 5088 17:19:01.0779 5088 OS Version: 6.1.7601 ServicePack: 1.0 17:19:01.0779 5088 Product type: Workstation 17:19:01.0795 5088 ComputerName: JWS-HP-MOBIL 17:19:01.0795 5088 UserName: jws 17:19:01.0795 5088 Windows directory: C:\windows 17:19:01.0795 5088 System windows directory: C:\windows 17:19:01.0795 5088 Running under WOW64 17:19:01.0795 5088 Processor architecture: Intel x64 17:19:01.0795 5088 Number of processors: 4 17:19:01.0795 5088 Page size: 0x1000 17:19:01.0795 5088 Boot type: Normal boot 17:19:01.0795 5088 ============================================================ 17:19:02.0653 5088 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:19:02.0653 5088 ============================================================ 17:19:02.0653 5088 \Device\Harddisk0\DR0: 17:19:02.0653 5088 MBR partitions: 17:19:02.0653 5088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000 17:19:02.0653 5088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x47A48000 17:19:02.0653 5088 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47ADE800, BlocksNum 0x2378000 17:19:02.0653 5088 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x49E56800, BlocksNum 0x9FD800 17:19:02.0653 5088 ============================================================ 17:19:02.0684 5088 C: <-> \Device\Harddisk0\DR0\Partition2 17:19:02.0715 5088 E: <-> \Device\Harddisk0\DR0\Partition3 17:19:02.0731 5088 F: <-> \Device\Harddisk0\DR0\Partition4 17:19:02.0731 5088 ============================================================ 17:19:02.0731 5088 Initialize success 17:19:02.0731 5088 ============================================================ 17:20:21.0199 7660 ============================================================ 17:20:21.0214 7660 Scan started 17:20:21.0214 7660 Mode: Manual; SigCheck; TDLFS; 17:20:21.0214 7660 ============================================================ 17:20:21.0479 7660 ================ Scan system memory ======================== 17:20:21.0479 7660 System memory - ok 17:20:21.0479 7660 ================ Scan services ============================= 17:20:21.0651 7660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 17:20:21.0807 7660 1394ohci - ok 17:20:21.0916 7660 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys 17:20:22.0010 7660 a2acc - ok 17:20:22.0712 7660 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe 17:20:22.0759 7660 a2AntiMalware - ok 17:20:22.0774 7660 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys 17:20:22.0790 7660 A2DDA - ok 17:20:22.0837 7660 [ A3D3A95303269011060BBCFB97CA1DD5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys 17:20:22.0868 7660 Accelerometer - ok 17:20:22.0930 7660 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 17:20:22.0961 7660 ACDaemon - ok 17:20:23.0008 7660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 17:20:23.0055 7660 ACPI - ok 17:20:23.0086 7660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 17:20:23.0164 7660 AcpiPmi - ok 17:20:23.0258 7660 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:20:23.0289 7660 AdobeARMservice - ok 17:20:23.0414 7660 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:20:23.0445 7660 AdobeFlashPlayerUpdateSvc - ok 17:20:23.0476 7660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 17:20:23.0507 7660 adp94xx - ok 17:20:23.0539 7660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 17:20:23.0554 7660 adpahci - ok 17:20:23.0585 7660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 17:20:23.0585 7660 adpu320 - ok 17:20:23.0617 7660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 17:20:23.0757 7660 AeLookupSvc - ok 17:20:23.0835 7660 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 17:20:23.0944 7660 AESTFilters - ok 17:20:24.0007 7660 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys 17:20:24.0022 7660 Afc - ok 17:20:24.0069 7660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 17:20:24.0100 7660 AFD - ok 17:20:24.0163 7660 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys 17:20:24.0225 7660 AgereSoftModem - ok 17:20:24.0272 7660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 17:20:24.0287 7660 agp440 - ok 17:20:24.0319 7660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 17:20:24.0381 7660 ALG - ok 17:20:24.0428 7660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 17:20:24.0428 7660 aliide - ok 17:20:24.0475 7660 [ D5518E3BBFD69520FA3BDD3D05B5B458 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe 17:20:24.0568 7660 AMD External Events Utility - ok 17:20:24.0599 7660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 17:20:24.0599 7660 amdide - ok 17:20:24.0631 7660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 17:20:24.0693 7660 AmdK8 - ok 17:20:24.0880 7660 [ BE85FDC481F3BFBC036BB5D96DBBD12D ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys 17:20:25.0114 7660 amdkmdag - ok 17:20:25.0177 7660 [ 8E0146E61409C46855F1DD008EAEDD5D ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys 17:20:25.0192 7660 amdkmdap - ok 17:20:25.0208 7660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 17:20:25.0223 7660 AmdPPM - ok 17:20:25.0255 7660 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 17:20:25.0270 7660 amdsata - ok 17:20:25.0286 7660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 17:20:25.0301 7660 amdsbs - ok 17:20:25.0317 7660 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 17:20:25.0317 7660 amdxata - ok 17:20:25.0395 7660 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:20:25.0411 7660 AntiVirSchedulerService - ok 17:20:25.0442 7660 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:20:25.0457 7660 AntiVirService - ok 17:20:25.0473 7660 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 17:20:25.0489 7660 AntiVirWebService - ok 17:20:25.0535 7660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 17:20:25.0691 7660 AppID - ok 17:20:25.0723 7660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 17:20:25.0769 7660 AppIDSvc - ok 17:20:25.0801 7660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 17:20:25.0879 7660 Appinfo - ok 17:20:25.0910 7660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys 17:20:25.0925 7660 arc - ok 17:20:25.0941 7660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 17:20:25.0957 7660 arcsas - ok 17:20:25.0988 7660 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys 17:20:26.0003 7660 ARCVCAM - ok 17:20:26.0081 7660 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:20:26.0097 7660 aspnet_state - ok 17:20:26.0128 7660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 17:20:26.0206 7660 AsyncMac - ok 17:20:26.0237 7660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 17:20:26.0253 7660 atapi - ok 17:20:26.0284 7660 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys 17:20:26.0284 7660 AthBTPort - ok 17:20:26.0347 7660 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe 17:20:26.0362 7660 Atheros Bt&Wlan Coex Agent - ok 17:20:26.0393 7660 [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 17:20:26.0409 7660 AtherosSvc - ok 17:20:26.0487 7660 [ 675B31FCFAF319C0CBB908FEB6B90471 ] athr C:\windows\system32\DRIVERS\athrx.sys 17:20:26.0565 7660 athr - ok 17:20:26.0643 7660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 17:20:26.0737 7660 AudioEndpointBuilder - ok 17:20:26.0752 7660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 17:20:26.0783 7660 AudioSrv - ok 17:20:26.0830 7660 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 17:20:26.0861 7660 avgntflt - ok 17:20:26.0893 7660 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 17:20:26.0908 7660 avipbb - ok 17:20:26.0939 7660 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 17:20:26.0955 7660 avkmgr - ok 17:20:27.0033 7660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 17:20:27.0314 7660 AxInstSV - ok 17:20:27.0392 7660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 17:20:27.0470 7660 b06bdrv - ok 17:20:27.0501 7660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 17:20:27.0532 7660 b57nd60a - ok 17:20:27.0579 7660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 17:20:27.0626 7660 BDESVC - ok 17:20:27.0657 7660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 17:20:27.0719 7660 Beep - ok 17:20:27.0766 7660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 17:20:27.0813 7660 BFE - ok 17:20:27.0844 7660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 17:20:27.0922 7660 BITS - ok 17:20:27.0938 7660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 17:20:27.0969 7660 blbdrive - ok 17:20:28.0000 7660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 17:20:28.0063 7660 bowser - ok 17:20:28.0078 7660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 17:20:28.0141 7660 BrFiltLo - ok 17:20:28.0156 7660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 17:20:28.0172 7660 BrFiltUp - ok 17:20:28.0219 7660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 17:20:28.0265 7660 Browser - ok 17:20:28.0312 7660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 17:20:28.0343 7660 Brserid - ok 17:20:28.0390 7660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 17:20:28.0421 7660 BrSerWdm - ok 17:20:28.0437 7660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 17:20:28.0468 7660 BrUsbMdm - ok 17:20:28.0484 7660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 17:20:28.0515 7660 BrUsbSer - ok 17:20:28.0546 7660 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys 17:20:28.0546 7660 BTATH_A2DP - ok 17:20:28.0577 7660 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys 17:20:28.0577 7660 BTATH_BUS - ok 17:20:28.0609 7660 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys 17:20:28.0609 7660 BTATH_HCRP - ok 17:20:28.0624 7660 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys 17:20:28.0624 7660 BTATH_LWFLT - ok 17:20:28.0655 7660 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys 17:20:28.0655 7660 BTATH_RCP - ok 17:20:28.0702 7660 [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys 17:20:28.0718 7660 BtFilter - ok 17:20:28.0765 7660 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 17:20:28.0858 7660 BthEnum - ok 17:20:28.0889 7660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 17:20:28.0936 7660 BTHMODEM - ok 17:20:28.0967 7660 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 17:20:28.0999 7660 BthPan - ok 17:20:29.0045 7660 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 17:20:29.0108 7660 BTHPORT - ok 17:20:29.0139 7660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 17:20:29.0186 7660 bthserv - ok 17:20:29.0217 7660 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 17:20:29.0248 7660 BTHUSB - ok 17:20:29.0279 7660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 17:20:29.0311 7660 cdfs - ok 17:20:29.0357 7660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 17:20:29.0389 7660 cdrom - ok 17:20:29.0420 7660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 17:20:29.0482 7660 CertPropSvc - ok 17:20:29.0513 7660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys 17:20:29.0576 7660 circlass - ok 17:20:29.0654 7660 [ ED81E81752CA817AFA740C14AD05BC6C ] cjpcsc C:\windows\SysWOW64\cjpcsc.exe 17:20:29.0685 7660 cjpcsc - ok 17:20:29.0716 7660 [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb C:\windows\system32\DRIVERS\cjusb.sys 17:20:29.0732 7660 cjusb - ok 17:20:29.0747 7660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 17:20:29.0763 7660 CLFS - ok 17:20:29.0825 7660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:20:29.0857 7660 clr_optimization_v2.0.50727_32 - ok 17:20:29.0888 7660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:20:29.0903 7660 clr_optimization_v2.0.50727_64 - ok 17:20:29.0966 7660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:20:29.0966 7660 clr_optimization_v4.0.30319_32 - ok 17:20:29.0981 7660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:20:29.0997 7660 clr_optimization_v4.0.30319_64 - ok 17:20:30.0028 7660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 17:20:30.0044 7660 CmBatt - ok 17:20:30.0075 7660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 17:20:30.0106 7660 cmdide - ok 17:20:30.0137 7660 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 17:20:30.0169 7660 CNG - ok 17:20:30.0184 7660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 17:20:30.0200 7660 Compbatt - ok 17:20:30.0231 7660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 17:20:30.0262 7660 CompositeBus - ok 17:20:30.0262 7660 COMSysApp - ok 17:20:30.0293 7660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 17:20:30.0293 7660 crcdisk - ok 17:20:30.0340 7660 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 17:20:30.0418 7660 CryptSvc - ok 17:20:30.0496 7660 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 17:20:30.0543 7660 cvhsvc - ok 17:20:30.0574 7660 [ 2E3374F9F0B5A3247B779978980C24CB ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys 17:20:30.0590 7660 DAMDrv - ok 17:20:30.0637 7660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 17:20:30.0699 7660 DcomLaunch - ok 