| |
| |||||||
Log-Analyse und Auswertung: Snap.do und SpyHunter entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.03.2013, 19:05
| #1 |
 |  Snap.do und SpyHunter entfernen Hallo "Trojaner-Board" Team, ich habe folgendes Problem: Heute nachmittag habe ich mir den "Freemake Video Downloader" heruntergeladen und dabei wurde auch "snap.do" installiert. Da dies dann immer als Internetstartseite angezeigt wurde, habe ich es wieder deinstalliert. Allerdings wurde snap.do weiterhin als Internetstartseite angezeigt. Daraufhin bin ich auf "SpyHunter" gestoßen und hoffte damit das Problem zu beseitigen. Tja Pustekuchen.. Nun kann ich SpyHunter nicht deinstallieren, bzw. bin mir nicht sicher, ob es überhaupt schon komplett installiert ist. Den Scan habe ich durchgeführt und die Logfiles ist erstellt. Der Freemake Video Downloader ist auch deinstalliert, jedoch gab es die Meldung, dass nicht alle Komponenten gelöscht worden sind. Snap.do wird jetzt zum Glück endlich nicht mehr angezeigt! Meine Bitte daher, könnte mir jemand helfen die Programme wieder vollständig von meinem Laptop zu entfernen? Mit freundlichen Grüßen, Smilims Geändert von Smilims (03.03.2013 um 19:35 Uhr) |
|
03.03.2013, 19:52
| #2 |
| /// Malware-holic   | Snap.do und SpyHunter entfernen Hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.03.2013, 23:51
| #3 |
| | Snap.do und SpyHunter entfernen OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL logfile created on: 03.03.2013 23:44:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 55,28% Memory free 7,35 Gb Paging File | 5,63 Gb Available in Paging File | 76,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys (Symantec Corporation) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys (Symantec Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PVUSB) -- C:\Windows\SysNative\drivers\CESG64.sys (CASIO COMPUTER CO.,LTD.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130302.016\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130302.016\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556 IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE409 IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..extensions.enabledItems: {2ad12297-01a9-4e1c-b219-add3751a8e5a}:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011.07.21 11:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013.03.03 22:50:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.03 20:34:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 19:22:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.29 20:58:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.03 20:34:42 | 000,000,000 | ---D | M] [2010.12.08 18:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2013.03.03 17:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions [2012.03.17 14:26:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.26 14:39:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.12.08 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.03 20:34:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2013.03.03 22:50:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6 [2011.07.21 11:29:18 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{2AD12297-01A9-4E1C-B219-ADD3751A8E5A} File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2012.05.19 19:22:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.19 19:22:43 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.05.19 19:22:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.19 19:22:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.19 19:22:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Sahara = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplnldbhjbakploidcdefoebhmengpm\2.0_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5C1E74-7170-4962-A318-D2234ADA1AD4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B585D3-4E04-40CE-AABB-A13192FAB352}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.03.03 17:23:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.03 23:25:10 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.03 22:58:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2013.03.03 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2013.03.03 18:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.03 18:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.03 18:19:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.03 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Programs [2013.03.03 17:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2013.03.03 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.03.03 17:16:24 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.03.03 17:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.03.03 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.03.03 16:02:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\FreemakeVideoDownloader [2013.03.03 15:35:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.03 15:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013.03.03 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Uniblue [2013.03.03 15:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2013.03.03 15:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2013.03.03 15:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Freemake [2013.03.03 15:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.03.03 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013.02.04 22:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.02.03 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2013.02.03 21:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.02.03 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY [2013.02.03 20:39:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\HP [2013.02.03 20:38:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\HP [2013.02.03 20:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2013.02.03 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2013.02.03 20:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2013.02.03 20:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.02.03 20:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.02.03 20:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.02.03 20:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.02.02 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org [2013.02.02 16:20:56 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.02.02 16:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.02.02 16:17:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.03 23:23:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.03 23:01:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 23:01:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 22:58:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2013.03.03 22:54:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job [2013.03.03 22:52:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.03 22:52:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.03.03 22:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.03 22:50:28 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys [2013.03.03 18:19:30 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.03 17:54:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job [2013.03.03 17:23:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.02.28 18:56:27 | 000,002,376 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk [2013.02.20 20:25:13 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.20 20:25:13 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.20 20:25:13 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.20 20:25:13 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.20 20:25:13 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.13 21:18:16 | 000,449,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.03 21:14:34 | 000,225,522 | ---- | M] () -- C:\Windows\hpoins46.dat [2013.02.03 21:14:25 | 000,001,159 | ---- | M] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung (2).lnk [2013.02.03 21:08:19 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.02.03 21:08:19 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.02.03 20:59:21 | 000,001,159 | ---- | M] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung.lnk [2013.02.03 20:33:24 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2013.02.03 20:32:47 | 000,002,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013.02.03 20:31:58 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk [2013.02.02 16:23:03 | 000,001,248 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.02.02 16:21:02 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.03 18:19:30 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.03 17:23:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.03.03 15:28:29 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job [2013.02.03 21:18:31 | 000,449,864 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.03 21:14:25 | 000,001,159 | ---- | C] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung (2).lnk [2013.02.03 21:08:19 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.02.03 21:08:19 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.02.03 20:59:21 | 000,001,159 | ---- | C] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung.lnk [2013.02.03 20:42:01 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp [2013.02.03 20:33:24 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2013.02.03 20:32:47 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013.02.03 20:31:58 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk [2013.02.03 20:24:29 | 000,225,522 | ---- | C] () -- C:\Windows\hpoins46.dat [2013.02.02 16:23:03 | 000,001,248 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.02.02 16:21:02 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.01.23 20:35:13 | 000,002,787 | ---- | C] () -- C:\Users\Sarah\.recently-used.xbel [2012.11.29 20:59:23 | 000,000,715 | ---- | C] () -- C:\Windows\ManagerPLUS.INI [2012.03.29 23:47:19 | 000,004,096 | -H-- | C] () -- C:\Users\Sarah\AppData\Local\keyfile3.drm [2011.03.28 15:21:36 | 000,040,734 | ---- | C] () -- C:\Users\Sarah\Kunst Gesicht.JPG [2011.03.14 19:23:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.12 19:49:07 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.03 22:54:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2012.10.06 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft [2013.03.03 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FreemakeVideoDownloader [2013.01.23 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0 [2012.01.14 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ [2013.02.02 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org [2010.12.12 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template [2011.03.30 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific [2013.03.03 15:28:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uniblue [2010.12.26 22:51:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < OTL Extras logfile created