17:20:30.0715 7660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 17:20:30.0761 7660 defragsvc - ok 17:20:30.0808 7660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 17:20:30.0871 7660 DfsC - ok 17:20:30.0917 7660 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys 17:20:30.0949 7660 dg_ssudbus - ok 17:20:30.0980 7660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 17:20:31.0042 7660 Dhcp - ok 17:20:31.0073 7660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 17:20:31.0120 7660 discache - ok 17:20:31.0167 7660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys 17:20:31.0183 7660 Disk - ok 17:20:31.0214 7660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 17:20:31.0245 7660 Dnscache - ok 17:20:31.0292 7660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 17:20:31.0339 7660 dot3svc - ok 17:20:31.0448 7660 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe 17:20:31.0479 7660 DpHost - ok 17:20:31.0510 7660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 17:20:31.0557 7660 DPS - ok 17:20:31.0604 7660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 17:20:31.0651 7660 drmkaud - ok 17:20:31.0682 7660 [ AE2661B8ADFA325AF0EA096D969533F3 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 17:20:31.0713 7660 DXGKrnl - ok 17:20:31.0744 7660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 17:20:31.0775 7660 EapHost - ok 17:20:31.0869 7660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 17:20:32.0025 7660 ebdrv - ok 17:20:32.0041 7660 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 17:20:32.0119 7660 EFS - ok 17:20:32.0165 7660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 17:20:32.0243 7660 ehRecvr - ok 17:20:32.0259 7660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 17:20:32.0306 7660 ehSched - ok 17:20:32.0337 7660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 17:20:32.0368 7660 elxstor - ok 17:20:32.0368 7660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 17:20:32.0399 7660 ErrDev - ok 17:20:32.0446 7660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 17:20:32.0493 7660 EventSystem - ok 17:20:32.0524 7660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 17:20:32.0571 7660 exfat - ok 17:20:32.0587 7660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 17:20:32.0633 7660 fastfat - ok 17:20:32.0696 7660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 17:20:32.0743 7660 Fax - ok 17:20:32.0758 7660 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys 17:20:32.0789 7660 fdc - ok 17:20:32.0821 7660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 17:20:32.0852 7660 fdPHost - ok 17:20:32.0867 7660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 17:20:32.0899 7660 FDResPub - ok 17:20:32.0945 7660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 17:20:32.0961 7660 FileInfo - ok 17:20:32.0961 7660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 17:20:33.0039 7660 Filetrace - ok 17:20:33.0070 7660 [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe 17:20:33.0101 7660 FLCDLOCK - ok 17:20:33.0133 7660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 17:20:33.0164 7660 flpydisk - ok 17:20:33.0211 7660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 17:20:33.0242 7660 FltMgr - ok 17:20:33.0273 7660 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 17:20:33.0304 7660 FontCache - ok 17:20:33.0351 7660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:20:33.0351 7660 FontCache3.0.0.0 - ok 17:20:33.0382 7660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 17:20:33.0382 7660 FsDepends - ok 17:20:33.0460 7660 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys 17:20:33.0476 7660 fssfltr - ok 17:20:33.0601 7660 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 17:20:33.0663 7660 fsssvc - ok 17:20:33.0694 7660 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 17:20:33.0694 7660 Fs_Rec - ok 17:20:33.0741 7660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 17:20:33.0757 7660 fvevol - ok 17:20:33.0788 7660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 17:20:33.0788 7660 gagp30kx - ok 17:20:33.0850 7660 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 17:20:33.0882 7660 GameConsoleService - ok 17:20:33.0928 7660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 17:20:34.0006 7660 gpsvc - ok 17:20:34.0069 7660 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:20:34.0084 7660 gupdate - ok 17:20:34.0100 7660 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:20:34.0100 7660 gupdatem - ok 17:20:34.0131 7660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 17:20:34.0162 7660 hcw85cir - ok 17:20:34.0225 7660 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 17:20:34.0272 7660 HdAudAddService - ok 17:20:34.0334 7660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 17:20:34.0381 7660 HDAudBus - ok 17:20:34.0396 7660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 17:20:34.0428 7660 HidBatt - ok 17:20:34.0459 7660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 17:20:34.0490 7660 HidBth - ok 17:20:34.0506 7660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys 17:20:34.0537 7660 HidIr - ok 17:20:34.0552 7660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 17:20:34.0615 7660 hidserv - ok 17:20:34.0646 7660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 17:20:34.0662 7660 HidUsb - ok 17:20:34.0677 7660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 17:20:34.0724 7660 hkmsvc - ok 17:20:34.0786 7660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 17:20:34.0849 7660 HomeGroupListener - ok 17:20:34.0880 7660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 17:20:34.0896 7660 HomeGroupProvider - ok 17:20:34.0958 7660 [ E8F8A94109429A327521C83AE2C25941 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe 17:20:34.0974 7660 HP Power Assistant Service - ok 17:20:35.0036 7660 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 17:20:35.0052 7660 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning 17:20:35.0052 7660 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1) 17:20:35.0098 7660 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe 17:20:35.0130 7660 HPDayStarterService - ok 17:20:35.0208 7660 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 17:20:35.0239 7660 HPDrvMntSvc.exe - ok 17:20:35.0254 7660 [ 4EC5F601B46C00DF87323CD58E8AA1A3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys 17:20:35.0270 7660 hpdskflt - ok 17:20:35.0317 7660 [ 98FAB0413C7365C9069994D7CE47F3EC ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe 17:20:35.0348 7660 HPFSService ( UnsignedFile.Multi.Generic ) - warning 17:20:35.0348 7660 HPFSService - detected UnsignedFile.Multi.Generic (1) 17:20:35.0410 7660 [ 4968C0728E257B3B6210244A9CDE2A08 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe 17:20:35.0426 7660 hpHotkeyMonitor - ok 17:20:35.0442 7660 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys 17:20:35.0442 7660 HpqKbFiltr - ok 17:20:35.0473 7660 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 17:20:35.0504 7660 hpqwmiex - ok 17:20:35.0535 7660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 17:20:35.0535 7660 HpSAMD - ok 17:20:35.0582 7660 [ 3A63CD2EAC2188CF2660A8E8DA701AB7 ] hpsrv C:\windows\system32\Hpservice.exe 17:20:35.0598 7660 hpsrv - ok 17:20:35.0660 7660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 17:20:35.0722 7660 HTTP - ok 17:20:35.0754 7660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 17:20:35.0769 7660 hwpolicy - ok 17:20:35.0816 7660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 17:20:35.0832 7660 i8042prt - ok 17:20:35.0863 7660 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 17:20:35.0878 7660 iaStor - ok 17:20:35.0925 7660 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 17:20:35.0941 7660 IAStorDataMgrSvc - ok 17:20:35.0988 7660 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 17:20:36.0003 7660 iaStorV - ok 17:20:36.0050 7660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:20:36.0066 7660 idsvc - ok 17:20:36.0097 7660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 17:20:36.0112 7660 iirsp - ok 17:20:36.0159 7660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 17:20:36.0268 7660 IKEEXT - ok 17:20:36.0331 7660 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 17:20:36.0378 7660 IntcDAud - ok 17:20:36.0393 7660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 17:20:36.0409 7660 intelide - ok 17:20:36.0643 7660 [ EFE5A0AF39A8E179624117C521F1E012 ] intelkmd C:\windows\system32\DRIVERS\igdpmd64.sys 17:20:36.0939 7660 intelkmd - ok 17:20:36.0986 7660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 17:20:37.0017 7660 intelppm - ok 17:20:37.0048 7660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 17:20:37.0111 7660 IPBusEnum - ok 17:20:37.0142 7660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 17:20:37.0173 7660 IpFilterDriver - ok 17:20:37.0220 7660 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 17:20:37.0236 7660 iphlpsvc - ok 17:20:37.0267 7660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 17:20:37.0282 7660 IPMIDRV - ok 17:20:37.0298 7660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 17:20:37.0345 7660 IPNAT - ok 17:20:37.0376 7660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 17:20:37.0438 7660 IRENUM - ok 17:20:37.0485 7660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 17:20:37.0501 7660 isapnp - ok 17:20:37.0516 7660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 17:20:37.0532 7660 iScsiPrt - ok 17:20:37.0594 7660 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 17:20:37.0626 7660 jhi_service - ok 17:20:37.0657 7660 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys 17:20:37.0657 7660 JMCR - ok 17:20:37.0688 7660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 17:20:37.0704 7660 kbdclass - ok 17:20:37.0735 7660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 17:20:37.0750 7660 kbdhid - ok 17:20:37.0782 7660 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 17:20:37.0797 7660 KeyIso - ok 17:20:37.0797 7660 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 17:20:37.0813 7660 KSecDD - ok 17:20:37.0828 7660 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 17:20:37.0828 7660 KSecPkg - ok 17:20:37.0860 7660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 17:20:37.0906 7660 ksthunk - ok 17:20:37.0938 7660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 17:20:37.0969 7660 KtmRm - ok 17:20:38.0047 7660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 17:20:38.0125 7660 LanmanServer - ok 17:20:38.0156 7660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 17:20:38.0187 7660 LanmanWorkstation - ok 17:20:38.0250 7660 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 17:20:38.0281 7660 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 17:20:38.0281 7660 LightScribeService - detected UnsignedFile.Multi.Generic (1) 17:20:38.0328 7660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 17:20:38.0390 7660 lltdio - ok 17:20:38.0421 7660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 17:20:38.0484 7660 lltdsvc - ok 17:20:38.0515 7660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 17:20:38.0546 7660 lmhosts - ok 17:20:38.0593 7660 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:20:38.0640 7660 LMS - ok 17:20:38.0671 7660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 17:20:38.0671 7660 LSI_FC - ok 17:20:38.0702 7660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 17:20:38.0702 7660 LSI_SAS - ok 17:20:38.0718 7660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 17:20:38.0733 7660 LSI_SAS2 - ok 17:20:38.0733 7660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 17:20:38.0749 7660 LSI_SCSI - ok 17:20:38.0780 7660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 17:20:38.0827 7660 luafv - ok 17:20:38.0858 7660 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys 17:20:38.0874 7660 MBAMProtector - ok 17:20:38.0920 7660 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 17:20:38.0920 7660 MBAMScheduler - ok 17:20:38.0952 7660 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:20:38.0967 7660 MBAMService - ok 17:20:39.0061 7660 [ 9B6B1F995F70AD951496088B16BC6782 ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 17:20:39.0092 7660 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning 17:20:39.0092 7660 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1) 17:20:39.0186 7660 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe 17:20:39.0217 7660 McComponentHostService - ok 17:20:39.0264 7660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 17:20:39.0295 7660 Mcx2Svc - ok 17:20:39.0326 7660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys 17:20:39.0342 7660 megasas - ok 17:20:39.0357 7660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 17:20:39.0388 7660 MegaSR - ok 17:20:39.0404 7660 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 17:20:39.0420 7660 MEIx64 - ok 17:20:39.0451 7660 [ 1D0535ABA49C80D20807DB748CA756DF ] MfeEpeOpal C:\windows\system32\drivers\MfeEpeOpal.sys 17:20:39.0466 7660 MfeEpeOpal - ok 17:20:39.0466 7660 [ 01446E52580019F8A9C77BB6840BC1FC ] MfeEpePc C:\windows\system32\drivers\MfeEpePc.sys 17:20:39.0482 7660 MfeEpePc - ok 17:20:39.0513 7660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 17:20:39.0544 7660 MMCSS - ok 17:20:39.0560 7660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 17:20:39.0607 7660 Modem - ok 17:20:39.0622 7660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 17:20:39.0638 7660 monitor - ok 17:20:39.0685 7660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 17:20:39.0700 7660 mouclass - ok 17:20:39.0747 7660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 17:20:39.0778 7660 mouhid - ok 17:20:39.0841 7660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 17:20:39.0872 7660 mountmgr - ok 17:20:39.0934 7660 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:20:39.0966 7660 MozillaMaintenance - ok 17:20:39.0981 7660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 17:20:39.0997 7660 mpio - ok 17:20:40.0028 7660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 17:20:40.0059 7660 mpsdrv - ok 17:20:40.0090 7660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 17:20:40.0137 7660 MpsSvc - ok 17:20:40.0153 7660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 17:20:40.0184 7660 MRxDAV - ok 17:20:40.0200 7660 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 17:20:40.0231 7660 mrxsmb - ok 17:20:40.0231 7660 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 17:20:40.0262 7660 mrxsmb10 - ok 17:20:40.0278 7660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 17:20:40.0293 7660 mrxsmb20 - ok 17:20:40.0324 7660 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 17:20:40.0340 7660 msahci - ok 17:20:40.0356 7660 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 17:20:40.0356 7660 msdsm - ok 17:20:40.0387 7660 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 17:20:40.0402 7660 MSDTC - ok 17:20:40.0434 7660 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 17:20:40.0512 7660 Msfs - ok 17:20:40.0527 7660 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 17:20:40.0574 7660 mshidkmdf - ok 17:20:40.0590 7660 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 17:20:40.0605 7660 msisadrv - ok 17:20:40.0636 7660 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 17:20:40.0668 7660 MSiSCSI - ok 17:20:40.0683 7660 msiserver - ok 17:20:40.0714 7660 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 17:20:40.0746 7660 MSKSSRV - ok 17:20:40.0761 7660 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 17:20:40.0808 7660 MSPCLOCK - ok 17:20:40.0824 7660 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 17:20:40.0870 7660 MSPQM - ok 17:20:40.0902 7660 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 17:20:40.0948 7660 MsRPC - ok 17:20:40.0964 7660 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 17:20:40.0980 7660 mssmbios - ok 17:20:41.0026 7660 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 17:20:41.0073 7660 MSTEE - ok 17:20:41.0104 7660 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 17:20:41.0151 7660 MTConfig - ok 17:20:41.0198 7660 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 17:20:41.0214 7660 Mup - ok 17:20:41.0260 7660 MySQL - ok 17:20:41.0307 7660 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 17:20:41.0385 7660 napagent - ok 17:20:41.0432 7660 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 17:20:41.0479 7660 NativeWifiP - ok 17:20:41.0588 7660 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 17:20:41.0619 7660 NAUpdate - ok 17:20:41.0682 7660 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 17:20:41.0728 7660 NDIS - ok 17:20:41.0760 7660 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 17:20:41.0806 7660 NdisCap - ok 17:20:41.0822 7660 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 17:20:41.0869 7660 NdisTapi - ok 17:20:41.0916 7660 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 17:20:41.0962 7660 Ndisuio - ok 17:20:41.0978 7660 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 17:20:42.0056 7660 NdisWan - ok 17:20:42.0087 7660 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 17:20:42.0118 7660 NDProxy - ok 17:20:42.0150 7660 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 17:20:42.0181 7660 NetBIOS - ok 17:20:42.0212 7660 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 17:20:42.0243 7660 NetBT - ok 17:20:42.0274 7660 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 17:20:42.0274 7660 Netlogon - ok 17:20:42.0321 7660 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 17:20:42.0368 7660 Netman - ok 17:20:42.0415 7660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:20:42.0477 7660 NetMsmqActivator - ok 17:20:42.0477 7660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:20:42.0493 7660 NetPipeActivator - ok 17:20:42.0524 7660 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 17:20:42.0586 7660 netprofm - ok 17:20:42.0602 7660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:20:42.0602 7660 NetTcpActivator - ok 17:20:42.0602 7660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:20:42.0618 7660 NetTcpPortSharing - ok 17:20:42.0633 7660 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 17:20:42.0633 7660 nfrd960 - ok 17:20:42.0680 7660 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 17:20:42.0696 7660 NlaSvc - ok 17:20:42.0742 7660 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 17:20:42.0774 7660 Npfs - ok 17:20:42.0789 7660 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 17:20:42.0820 7660 nsi - ok 17:20:42.0820 7660 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 17:20:42.0867 7660 nsiproxy - ok 17:20:42.0914 7660 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 17:20:42.0945 7660 Ntfs - ok 17:20:42.0961 7660 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 17:20:43.0008 7660 Null - ok 17:20:43.0023 7660 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 17:20:43.0039 7660 nvraid - ok 17:20:43.0054 7660 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 17:20:43.0054 7660 nvstor - ok 17:20:43.0086 7660 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 17:20:43.0101 7660 nv_agp - ok 17:20:43.0117 7660 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 17:20:43.0148 7660 ohci1394 - ok 17:20:43.0179 7660 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:20:43.0195 7660 ose - ok 17:20:43.0335 7660 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:20:43.0491 7660 osppsvc - ok 17:20:43.0507 7660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 17:20:43.0522 7660 p2pimsvc - ok 17:20:43.0554 7660 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 17:20:43.0585 7660 p2psvc - ok 17:20:43.0616 7660 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys 17:20:43.0616 7660 Parport - ok 17:20:43.0647 7660 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 17:20:43.0663 7660 partmgr - ok 17:20:43.0678 7660 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 17:20:43.0710 7660 PcaSvc - ok 17:20:43.0725 7660 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 17:20:43.0741 7660 pci - ok 17:20:43.0756 7660 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 17:20:43.0772 7660 pciide - ok 17:20:43.0788 7660 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 17:20:43.0803 7660 pcmcia - ok 17:20:43.0819 7660 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 17:20:43.0819 7660 pcw - ok 17:20:43.0850 7660 pdfcDispatcher - ok 17:20:43.0881 7660 [ 4A8CC4D25525F456069887D5E8C53225 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe 17:20:43.0912 7660 PdiService - ok 17:20:43.0944 7660 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 17:20:44.0006 7660 PEAUTH - ok 17:20:44.0084 7660 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 17:20:44.0115 7660 PerfHost - ok 17:20:44.0178 7660 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 17:20:44.0240 7660 pla - ok 17:20:44.0302 7660 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 17:20:44.0365 7660 PlugPlay - ok 17:20:44.0380 7660 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 17:20:44.0396 7660 PNRPAutoReg - ok 17:20:44.0427 7660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 17:20:44.0458 7660 PNRPsvc - ok 17:20:44.0490 7660 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 17:20:44.0552 7660 PolicyAgent - ok 17:20:44.0568 7660 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll 17:20:44.0599 7660 Power - ok 17:20:44.0630 7660 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 17:20:44.0677 7660 PptpMiniport - ok 17:20:44.0692 7660 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys 17:20:44.0708 7660 Processor - ok 17:20:44.0739 7660 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 17:20:44.0786 7660 ProfSvc - ok 17:20:44.0786 7660 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 17:20:44.0802 7660 ProtectedStorage - ok 17:20:44.0848 7660 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 17:20:44.0926 7660 Psched - ok 17:20:45.0036 7660 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 17:20:45.0098 7660 ql2300 - ok 17:20:45.0145 7660 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 17:20:45.0176 7660 ql40xx - ok 17:20:45.0192 7660 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 17:20:45.0223 7660 QWAVE - ok 17:20:45.0238 7660 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 17:20:45.0270 7660 QWAVEdrv - ok 17:20:45.0270 7660 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 17:20:45.0316 7660 RasAcd - ok 17:20:45.0332 7660 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 17:20:45.0379 7660 RasAgileVpn - ok 17:20:45.0410 7660 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 17:20:45.0457 7660 RasAuto - ok 17:20:45.0488 7660 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 17:20:45.0566 7660 Rasl2tp - ok 17:20:45.0613 7660 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 17:20:45.0675 7660 RasMan - ok 17:20:45.0706 7660 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 17:20:45.0738 7660 RasPppoe - ok 17:20:45.0753 7660 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 17:20:45.0784 7660 RasSstp - ok 17:20:45.0816 7660 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 17:20:45.0847 7660 rdbss - ok 17:20:45.0878 7660 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 17:20:45.0894 7660 rdpbus - ok 17:20:45.0925 7660 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 17:20:46.0003 7660 RDPCDD - ok 17:20:46.0003 7660 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 17:20:46.0050 7660 RDPENCDD - ok 17:20:46.0050 7660 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 17:20:46.0081 7660 RDPREFMP - ok 17:20:46.0112 7660 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 17:20:46.0128 7660 RDPWD - ok 17:20:46.0159 7660 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 17:20:46.0174 7660 rdyboost - ok 17:20:46.0190 7660 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 17:20:46.0237 7660 RemoteAccess - ok 17:20:46.0268 7660 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 17:20:46.0299 7660 RemoteRegistry - ok 17:20:46.0330 7660 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 17:20:46.0346 7660 RFCOMM - ok 17:20:46.0377 7660 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 17:20:46.0424 7660 RpcEptMapper - ok 17:20:46.0455 7660 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 17:20:46.0486 7660 RpcLocator - ok 17:20:46.0518 7660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 17:20:46.0564 7660 RpcSs - ok 17:20:46.0596 7660 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 17:20:46.0642 7660 rspndr - ok 17:20:46.0689 7660 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 17:20:46.0705 7660 RTL8167 - ok 17:20:46.0720 7660 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 17:20:46.0720 7660 SamSs - ok 17:20:46.0798 7660 [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe 17:20:46.0814 7660 SamsungAllShareV2.0 - ok 17:20:46.0845 7660 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 17:20:46.0861 7660 sbp2port - ok 17:20:46.0876 7660 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 17:20:46.0939 7660 SCardSvr - ok 17:20:46.0954 7660 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 17:20:47.0001 7660 scfilter - ok 17:20:47.0032 7660 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 17:20:47.0095 7660 Schedule - ok 17:20:47.0110 7660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 17:20:47.0142 7660 SCPolicySvc - ok 17:20:47.0173 7660 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys 17:20:47.0204 7660 sdbus - ok 17:20:47.0235 7660 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 17:20:47.0282 7660 SDRSVC - ok 17:20:47.0360 7660 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\jws\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 17:20:47.0391 7660 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning 17:20:47.0391 7660 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1) 17:20:47.0422 7660 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 17:20:47.0516 7660 secdrv - ok 17:20:47.0532 7660 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 17:20:47.0563 7660 seclogon - ok 17:20:47.0594 7660 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 17:20:47.0625 7660 SENS - ok 17:20:47.0641 7660 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 17:20:47.0688 7660 SensrSvc - ok 17:20:47.0703 7660 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 17:20:47.0719 7660 Serenum - ok 17:20:47.0750 7660 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys 17:20:47.0766 7660 Serial - ok 17:20:47.0797 7660 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 17:20:47.0812 7660 sermouse - ok 17:20:47.0859 7660 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 17:20:47.0875 7660 SessionEnv - ok 17:20:47.0906 7660 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 17:20:47.0922 7660 sffdisk - ok 17:20:47.0922 7660 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 17:20:47.0937 7660 sffp_mmc - ok 17:20:47.0937 7660 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 17:20:47.0968 7660 sffp_sd - ok 17:20:47.0984 7660 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 17:20:48.0000 7660 sfloppy - ok 17:20:48.0046 7660 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys 17:20:48.0062 7660 Sftfs - ok 17:20:48.0093 7660 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 17:20:48.0109 7660 sftlist - ok 17:20:48.0124 7660 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys 17:20:48.0140 7660 Sftplay - ok 17:20:48.0156 7660 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys 17:20:48.0171 7660 Sftredir - ok 17:20:48.0187 7660 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys 17:20:48.0202 7660 Sftvol - ok 17:20:48.0218 7660 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 17:20:48.0234 7660 sftvsa - ok 17:20:48.0265 7660 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 17:20:48.0327 7660 SharedAccess - ok 17:20:48.0358 7660 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 17:20:48.0405 7660 ShellHWDetection - ok 17:20:48.0436 7660 [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe 17:20:48.0436 7660 SimpleSlideShowServer - ok 17:20:48.0468 7660 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 17:20:48.0468 7660 SiSRaid2 - ok 17:20:48.0483 7660 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 17:20:48.0499 7660 SiSRaid4 - ok 17:20:48.0577 7660 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:20:48.0608 7660 SkypeUpdate - ok 17:20:48.0639 7660 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 17:20:48.0686 7660 Smb - ok 17:20:48.0733 7660 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 17:20:48.0733 7660 SNMPTRAP - ok 17:20:48.0764 7660 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 17:20:48.0780 7660 spldr - ok 17:20:48.0811 7660 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 17:20:48.0842 7660 Spooler - ok 17:20:48.0936 7660 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 17:20:49.0045 7660 sppsvc - ok 17:20:49.0076 7660 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 17:20:49.0123 7660 sppuinotify - ok 17:20:49.0201 7660 [ DC3458CE25D50152CEA22DC8230E5AAD ] SPUVCbv C:\windows\system32\Drivers\SPUVCbv_x64.sys 17:20:49.0294 7660 SPUVCbv - ok 17:20:49.0310 7660 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 17:20:49.0357 7660 srv - ok 17:20:49.0388 7660 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 17:20:49.0419 7660 srv2 - ok 17:20:49.0466 7660 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 17:20:49.0482 7660 srvnet - ok 17:20:49.0528 7660 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 17:20:49.0591 7660 SSDPSRV - ok 17:20:49.0606 7660 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 17:20:49.0638 7660 SstpSvc - ok 17:20:49.0684 7660 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys 17:20:49.0716 7660 ssudmdm - ok 17:20:49.0778 7660 [ D343109DF7DAFEC3C75AC65446F5A1A9 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 17:20:49.0840 7660 STacSV - ok 17:20:49.0872 7660 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 17:20:49.0887 7660 stexstor - ok 17:20:49.0950 7660 [ 8C490A03D0E44165D8BB48CEA4787F47 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys 17:20:49.0981 7660 STHDA - ok 17:20:50.0012 7660 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys 17:20:50.0043 7660 StillCam - ok 17:20:50.0106 7660 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 17:20:50.0168 7660 stisvc - ok 17:20:50.0184 7660 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys 17:20:50.0199 7660 swenum - ok 17:20:50.0230 7660 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 17:20:50.0277 7660 swprv - ok 17:20:50.0324 7660 [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 17:20:50.0340 7660 SynTP - ok 17:20:50.0386 7660 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 17:20:50.0433 7660 SysMain - ok 17:20:50.0464 7660 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 17:20:50.0480 7660 TabletInputService - ok 17:20:50.0496 7660 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 17:20:50.0542 7660 TapiSrv - ok 17:20:50.0558 7660 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 17:20:50.0605 7660 TBS - ok 17:20:50.0652 7660 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 17:20:50.0683 7660 Tcpip - ok 17:20:50.0745 7660 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 17:20:50.0792 7660 TCPIP6 - ok 17:20:50.0823 7660 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 17:20:50.0839 7660 tcpipreg - ok 17:20:50.0870 7660 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 17:20:50.0901 7660 TDPIPE - ok 17:20:50.0917 7660 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 17:20:50.0932 7660 TDTCP - ok 17:20:50.0964 7660 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 17:20:51.0026 7660 tdx - ok 17:20:51.0307 7660 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe 17:20:51.0510 7660 TeamViewer8 - ok 17:20:51.0541 7660 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys 17:20:51.0541 7660 TermDD - ok 17:20:51.0588 7660 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 17:20:51.0634 7660 TermService - ok 17:20:51.0650 7660 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 17:20:51.0681 7660 Themes - ok 17:20:51.0712 7660 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 17:20:51.0744 7660 THREADORDER - ok 17:20:51.0759 7660 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys 17:20:51.0775 7660 TPM - ok 17:20:51.0806 7660 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 17:20:51.0853 7660 TrkWks - ok 17:20:51.0915 7660 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 17:20:51.0978 7660 TrustedInstaller - ok 17:20:52.0009 7660 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 17:20:52.0040 7660 tssecsrv - ok 17:20:52.0071 7660 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 17:20:52.0102 7660 TsUsbFlt - ok 17:20:52.0227 7660 [ E8985332F611F56ADBCFF987E7D67D51 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe 17:20:52.0290 7660 TuneUp.UtilitiesSvc - ok 17:20:52.0321 7660 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys 17:20:52.0321 7660 TuneUpUtilitiesDrv - ok 17:20:52.0368 7660 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 17:20:52.0414 7660 tunnel - ok 17:20:52.0430 7660 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 17:20:52.0446 7660 uagp35 - ok 17:20:52.0477 7660 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe 17:20:52.0492 7660 uArcCapture - ok 17:20:52.0524 7660 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 17:20:52.0586 7660 udfs - ok 17:20:52.0617 7660 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 17:20:52.0633 7660 UI0Detect - ok 17:20:52.0664 7660 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 17:20:52.0695 7660 uliagpkx - ok 17:20:52.0726 7660 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 17:20:52.0742 7660 umbus - ok 17:20:52.0773 7660 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys 17:20:52.0789 7660 UmPass - ok 17:20:52.0914 7660 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 17:20:52.0960 7660 UNS - ok 17:20:52.0992 7660 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 17:20:53.0038 7660 upnphost - ok 17:20:53.0070 7660 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys 17:20:53.0101 7660 usbaudio - ok 17:20:53.0116 7660 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 17:20:53.0148 7660 usbccgp - ok 17:20:53.0179 7660 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 17:20:53.0194 7660 usbcir - ok 17:20:53.0226 7660 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\windows\system32\drivers\usbehci.sys 17:20:53.0272 7660 usbehci - ok 17:20:53.0335 7660 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 17:20:53.0382 7660 usbhub - ok 17:20:53.0428 7660 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\windows\system32\drivers\usbohci.sys 17:20:53.0460 7660 usbohci - ok 17:20:53.0506 7660 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 17:20:53.0538 7660 usbprint - ok 17:20:53.0569 7660 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 17:20:53.0600 7660 usbscan - ok 17:20:53.0631 7660 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 17:20:53.0678 7660 USBSTOR - ok 17:20:53.0709 7660 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\windows\system32\drivers\usbuhci.sys 17:20:53.0725 7660 usbuhci - ok 17:20:53.0740 7660 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 17:20:53.0756 7660 usbvideo - ok 17:20:53.0787 7660 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 17:20:53.0818 7660 UxSms - ok 17:20:53.0850 7660 [ 0089C14DFBBEB6B3A22BE14A44A4CE1F ] UxTuneUp C:\windows\System32\uxtuneup.dll 17:20:53.0850 7660 UxTuneUp - ok 17:20:53.0865 7660 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 17:20:53.0881 7660 VaultSvc - ok 17:20:53.0974 7660 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\windows\system32\vcsFPService.exe 17:20:54.0052 7660 vcsFPService - ok 17:20:54.0084 7660 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 17:20:54.0099 7660 vdrvroot - ok 17:20:54.0130 7660 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 17:20:54.0177 7660 vds - ok 17:20:54.0224 7660 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 17:20:54.0255 7660 vga - ok 17:20:54.0271 7660 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 17:20:54.0318 7660 VgaSave - ok 17:20:54.0349 7660 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 17:20:54.0349 7660 vhdmp - ok 17:20:54.0380 7660 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 17:20:54.0396 7660 viaide - ok 17:20:54.0411 7660 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 17:20:54.0427 7660 volmgr - ok 17:20:54.0442 7660 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 17:20:54.0458 7660 volmgrx - ok 17:20:54.0489 7660 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys 17:20:54.0536 7660 volsnap - ok 17:20:54.0552 7660 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 17:20:54.0583 7660 vsmraid - ok 17:20:54.0645 7660 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 17:20:54.0723 7660 VSS - ok 17:20:54.0739 7660 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 17:20:54.0770 7660 vwifibus - ok 17:20:54.0786 7660 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 17:20:54.0817 7660 vwififlt - ok 17:20:54.0832 7660 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 17:20:54.0864 7660 vwifimp - ok 17:20:54.0895 7660 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 17:20:54.0942 7660 W32Time - ok 17:20:54.0973 7660 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 17:20:54.0988 7660 WacomPen - ok 17:20:55.0035 7660 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 17:20:55.0082 7660 WANARP - ok 17:20:55.0082 7660 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 17:20:55.0113 7660 Wanarpv6 - ok 17:20:55.0160 7660 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 17:20:55.0207 7660 wbengine - ok 17:20:55.0238 7660 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 17:20:55.0254 7660 WbioSrvc - ok 17:20:55.0285 7660 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 17:20:55.0332 7660 wcncsvc - ok 17:20:55.0347 7660 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 17:20:55.0394 7660 WcsPlugInService - ok 17:20:55.0425 7660 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys 17:20:55.0425 7660 Wd - ok 17:20:55.0456 7660 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 17:20:55.0503 7660 Wdf01000 - ok 17:20:55.0519 7660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 17:20:55.0597 7660 WdiServiceHost - ok 17:20:55.0597 7660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 17:20:55.0628 7660 WdiSystemHost - ok 17:20:55.0659 7660 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 17:20:55.0690 7660 WebClient - ok 17:20:55.0722 7660 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 17:20:55.0768 7660 Wecsvc - ok 17:20:55.0784 7660 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 17:20:55.0815 7660 wercplsupport - ok 17:20:55.0862 7660 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 17:20:55.0924 7660 WerSvc - ok 17:20:55.0956 7660 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 17:20:55.0987 7660 WfpLwf - ok 17:20:56.0002 7660 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 17:20:56.0002 7660 WIMMount - ok 17:20:56.0018 7660 WinDefend - ok 17:20:56.0034 7660 WinHttpAutoProxySvc - ok 17:20:56.0080 7660 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 17:20:56.0158 7660 Winmgmt - ok 17:20:56.0205 7660 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 17:20:56.0268 7660 WinRM - ok 17:20:56.0330 7660 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 17:20:56.0361 7660 WinUsb - ok 17:20:56.0408 7660 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 17:20:56.0455 7660 Wlansvc - ok 17:20:56.0595 7660 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:20:56.0642 7660 wlidsvc - ok 17:20:56.0673 7660 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 17:20:56.0689 7660 WmiAcpi - ok 17:20:56.0704 7660 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 17:20:56.0720 7660 wmiApSrv - ok 17:20:56.0751 7660 WMPNetworkSvc - ok 17:20:56.0782 7660 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 17:20:56.0798 7660 WPCSvc - ok 17:20:56.0829 7660 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 17:20:56.0860 7660 WPDBusEnum - ok 17:20:56.0892 7660 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 17:20:56.0907 7660 ws2ifsl - ok 17:20:56.0938 7660 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 17:20:56.0970 7660 wscsvc - ok 17:20:56.0985 7660 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys 17:20:57.0001 7660 WSDPrintDevice - ok 17:20:57.0016 7660 WSearch - ok 17:20:57.0094 7660 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 17:20:57.0141 7660 wuauserv - ok 17:20:57.0172 7660 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 17:20:57.0219 7660 WudfPf - ok 17:20:57.0250 7660 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 17:20:57.0282 7660 WUDFRd - ok 17:20:57.0297 7660 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 17:20:57.0344 7660 wudfsvc - ok 17:20:57.0375 7660 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll 17:20:57.0406 7660 WwanSvc - ok 17:20:57.0469 7660 [ A35820791F940822C31908F58F91D973 ] XobniService C:\Program Files (x86)\Xobni\XobniService.exe 17:20:57.0484 7660 XobniService - ok 17:20:57.0500 7660 ================ Scan global =============================== 17:20:57.0531 7660 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 17:20:57.0547 7660 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 17:20:57.0562 7660 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 17:20:57.0578 7660 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 17:20:57.0609 7660 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 17:20:57.0609 7660 [Global] - ok 17:20:57.0609 7660 ================ Scan MBR ================================== 17:20:57.0625 7660 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:20:57.0890 7660 \Device\Harddisk0\DR0 - ok 17:20:57.0890 7660 ================ Scan VBR ================================== 17:20:57.0906 7660 [ 3751855F152B5D18814A917F0747685D ] \Device\Harddisk0\DR0\Partition1 17:20:57.0906 7660 \Device\Harddisk0\DR0\Partition1 - ok 17:20:57.0921 7660 [ 29EF6F37EFE1F96ECFBB72C464638527 ] \Device\Harddisk0\DR0\Partition2 17:20:57.0921 7660 \Device\Harddisk0\DR0\Partition2 - ok 17:20:57.0952 7660 [ FE7791A5257B1904ACF7EDD1E7B0CD11 ] \Device\Harddisk0\DR0\Partition3 17:20:57.0968 7660 \Device\Harddisk0\DR0\Partition3 - ok 17:20:57.0968 7660 [ A26F6657DC57C8EFDA6233325A768855 ] \Device\Harddisk0\DR0\Partition4 17:20:57.0968 7660 \Device\Harddisk0\DR0\Partition4 - ok 17:20:57.0968 7660 ============================================================ 17:20:57.0968 7660 Scan finished 17:20:57.0968 7660 ============================================================ 17:20:57.0984 8756 Detected object count: 5 17:20:57.0984 8756 Actual detected object count: 5 17:21:16.0267 8756 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:21:16.0267 8756 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:21:16.0267 8756 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user 17:21:16.0267 8756 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:21:16.0267 8756 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 17:21:16.0267 8756 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:21:16.0267 8756 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user 17:21:16.0267 8756 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:21:16.0267 8756 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user 17:21:16.0267 8756 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
14.01.2013, 20:03
| #6 | |
| /// Malware-holic | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> http://isearch.babylon.com/?affID=111583&babsrc=lnkry |
|
15.01.2013, 06:50
| #7 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Combofix Logfile: Code:
ATTFilter ComboFix 13-01-14.01 - jws 15.01.2013 5:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4030.1184 [GMT 1:00]
ausgeführt von:: c:\users\jws\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-15 bis 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-15 05:02 . 2013-01-15 05:02 0 ----a-w- c:\windows\SysWow64\sho64C.tmp
2013-01-15 05:00 . 2013-01-15 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 13:05 . 2013-01-14 13:05 -------- d-----w- c:\program files (x86)\7-Zip
2013-01-14 12:38 . 2013-01-15 05:04 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-01-14 12:25 . 2013-01-14 12:25 -------- d-----w- c:\program files (x86)\ESET
2013-01-14 09:13 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 11:18 . 2013-01-13 11:18 -------- d-----w- c:\users\jws\AppData\Roaming\Malwarebytes
2013-01-13 11:18 . 2013-01-13 11:18 -------- d-----w- c:\programdata\Malwarebytes
2013-01-13 11:18 . 2013-01-13 11:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-13 11:18 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-13 10:24 . 2013-01-14 15:14 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-01-10 13:44 . 2013-01-10 13:44 0 ----a-w- c:\windows\SysWow64\sho19D7.tmp
2013-01-09 07:30 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 07:29 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 07:29 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2012-12-31 08:11 . 2012-12-31 08:11 0 ----a-w- c:\windows\SysWow64\sho558E.tmp
2012-12-31 03:51 . 2012-12-31 03:51 -------- d-----w- c:\users\jws\AppData\Roaming\TuneUp Software
2012-12-31 03:50 . 2012-12-31 03:51 -------- d-----w- c:\programdata\TuneUp Software
2012-12-31 03:50 . 2012-12-31 04:08 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-31 03:50 . 2012-12-31 03:50 -------- d--h--w- c:\programdata\Common Files
2012-12-31 03:40 . 2012-12-31 04:03 -------- d-----w- c:\program files (x86)\Photobie
2012-12-31 03:34 . 2011-05-13 13:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2012-12-31 03:34 . 2011-03-25 21:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2012-12-31 03:34 . 2013-01-09 16:36 -------- d-----w- c:\users\jws\AppData\Roaming\DesktopIconForAmazon
2012-12-31 03:32 . 2012-12-31 03:32 -------- d-----w- c:\users\jws\AppData\Roaming\OCS
2012-12-31 03:24 . 2012-12-31 03:24 -------- d-----w- c:\windows\Noslip
2012-12-31 03:23 . 1997-11-11 21:33 317440 ----a-w- c:\windows\IsUninst.exe
2012-12-27 16:47 . 2012-12-27 16:47 -------- d--h--w- c:\windows\AxInstSV
2012-12-26 08:14 . 2012-12-26 08:14 -------- d-----w- c:\users\jws\AppData\Roaming\Canon
2012-12-24 20:07 . 2012-12-24 20:07 -------- d-----w- c:\users\jws\AppData\Local\Nero_AG
2012-12-24 13:36 . 2012-12-24 13:36 -------- d-----w- C:\CanoScan
2012-12-24 13:36 . 2005-09-20 15:44 45568 ----a-w- c:\windows\system32\CNQU112.DLL
2012-12-24 13:36 . 2005-08-01 12:32 225792 ----a-w- c:\windows\system32\CNQL2410.dll
2012-12-24 13:35 . 2012-12-24 13:47 -------- d-----w- c:\program files (x86)\Google
2012-12-23 12:51 . 2012-12-23 12:51 -------- d-----w- c:\users\jws\AppData\Roaming\Avira
2012-12-23 11:31 . 2012-12-03 14:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-23 11:31 . 2012-12-03 14:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-23 11:31 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-23 11:29 . 2012-12-23 11:29 -------- d-----w- c:\program files (x86)\Avira
2012-12-23 05:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 05:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 05:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 05:30 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-22 10:02 . 2012-12-22 10:02 -------- d-----w- C:\femm42
2012-12-22 06:49 . 2012-12-22 06:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F23C8CE-FDD3-45F1-9DF4-63F6968CBDFD}\offreg.dll
2012-12-21 06:11 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F23C8CE-FDD3-45F1-9DF4-63F6968CBDFD}\mpengine.dll
2012-12-17 07:02 . 2012-12-21 06:55 -------- d-----w- c:\users\jws\AppData\Roaming\RBotPlus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 09:40 . 2012-02-18 07:35 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-10 08:47 . 2012-04-13 05:28 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 08:47 . 2012-02-15 15:54 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-05 12:04 . 2012-12-05 12:04 0 ----a-w- c:\windows\SysWow64\shoC33A.tmp
2012-12-04 11:24 . 2012-12-04 11:25 448312 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-12-04 11:24 . 2012-12-04 11:25 228664 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-12-04 11:24 . 2012-12-04 11:25 177976 ----a-w- c:\windows\system32\SynTPCo13.dll
2012-12-04 11:24 . 2012-12-04 11:25 113976 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-12-04 11:24 . 2012-12-04 11:25 535864 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-12-04 11:24 . 2011-02-04 03:56 1046328 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-30 04:45 . 2013-01-09 07:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-16 16:44 . 2012-11-16 16:44 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-16 16:44 . 2012-11-16 16:44 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-16 16:44 . 2012-11-16 16:44 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-16 16:44 . 2012-11-16 16:44 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-16 16:44 . 2012-11-16 16:44 188904 ----a-w- c:\windows\system32\java.exe
2012-11-16 16:44 . 2012-11-16 16:44 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-14 07:06 . 2012-12-14 14:50 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 14:50 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 14:50 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 14:50 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 14:50 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 14:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 14:50 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 14:50 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 14:50 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 14:50 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 14:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 14:50 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 14:50 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 14:50 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 14:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 14:50 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 14:50 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 14:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 14:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 14:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 14:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 14:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 12:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 12:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 12:08 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 12:08 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-08-10 09:59 3100288 ----a-w- c:\program files (x86)\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-22 12:29 220632 ----a-w- c:\users\jws\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-22 12:29 220632 ----a-w- c:\users\jws\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-22 12:29 220632 ----a-w- c:\users\jws\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP ENVY 110 series (NET)"="c:\program files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" [2011-09-19 2676584]
"AusweisApp"="c:\program files (x86)\AusweisApp\siqBootLoader.exe" [2012-08-10 2514560]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-28 336384]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2012-03-13 169528]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-11 658424]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-10-17 3364264]
.
c:\users\jws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jws\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Skype.lnk - c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe [N/A]
Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
Windows Live Mail.lnk - c:\program files (x86)\Windows Live\Mail\wlmail.exe [2012-9-12 101888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 34672]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-09-05 476728]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-12-12 3084688]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-07-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-28 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-04 565024]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2012-03-19 514128]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2012-06-20 523680]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-04-05 1323008]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\jws\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-12-31 40960]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - A2ACC
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 08:47]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 13:35]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 13:35]
.
2013-01-15 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-01-10 c:\windows\Tasks\HPCeeScheduleForJWS-HP-MOBIL$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-12-28 c:\windows\Tasks\HPCeeScheduleForjws.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-22 12:29 244696 ----a-w- c:\users\jws\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-22 12:29 244696 ----a-w- c:\users\jws\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-22 12:29 244696 ----a-w- c:\users\jws\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\jws\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-04-05 200704]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-07-15 14904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-03 1424896]
"Ocs_SM"="c:\users\jws\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-12-31 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\jws\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.comdirect.de/inf/index.html
FF - ExtSQL: 2012-12-31 12:52; extension@preispilot.com; c:\users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\extensions\extension@preispilot.com.xpi
FF - ExtSQL: 2012-12-31 14:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-12-31 12:52; extension@preispilot.com; c:\users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\extensions\extension@preispilot.com
FF - ExtSQL: !HIDDEN! 2012-12-31 13:59; firejump@firejump.net; c:\users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-LingoMaxx - c:\progra~2\LINGOM~1\UNWISE32
AddRemove-NetObjects Fusion Essentials - c:\windows\IsUn0407.exe
AddRemove-TAPI - c:\windows\IsUn0407.exe
AddRemove-{494367EC-82A9-4C0D-A788-74A967998E8C} - c:\programdata\{C0A15659-D544-484F-8E9A-75667889ECBA}\TS2Install.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1602568203-2586971588-3697558553-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1602568203-2586971588-3697558553-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1602568203-2586971588-3697558553-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1602568203-2586971588-3697558553-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-15 06:27:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-15 05:27
.
Vor Suchlauf: 14 Verzeichnis(se), 473.705.172.992 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 472.813.797.376 Bytes frei
.
- - End Of File - - E7E0D2D636961E4BE00AF1928ADD5DD5
|
|
15.01.2013, 20:42
| #8 |
| /// Malware-holic | http://isearch.babylon.com/?affID=111583&babsrc=lnkry hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 07:43
| #9 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hallo Markus, beim Einfügen in "dieses Fenster" wird die gesamte Formatierung zerstört. Kann ich dir die Datei auch per E-Mail senden? Besten Gruß |
|
16.01.2013, 18:42
| #10 |
| /// Malware-holic | http://isearch.babylon.com/?affID=111583&babsrc=lnkry hi, kannst sie auch anhängen, evtl. packen, falls zu groß
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 19:06
| #11 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hi, ich probiers's jetzt doch erst mal mit "Einfügen ins Fenster". Wenn zu schlimm aussieht, schicke ich's nochmal per Mail ... 4Free Video Converter 2 4Free Studio 27.11.2012 116MB notwendig 7-Zip 9.20 14.01.2013 notwendig Adobe AIR Adobe Systems Incorporated 22.02.2012 3.1.0.4880 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.01.2013 6,00MB 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.01.2013 6,00MB 11.5.502.146 notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 11.01.2013 122MB 10.1.5 notwendig Amazon MP3-Downloader 1.0.9 22.02.2012 unnötig ArcSoft TotalMedia ArcSoft 16.08.2011 1,01GB 2.0.39.12 notwendig ArcSoft Webcam Sharing Manager ArcSoft 15.08.2011 7,78MB 2.0.0.30 notwendig Atheros Driver Installation Program Atheros 15.08.2011 9.2 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 15.08.2011 22,4MB 3.0.820.0 unbekannt AusweisApp OpenLimit SignCubes AG 30.08.2012 144MB 1.9.0 notwendig Avira Free Antivirus Avira 23.12.2012 129MB 13.0.0.2890 notwendig AVM FRITZ!fax für FRITZ!Box AVM Berlin 17.07.2012 notwendig AVM TAPI Services for FRITZ!Box AVM Berlin 10.07.2012 notwendig Bluetooth Win7 Suite (64) Atheros Communications 15.08.2011 59,4MB 7.02.000.55 unbekannt CCleaner Piriform 19.12.2012 3.26 unnötig CDBurnerXP CDBurnerXP 27.08.2012 17,2MB 4.4.0.3018 notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 15.08.2011 1,55MB 2.2.14 unbekannt Cisco LEAP Module Cisco Systems, Inc. 15.08.2011 644KB 1.0.19 unbekannt Cisco PEAP Module Cisco Systems, Inc. 15.08.2011 1,23MB 1.1.6 unbekannt Core FTP LE (x64) 03.08.2012 notwendig CutePDF Writer 2.8 19.04.2012 notwendig cyberJack Base Components REINER SCT 15.08.2012 6.10.0 notwendig Device Access Manager for HP ProtectTools Hewlett-Packard Company 13.03.2012 15,7MB 6.1.0.1 notwendig Drive Encryption For HP ProtectTools Hewlett-Packard Company 19.06.2012 88,8MB 6.0.99.30652 notwendig Dropbox Dropbox, Inc. 31.12.2012 1.6.11 notwendig Emsisoft Anti-Malware Emsisoft GmbH 14.01.2013 286MB 7.0 unnötig Energy Star Digital Logo Hewlett-Packard 15.08.2011 300KB 1.0.1 notwendig ESET Online Scanner v3 14.01.2013 unnötig Evernote v. 4.2.2 Evernote Corp. 02.05.2011 139MB 4.2.2.3979 unbekannt Face Recognition for HP ProtectTools Hewlett-Packard Company 13.03.2012 252MB 6.00.4407 notwendig femm 4.2 11Apr2012 22.12.2012 11,1MB notwendig File Sanitizer For HP ProtectTools Hewlett-Packard Company 02.05.2011 29,6MB 6.0.0.8 notwendig Firebird/InterBase(r) ODBC driver 2.0.0.151 Firebird Project 16.11.2012 8,54MB 2.0.0.151 notwendig FireJump FireJump.net 31.12.2012 4,28MB 1.0.2.5 unbekannt Free YouTube Download version 3.0.20.1228 DVDVideoSoft Ltd. 18.02.2012 74,2MB unnötig FXCM MetaTrader 4 MetaQuotes Software Corp. 14.02.2012 4.00 notwendig GMX SMS-Manager 1 und 1 Internet AG 22.02.2012 2.1 notwendig Google Drive Google, Inc. 24.12.2012 16,0MB 1.6.3837.2778 notwendig HP 3D DriveGuard Hewlett-Packard Company 29.03.2012 7,00MB 4.1.14.1 notwendig HP Connection Manager Hewlett-Packard Company 15.01.2013 55,4MB 4.4.10.1 notwendig HP DayStarter Hewlett-Packard Company 15.08.2011 18,6MB 2.0.0.12 notwendig HP Documentation Hewlett-Packard 15.08.2011 740MB 1.2.0.0 notwendig HP ENVY 110 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 25.04.2012 141MB 25.0.622.0 notwendig HP ENVY 110 series Hilfe Hewlett Packard 25.04.2012 13,1MB 140.0.2.2 notwendig HP ESU for Microsoft Windows 7 Hewlett-Packard Company 15.01.2013 15,3MB 2.0.7.1 notwendig HP Games WildTangent 16.08.2011 1.0.1.5 notwendig HP HD Webcam [Fixed] SunplusIT 16.08.2011 5,65MB 3.3.4.07 notwendig HP Hotkey Support Hewlett-Packard Company 24.08.2012 15,4MB 4.6.4.1 notwendig HP Photo Creations HP Photo Creations 25.04.2012 40,0MB 1.0.0.5192 notwendig HP Power Assistant Hewlett-Packard Company 13.03.2012 28,2MB 2.1.0.6 notwendig HP Product Detection HP 09.05.2012 1,86MB 11.14.0001 notwendig HP ProtectTools Security Manager Hewlett-Packard Company 14.08.2012 88,6MB 6.08.1017 notwendig HP QuickWeb Hewlett-Packard Company 13.03.2012 3,35MB 3.1.2.10229 notwendig HP Setup Hewlett-Packard Company 02.05.2011 8.5.4526.3645 notwendig HP SoftPaq Download Manager Hewlett-Packard Company 02.05.2011 13,9MB 3.2.0.0 notwendig HP Software Framework Hewlett-Packard Company 15.01.2013 8,06MB 4.6.10.1 notwendig HP Software Setup Hewlett-Packard Company 02.05.2011 14,1MB 8.2.1.1 notwendig HP Support Assistant Hewlett-Packard Company 21.11.2012 91,5MB 7.0.39.15 notwendig HP System Default Settings Hewlett-Packard Company 15.01.2013 1,58MB 2.4.2.1 notwendig HP Update Hewlett-Packard 09.05.2012 3,98MB 5.003.001.001 notwendig HP Wallpaper Hewlett-Packard Company 02.05.2011 44,3MB 2.00 notwendig IDT Audio IDT 03.07.2012 1.0.6367.0 unbekannt Integrity Tool OpenLimit SignCubes AG 30.08.2012 2,59MB 1.9.0 unbekannt Intel(R) Display Audio Driver Intel Corporation 03.05.2011 6.14.00.3074 notwendig Intl(R) Identity Protection Technology 1.0.71.0 Intel Corporation 15.08.2011 1,13MB 1.0.71.0 notwendig Intel(R) Management Engine Components Intel Corporation 03.05.2011 7.0.0.1144 notwendig Intel(R) Rapid Storage Technology Intel Corporation 16.08.2011 10.1.2.1004 notwendig IZArc 4.1.7 Ivan Zahariev 26.09.2012 15,6MB 4.1.7 unnötig Java 7 Update 11 Oracle 13.09.2012 128MB 7.0.110 notwendig Java 7 Update 9 (64-bit) Oracle 16.11.2012 127MB 7.0.90 notwendig Java SE Development Kit 7 Update 9 (64-bit) Oracle 16.11.2012 188MB 1.7.0.90 notwendig JavaFX 2.1.1 Oracle Corporation 24.07.2012 20,8MB 2.1.1 notwendig JMicron Flash Media Controller Driver JMicron Technology Corp. 16.08.2011 1.0.57.2 unbekannt Ken Ward's Zipper 1.4000 Ken Ward 23.04.2012 unnötig KONICA MINOLTA magicolor 1600W 31.10.2012 notwendig LightScribe System Software LightScribe 28.11.2012 25,1MB 1.18.22.2 notwendig LingoMAXX 03.04.2012 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 13.01.2013 18,4MB 1.70.0.1100 unnötig marketing1GE version 1.0 marketing1 30.11.2012 908MB 1.0 unbekannt McAfee Security Scan Plus McAfee, Inc. 21.11.2012 10,2MB 3.0.285.6 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.12.2012 38,8MB 4.0.30320 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 09.12.2012 51,9MB 4.0.30320 notwendig Microsoft Office 2010 Microsoft Corporation 02.05.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 17.02.2012 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 17.02.2012 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 15.06.2012 100MB 5.1.10411.0 notwendig Microsoft SkyDrive Microsoft Corporation 22.11.2012 25,1MB 16.4.6013.0910 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 30.08.2012 1,69MB 3.1.0000 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 13.03.2012 258KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.03.2012 250KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.02.2012 300KB 8.0.59193 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.08.2011 610KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.05.2011 788KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.08.2011 788KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.02.2012 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.05.2011 596KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.08.2011 592KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.02.2012 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 29.11.2012 15,2MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.02.2012 12,2MB 10.0.40219 notwendig Microsoft_VC90_CRT_x86 Microsoft Corporation 02.05.2011 1,39MB 1.0.0 notwendig Mozilla Firefox 18.0 (x86 de) Mozilla 11.01.2013 47,4MB 18.0 notwendig Mozilla Maintenance Service Mozilla 11.01.2013 330KB 18.0 notwendig Mozilla Thunderbird 15.0.1 (x86 de) Mozilla 10.09.2012 39,5MB 15.0.1 unnötig MSI to redistribute MS VS2005 CRT libraries The Firebird Project 16.11.2012 1,76MB 8.0.50727.42 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.11.2012 1,27MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.11.2012 1,33MB 4.20.9876.0 notwendig MySQL Server 5.5 Oracle Corporation 16.11.2012 123MB 5.5.28 notwendig Nero 12 Nero AG 29.11.2012 1,30GB 12.0.02000 unnötig Nero 12 Content Pack Nero AG 29.11.2012 0,97GB 12.0.00400 notwendig NetObjects Fusion 12.0 NetObjects 26.09.2012 12 German notwendig NetObjects Fusion Essentials 26.09.2012 notwendig OpenOffice.org 3.4.1 Apache Software Foundation 03.01.2013 331MB 3.41.9593 notwendig Paint.NET v3.5.10 dotPDN LLC 02.03.2012 10,6MB 3.60.0 notwendig PDF Complete Special Edition PDF Complete, Inc 13.03.2012 4.0.64 unnötig Phase 5 HTML-Editor Systemberatung Schommer 31.10.2012 3,72MB 5.6.2.3 notwendig Photobie -- photo editing software from Photobie Design 31.12.2012 notwendig Pixillion Imagedatei-Konverter NCH Software 27.11.2012 notwendig Preispilot für Firefox Preispilot 31.12.2012 1,75MB 2.0 notwendig Privacy Manager for HP ProtectTools Hewlett-Packard Company 02.05.2011 21,2MB 6.00.831 notwendig Realtek Ethernet Controller All-In-One Windows Driver Realtek 02.05.2011 1.12.0016 notwendig Samsung AllShare Samsung Electronics Co., Ltd. 09.12.2012 74,3MB 2.1.0.12031_10 notwendig SearchAnonymizer 31.12.2012 1.0.1 (de) unnötig Skype Click to Call Skype Technologies S.A. 15.02.2012 12,4MB 5.9.9216 notwendig Skype™ 6.0 Skype Technologies S.A. 14.12.2012 20,3MB 6.0.126 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 04.12.2012 46,4MB 16.2.10.12 notwendig TeamViewer 8 TeamViewer 31.12.2012 8.0.16642 notwendig Theft Recovery for HP ProtectTools Hewlett-Packard Company 13.03.2012 748KB 6.0.0.33 notwendig UseNeXT Tangysoft Ltd. 03.12.2012 9,23MB notwendig Validity Fingerprint Sensor Driver Validity Sensors, Inc. 15.08.2011 24,8MB 4.3.117.0 notwendig VideoPad Videobearbeitungs-Software NCH Software 27.11.2012 notwendig VIP Access SDK x64(1.0.0.50) Symantec Inc. 16.08.2011 1.0.0.50 notwendig VLC media player 2.0.0 VideoLAN 09.03.2012 2.0.0 notwendig Windows Live Essentials Microsoft Corporation 22.11.2012 16.4.3505.0912 notwendig Xobni Xobni Corp. 16.08.2011 1.9.5.13282 unbekannt YAAC Wirth New Media 13.02.2012 1,77MB 3.07.0100 notwendig Hi, ich probier's erst mal mit "Einfügen ins Fenster". Wenn zu schlimm aussieht, dann halt nochmal per Mail. 4Free Video Converter 2 4Free Studio 27.11.2012 116MB notwendig 7-Zip 9.20 14.01.2013 notwendig Adobe AIR Adobe Systems Incorporated 22.02.2012 3.1.0.4880 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.01.2013 6,00MB 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.01.2013 6,00MB 11.5.502.146 notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 11.01.2013 122MB 10.1.5 notwendig Amazon MP3-Downloader 1.0.9 22.02.2012 unnötig ArcSoft TotalMedia ArcSoft 16.08.2011 1,01GB 2.0.39.12 notwendig ArcSoft Webcam Sharing Manager ArcSoft 15.08.2011 7,78MB 2.0.0.30 notwendig Atheros Driver Installation Program Atheros 15.08.2011 9.2 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 15.08.2011 22,4MB 3.0.820.0 unbekannt AusweisApp OpenLimit SignCubes AG 30.08.2012 144MB 1.9.0 notwendig Avira Free Antivirus Avira 23.12.2012 129MB 13.0.0.2890 notwendig AVM FRITZ!fax für FRITZ!Box AVM Berlin 17.07.2012 notwendig AVM TAPI Services for FRITZ!Box AVM Berlin 10.07.2012 notwendig Bluetooth Win7 Suite (64) Atheros Communications 15.08.2011 59,4MB 7.02.000.55 unbekannt CCleaner Piriform 19.12.2012 3.26 unnötig CDBurnerXP CDBurnerXP 27.08.2012 17,2MB 4.4.0.3018 notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 15.08.2011 1,55MB 2.2.14 unbekannt Cisco LEAP Module Cisco Systems, Inc. 15.08.2011 644KB 1.0.19 unbekannt Cisco PEAP Module Cisco Systems, Inc. 15.08.2011 1,23MB 1.1.6 unbekannt Core FTP LE (x64) 03.08.2012 notwendig CutePDF Writer 2.8 19.04.2012 notwendig cyberJack Base Components REINER SCT 15.08.2012 6.10.0 notwendig Device Access Manager for HP ProtectTools Hewlett-Packard Company 13.03.2012 15,7MB 6.1.0.1 notwendig Drive Encryption For HP ProtectTools Hewlett-Packard Company 19.06.2012 88,8MB 6.0.99.30652 notwendig Dropbox Dropbox, Inc. 31.12.2012 1.6.11 notwendig Emsisoft Anti-Malware Emsisoft GmbH 14.01.2013 286MB 7.0 unnötig Energy Star Digital Logo Hewlett-Packard 15.08.2011 300KB 1.0.1 notwendig ESET Online Scanner v3 14.01.2013 unnötig Evernote v. 4.2.2 Evernote Corp. 02.05.2011 139MB 4.2.2.3979 unbekannt Face Recognition for HP ProtectTools Hewlett-Packard Company 13.03.2012 252MB 6.00.4407 notwendig femm 4.2 11Apr2012 22.12.2012 11,1MB notwendig File Sanitizer For HP ProtectTools Hewlett-Packard Company 02.05.2011 29,6MB 6.0.0.8 notwendig Firebird/InterBase(r) ODBC driver 2.0.0.151 Firebird Project 16.11.2012 8,54MB 2.0.0.151 notwendig FireJump FireJump.net 31.12.2012 4,28MB 1.0.2.5 unbekannt Free YouTube Download version 3.0.20.1228 DVDVideoSoft Ltd. 18.02.2012 74,2MB unnötig FXCM MetaTrader 4 MetaQuotes Software Corp. 14.02.2012 4.00 notwendig GMX SMS-Manager 1 und 1 Internet AG 22.02.2012 2.1 notwendig Google Drive Google, Inc. 24.12.2012 16,0MB 1.6.3837.2778 notwendig HP 3D DriveGuard Hewlett-Packard Company 29.03.2012 7,00MB 4.1.14.1 notwendig HP Connection Manager Hewlett-Packard Company 15.01.2013 55,4MB 4.4.10.1 notwendig HP DayStarter Hewlett-Packard Company 15.08.2011 18,6MB 2.0.0.12 notwendig HP Documentation Hewlett-Packard 15.08.2011 740MB 1.2.0.0 notwendig HP ENVY 110 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 25.04.2012 141MB 25.0.622.0 notwendig HP ENVY 110 series Hilfe Hewlett Packard 25.04.2012 13,1MB 140.0.2.2 notwendig HP ESU for Microsoft Windows 7 Hewlett-Packard Company 15.01.2013 15,3MB 2.0.7.1 notwendig HP Games WildTangent 16.08.2011 1.0.1.5 notwendig HP HD Webcam [Fixed] SunplusIT 16.08.2011 5,65MB 3.3.4.07 notwendig HP Hotkey Support Hewlett-Packard Company 24.08.2012 15,4MB 4.6.4.1 notwendig HP Photo Creations HP Photo Creations 25.04.2012 40,0MB 1.0.0.5192 notwendig HP Power Assistant Hewlett-Packard Company 13.03.2012 28,2MB 2.1.0.6 notwendig HP Product Detection HP 09.05.2012 1,86MB 11.14.0001 notwendig HP ProtectTools Security Manager Hewlett-Packard Company 14.08.2012 88,6MB 6.08.1017 notwendig HP QuickWeb Hewlett-Packard Company 13.03.2012 3,35MB 3.1.2.10229 notwendig HP Setup Hewlett-Packard Company 02.05.2011 8.5.4526.3645 notwendig HP SoftPaq Download Manager Hewlett-Packard Company 02.05.2011 13,9MB 3.2.0.0 notwendig HP Software Framework Hewlett-Packard Company 15.01.2013 8,06MB 4.6.10.1 notwendig HP Software Setup Hewlett-Packard Company 02.05.2011 14,1MB 8.2.1.1 notwendig HP Support Assistant Hewlett-Packard Company 21.11.2012 91,5MB 7.0.39.15 notwendig HP System Default Settings Hewlett-Packard Company 15.01.2013 1,58MB 2.4.2.1 notwendig HP Update Hewlett-Packard 09.05.2012 3,98MB 5.003.001.001 notwendig HP Wallpaper Hewlett-Packard Company 02.05.2011 44,3MB 2.00 notwendig IDT Audio IDT 03.07.2012 1.0.6367.0 unbekannt Integrity Tool OpenLimit SignCubes AG 30.08.2012 2,59MB 1.9.0 unbekannt Intel(R) Display Audio Driver Intel Corporation 03.05.2011 6.14.00.3074 notwendig Intl(R) Identity Protection Technology 1.0.71.0 Intel Corporation 15.08.2011 1,13MB 1.0.71.0 notwendig Intel(R) Management Engine Components Intel Corporation 03.05.2011 7.0.0.1144 notwendig Intel(R) Rapid Storage Technology Intel Corporation 16.08.2011 10.1.2.1004 notwendig IZArc 4.1.7 Ivan Zahariev 26.09.2012 15,6MB 4.1.7 unnötig Java 7 Update 11 Oracle 13.09.2012 128MB 7.0.110 notwendig Java 7 Update 9 (64-bit) Oracle 16.11.2012 127MB 7.0.90 notwendig Java SE Development Kit 7 Update 9 (64-bit) Oracle 16.11.2012 188MB 1.7.0.90 notwendig JavaFX 2.1.1 Oracle Corporation 24.07.2012 20,8MB 2.1.1 notwendig JMicron Flash Media Controller Driver JMicron Technology Corp. 16.08.2011 1.0.57.2 unbekannt Ken Ward's Zipper 1.4000 Ken Ward 23.04.2012 unnötig KONICA MINOLTA magicolor 1600W 31.10.2012 notwendig LightScribe System Software LightScribe 28.11.2012 25,1MB 1.18.22.2 notwendig LingoMAXX 03.04.2012 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 13.01.2013 18,4MB 1.70.0.1100 unnötig marketing1GE version 1.0 marketing1 30.11.2012 908MB 1.0 unbekannt McAfee Security Scan Plus McAfee, Inc. 21.11.2012 10,2MB 3.0.285.6 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.12.2012 38,8MB 4.0.30320 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 09.12.2012 51,9MB 4.0.30320 notwendig Microsoft Office 2010 Microsoft Corporation 02.05.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 17.02.2012 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 17.02.2012 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 15.06.2012 100MB 5.1.10411.0 notwendig Microsoft SkyDrive Microsoft Corporation 22.11.2012 25,1MB 16.4.6013.0910 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 30.08.2012 1,69MB 3.1.0000 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 13.03.2012 258KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.03.2012 250KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.02.2012 300KB 8.0.59193 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.08.2011 610KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.05.2011 788KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.08.2011 788KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.02.2012 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.05.2011 596KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.08.2011 592KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.02.2012 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 29.11.2012 15,2MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.02.2012 12,2MB 10.0.40219 notwendig Microsoft_VC90_CRT_x86 Microsoft Corporation 02.05.2011 1,39MB 1.0.0 notwendig Mozilla Firefox 18.0 (x86 de) Mozilla 11.01.2013 47,4MB 18.0 notwendig Mozilla Maintenance Service Mozilla 11.01.2013 330KB 18.0 notwendig Mozilla Thunderbird 15.0.1 (x86 de) Mozilla 10.09.2012 39,5MB 15.0.1 unnötig MSI to redistribute MS VS2005 CRT libraries The Firebird Project 16.11.2012 1,76MB 8.0.50727.42 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.11.2012 1,27MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.11.2012 1,33MB 4.20.9876.0 notwendig MySQL Server 5.5 Oracle Corporation 16.11.2012 123MB 5.5.28 notwendig Nero 12 Nero AG 29.11.2012 1,30GB 12.0.02000 unnötig Nero 12 Content Pack Nero AG 29.11.2012 0,97GB 12.0.00400 notwendig NetObjects Fusion 12.0 NetObjects 26.09.2012 12 German notwendig NetObjects Fusion Essentials 26.09.2012 notwendig OpenOffice.org 3.4.1 Apache Software Foundation 03.01.2013 331MB 3.41.9593 notwendig Paint.NET v3.5.10 dotPDN LLC 02.03.2012 10,6MB 3.60.0 notwendig PDF Complete Special Edition PDF Complete, Inc 13.03.2012 4.0.64 unnötig Phase 5 HTML-Editor Systemberatung Schommer 31.10.2012 3,72MB 5.6.2.3 notwendig Photobie -- photo editing software from Photobie Design 31.12.2012 notwendig Pixillion Imagedatei-Konverter NCH Software 27.11.2012 notwendig Preispilot für Firefox Preispilot 31.12.2012 1,75MB 2.0 notwendig Privacy Manager for HP ProtectTools Hewlett-Packard Company 02.05.2011 21,2MB 6.00.831 notwendig Realtek Ethernet Controller All-In-One Windows Driver Realtek 02.05.2011 1.12.0016 notwendig Samsung AllShare Samsung Electronics Co., Ltd. 09.12.2012 74,3MB 2.1.0.12031_10 notwendig SearchAnonymizer 31.12.2012 1.0.1 (de) unnötig Skype Click to Call Skype Technologies S.A. 15.02.2012 12,4MB 5.9.9216 notwendig Skype™ 6.0 Skype Technologies S.A. 14.12.2012 20,3MB 6.0.126 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 04.12.2012 46,4MB 16.2.10.12 notwendig TeamViewer 8 TeamViewer 31.12.2012 8.0.16642 notwendig Theft Recovery for HP ProtectTools Hewlett-Packard Company 13.03.2012 748KB 6.0.0.33 notwendig UseNeXT Tangysoft Ltd. 03.12.2012 9,23MB notwendig Validity Fingerprint Sensor Driver Validity Sensors, Inc. 15.08.2011 24,8MB 4.3.117.0 notwendig VideoPad Videobearbeitungs-Software NCH Software 27.11.2012 notwendig VIP Access SDK x64(1.0.0.50) Symantec Inc. 16.08.2011 1.0.0.50 notwendig VLC media player 2.0.0 VideoLAN 09.03.2012 2.0.0 notwendig Windows Live Essentials Microsoft Corporation 22.11.2012 16.4.3505.0912 notwendig Xobni Xobni Corp. 16.08.2011 1.9.5.13282 unbekannt YAAC Wirth New Media 13.02.2012 1,77MB 3.07.0100 notwendig |
|
16.01.2013, 20:48
| #12 |
| /// Malware-holic | http://isearch.babylon.com/?affID=111583&babsrc=lnkry deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon Emsisoft ESET Evernote Free YouTube IZArc Java : alle außer update 11 Ken McAfee marketing1GE PDF Complete SearchAnonymizer TeamViewer : sollte man nur bei Bedarf instalieren. UseNeXT : viele illegale Inhalte, ist eine gefährliche Quelle zum downloaden. öffne CCleaner, analysieren starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 07:16
| #13 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hi, teamviewer habe ich nicht gelöscht, da ich dieses Programm ständig im Einsatz habe und auch brauche. usenext habe ich auch behalten, da ich mir damit ab und zu eine mp3-Datei lade, wenn mir danach ist, egal, ob illegal oder nicht. Hier also der Inhalt der Textdatei: # AdwCleaner v2.105 - Datei am 17/01/2013 um 07:04:34 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : jws - JWS-HP-MOBIL # Bootmodus : Normal # Ausgeführt unter : C:\Users\jws\Desktop\adwcleaner2.101.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\jws\AppData\Local\Temp\Uninstall.exe ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0 (de) Datei : C:\Users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\jws\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [26569 octets] - [13/01/2013 10:26:22] AdwCleaner[R2].txt - [1267 octets] - [13/01/2013 11:36:55] AdwCleaner[R3].txt - [1082 octets] - [17/01/2013 07:04:34] AdwCleaner[S1].txt - [26312 octets] - [13/01/2013 10:35:27] AdwCleaner[S2].txt - [1152 octets] - [13/01/2013 10:52:47] AdwCleaner[S3].txt - [1210 octets] - [13/01/2013 11:15:02] AdwCleaner[S4].txt - [1330 octets] - [14/01/2013 10:28:43] ########## EOF - C:\AdwCleaner[R3].txt - [1383 octets] ########## |
|
17.01.2013, 15:27
| #14 |
| /// Malware-holic | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten, testen, wie der PC läuft, auch Programme wie Browser testen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 15:48
| #15 |
| | http://isearch.babylon.com/?affID=111583&babsrc=lnkry Hi, es hat sich bisher nichts verbessert. Das ursprüngliche Problem ist nach wie vor vorhanden. Manche Seiten im Internet lassen sich jetzt nicht mehr öffnen. Nachflogend der Dateiinhalt: # AdwCleaner v2.105 - Datei am 17/01/2013 um 15:37:20 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : jws - JWS-HP-MOBIL # Bootmodus : Normal # Ausgeführt unter : C:\Users\jws\Desktop\adwcleaner2.101.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\jws\AppData\Local\Temp\Uninstall.exe ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0 (de) Datei : C:\Users\jws\AppData\Roaming\Mozilla\Firefox\Profiles\msmxy4le.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\jws\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [26569 octets] - [13/01/2013 10:26:22] AdwCleaner[R2].txt - [1267 octets] - [13/01/2013 11:36:55] AdwCleaner[R3].txt - [1452 octets] - [17/01/2013 07:04:34] AdwCleaner[S1].txt - [26312 octets] - [13/01/2013 10:35:27] AdwCleaner[S2].txt - [1152 octets] - [13/01/2013 10:52:47] AdwCleaner[S3].txt - [1210 octets] - [13/01/2013 11:15:02] AdwCleaner[S4].txt - [1330 octets] - [14/01/2013 10:28:43] AdwCleaner[S5].txt - [1385 octets] - [17/01/2013 15:37:20] ########## EOF - C:\AdwCleaner[S5].txt - [1445 octets] ########## |
|
| Themen zu http://isearch.babylon.com/?affID=111583&babsrc=lnkry |
| erschein, erscheint, etliche, firefox, seite, titel, versuche |
Linear-Darstellung