on: 03.03.2013 23:00:41 - Run 1 > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.08 18:17:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.12.08 18:17:56 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2010.12.23 19:00:42 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job [2010.12.23 19:00:42 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job [2013.03.03 15:28:29 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\DriverScanner.job < OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads > < 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.7600.16385) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 3,68 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 44,64% Memory free > < 7,35 Gb Paging File | 5,20 Gb Available in Paging File | 70,76% Paging File free > < Paging file location(s): ?:\pagefile.sys [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) > < Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS > < > < Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Extra Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== File Associations ========== > Invalid Switch: color] < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] > Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] < .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) > < > < [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] > < .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) > < > < ========== Shell Spawning ========== > Invalid Switch: color] < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] > Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] < batfile [open] -- "%1" %* > < cmdfile [open] -- "%1" %* > < comfile [open] -- "%1" %* > < exefile [open] -- "%1" %* > < helpfile [open] -- Reg Error: Key error. > < htafile [open] -- "%1" %* > < inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) > < InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) > < InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) > < piffile [open] -- "%1" %* > < regfile [merge] -- Reg Error: Key error. > < scrfile [config] -- "%1" > < scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l > < scrfile [open] -- "%1" /S > < txtfile [edit] -- Reg Error: Key error. > < Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 > < Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) > < Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) > < Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) > < Folder [explore] -- Reg Error: Value error. > < Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) > < > < [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] > < batfile [open] -- "%1" %* > < cmdfile [open] -- "%1" %* > < comfile [open] -- "%1" %* > < cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) > < exefile [open] -- "%1" %* > < helpfile [open] -- Reg Error: Key error. > < htafile [open] -- "%1" %* > < inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) > < piffile [open] -- "%1" %* > < regfile [merge] -- Reg Error: Key error. > < scrfile [config] -- "%1" > < scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l > < scrfile [open] -- "%1" /S > < txtfile [edit] -- Reg Error: Key error. > < Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 > < Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) > < Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) > < Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) > < Folder [explore] -- Reg Error: Value error. > < Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) > < > < ========== Security Center Settings ========== > Invalid Switch: color] < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] > Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] < "cval" = 1 > < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] > Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] > Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] < "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] > < "AntiVirusOverride" = 0 > < "AntiSpywareOverride" = 0 > < "FirewallOverride" = 0 > < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] > Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] < > < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] > < > < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] > < > < ========== Firewall Settings ========== > Invalid Switch: color] < > < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] > < "DisableNotifications" = 0 > < "EnableFirewall" = 1 > < > < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] > < "DisableNotifications" = 0 > < "EnableFirewall" = 1 > < > < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] > < "DisableNotifications" = 0 > < "EnableFirewall" = 1 > < > < ========== Authorized Applications List ========== > Invalid Switch: color] < > < > < ========== Vista Active Open Ports Exception List ========== > Invalid Switch: color] < > < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] > < "{02E560B9-ACFD-4DCF-AA7E-31276D3EF7E8}" = lport=138 | protocol=17 | dir=in | app=system | > < "{0A5D2F14-7E93-4190-BDF9-3FA12EE83976}" = rport=138 | protocol=17 | dir=out | app=system | > < "{0A7F0C14-7981-4A0B-BE98-B26C2C274636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > < "{0C169743-2240-4AC8-829D-2EFD9C59E6B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | > < "{10B51755-8641-4D84-A8F9-8D41259C5B63}" = lport=137 | protocol=17 | dir=in | app=system | > < "{16E4FBC3-5B8B-469D-9A66-89020AB69A3A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | > < "{1DAACFC5-8258-4341-A771-2486BF2A3180}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | > < "{1E8D0DFD-14EA-4AB0-9DA4-1AD8862C75FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | > < "{224D50E3-7287-4375-A7DF-1706EE332CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > < "{35409B81-A00A-495C-BCEA-45173D608A75}" = lport=2869 | protocol=6 | dir=in | app=system | > < "{3CBF7BAB-DDB2-4587-B478-F4D3D54E9ADB}" = lport=2869 | protocol=6 | dir=in | app=system | > < "{49ED43E4-D24D-4121-90D2-7C2D16B75779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | > < "{535F4414-D319-432D-B481-CF5B8DA4E0DA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | > < "{544640E7-3F39-4B84-89DB-94D13F39B60B}" = rport=10243 | protocol=6 | dir=out | app=system | > < "{57DE36FC-BFD1-44DC-8BE6-DD0B09A02966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | > < "{59DC71A5-00E9-4F32-AD60-A2F833AFE938}" = rport=137 | protocol=17 | dir=out | app=system | > < "{7396E6B6-43AA-4448-9CE8-C1744AECBEFD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | > < "{8050A616-C7B8-4FF4-8461-2AAF707CB326}" = rport=139 | protocol=6 | dir=out | app=system | > < "{81E98AF7-0376-4E1D-8581-CF8B5F3204C9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | > < "{871C2FF2-4CD5-4035-9869-3AD508B92F26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | > < "{8884BA0A-23CA-4E4A-AC96-0D909BE4B3E3}" = lport=10243 | protocol=6 | dir=in | app=system | > < "{897E572A-BCC1-4011-818B-02BDA31C4B42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | > < "{8AB98AF9-AA3D-4A88-A96B-4445AE4A1E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | > < "{9075456E-DD7D-4AB8-81A0-D018038825D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | > < "{90BA20D6-F364-40A3-ACA6-CDED0F919328}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | > < "{93BECE9F-F231-40C7-896A-F3AF43F109E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > < "{9D67AFFF-B5EF-44D3-AC94-26F81DC9BCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | > < "{A3E1D349-6639-42DB-9ED8-4285954B6315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > < "{B0666CCF-F888-4FB3-9CD7-85D63D8E2598}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | > < "{B52E3136-A7DA-4491-879E-14D259A06179}" = rport=445 | protocol=6 | dir=out | app=system | > < "{B559DA58-4ABB-4789-96FC-05D76DF59AF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > < "{B5F9EF2F-DE5C-41F6-8F8D-7EA28057A171}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | > < "{CA9B2CE6-2B10-4B27-8483-E3F93EA4C3AD}" = lport=2869 | protocol=6 | dir=in | app=system | > < "{CE7156C1-A588-4C85-BF92-8EF07E26420B}" = rport=2869 | protocol=6 | dir=out | app=system | > < "{CEC0ABF4-2FC5-4BDE-BBB9-13D03F81EF35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | > < "{D13C722B-F61C-40DC-92D2-DD2394B917EF}" = lport=139 | protocol=6 | dir=in | app=system | > < "{DD25274F-7C9B-469E-982B-0D01790FD898}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | > < "{E4D46C06-5800-4A59-B164-AE3B633A450A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | > < "{E8BAB55C-3F4A-4FCC-9FAD-A01BB2262A3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | > < "{EE505EB0-BE43-4997-BDDC-3B8F0CB2E8B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | > < "{EED38836-D1E9-4778-8541-8606AE9DB5F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > < "{F79A3CF5-C39A-47D2-8ED5-E4969A135046}" = lport=445 | protocol=6 | dir=in | app=system | > < > < ========== Vista Active Application Exception List ========== > Invalid Switch: color] < > < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] > < "{01325272-C373-48F0-B247-442B457FB54D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | > < "{09DE98A0-EE10-479B-AB38-82F12FE256C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > < "{1181B667-752A-4422-B81F-9994F6F4A02E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | > < "{11BF11C9-502B-4FAC-A458-948DFF282343}" = dir=in | app=d:\setup\hpznui40.exe | > < "{12194258-DEC2-46CC-88E1-67BDF2C2EA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | > < "{15609DD8-5353-48B0-B514-12624C79507F}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | > < "{16B816E1-34CA-456A-842D-F9BA5C44CCC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | > < "{16BD5F0E-73B9-4E8B-A503-B70196216753}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | > < "{197A1EE6-3290-4826-B8E8-3BBA7849AC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | > < "{1C2E0654-6B3F-4D81-BEF9-2644C92D568C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | > < "{1C7E0163-F2E3-46C4-B1F5-AF4704B864EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | > < "{20F7A05F-82E0-4EE6-ADAD-64A835186B35}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | > < "{215AE1D4-97BE-4581-9799-8D2519F64C92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | > < "{251B9962-0F75-47C8-8A59-9221F63ACEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | > < "{2B01595E-1C5D-4F86-BD39-FC4ECE9D9B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | > < "{310B740E-947B-4D65-8CB1-A06ADE8B359D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | > < "{33B93F3E-F469-4068-A1CC-040962670F54}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | > < "{36CD377B-922A-42C9-9740-E4FA3453071B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > < "{3CAA1EF1-6C47-42C8-8A9C-B8FFEEA85A66}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | > < "{43BB6A5D-6052-4BE2-8A5B-D1587996F060}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | > < "{468BD279-8304-4D9F-8847-8A01C40A2501}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > < "{538774C7-83DC-42F3-A328-DC9ACA5ACA60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | > < "{548AF0BE-61FC-4B94-ABF4-F1F4E121041B}" = protocol=6 | dir=out | app=system | > < "{5871EA16-BC7E-40B0-9A75-47B434F16F85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | > < "{588DEA38-14E3-41E9-96E7-26116F3D2B13}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | > < "{603A3C43-0B6C-4A6E-AABA-CC0C71A693ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | > < "{62AB305A-F1E3-45B7-A288-30F0711AA655}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | > < "{64BE7C9F-A878-4440-AA06-CD803D40FF1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | > < "{6F8C0130-52A7-4E66-8406-9AD2E40E1694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | > < "{6FDD7378-190F-4285-B739-CFAD1F178C13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | > < "{74DD49EB-4119-4446-A203-7A0ED4D48D66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | > < "{77B7F16C-691C-4B6B-ADBF-6D0DAC1A269D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | > < "{79A23AE9-3900-4940-A5E3-827B22BE99EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | > < "{7A449B80-525B-47D8-AF9E-9DD6EAFB0527}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | > < "{7E8845CA-CEEB-48E1-AC27-BE123C6A9FB0}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | > < "{7F005C8B-D339-4FCF-BFD3-EF5CEBB404A4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | > < "{84960B25-606C-4810-8D6E-470045DF7911}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | > < "{85515082-65A4-4657-B4BF-8DC27EA0B926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | > < "{85BE4258-B0C0-4C0C-841C-737500F075FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | > < "{90FE6BAD-4A02-4A63-A7FD-1080F193A5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | > < "{951DF364-8C16-4CD4-8BD4-23393F3F3515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | > < "{9940EB60-A657-460A-8708-896F030A6555}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | > < "{9F2D6276-4CAD-4F9E-B77D-9B904E702A86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | > < "{9F821BCA-7059-4BE3-B110-53B333022C8F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | > < "{A3577D87-14C4-44F3-8F20-CE96CFCA174D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | > < "{A9CE400C-8052-422F-8A01-E3015E34A10B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | > < "{ADBAA774-8DA6-4642-840D-27F729BDD22F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | > < "{B002CBB9-6A6D-4240-A2EC-FAC779813D63}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | > < "{B1304A00-E7DB-459C-B912-62DADC109F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | > < "{B845DA90-A072-47B4-9D00-B7EFC862CBE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | > < "{CEFC3EBC-FA88-408F-84DD-847BBA42BF2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | > < "{D2E5ABA4-F66E-4C59-B26C-8A4F9EB56C39}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | > < "{D78697A6-A2D0-46DB-9AB9-E46899666091}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | > < "{E1254349-CCF9-4E4A-B448-B2CF07027BA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > < "{E4377567-E397-4645-B009-D2627696B83C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | > < "{E52B2D27-F1D0-4812-8BDC-03C12F2262FD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | > < "{E55AF2D3-55D0-487A-81D3-6008EB1ACEAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | > < "{E5F3AE42-E711-40EC-B21C-65FD25AB2556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | > < "{FCDCF18D-0A15-4BD8-AB6C-6B76084EF83F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | > < "{FFCEB4B8-AA9C-49BA-9BA1-7AEC72D5E974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | > < > < ========== HKEY_LOCAL_MACHINE Uninstall List ========== > Invalid Switch: color] < > < 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] > < "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 > < "{22B3AE66-7A37-4118-BADB-3680C15CA366}" = SpyHunter > < "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 > < "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer > < "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 > < "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 > < "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting > < "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver > < "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller > < "CCleaner" = CCleaner > < "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 > < "HP Print Projects" = HP Print Projects 1.0 > < "HP Smart Web Printing" = HP Smart Web Printing 4.5 > < "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 > < "HPExtendedCapabilities" = HP Customer Participation Program 13.0 > < "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile > < "Shop for HP Supplies" = Shop for HP Supplies > < > < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] > < "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller > < "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan > < "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard > < "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch > < "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer > < "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 > < "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 > < "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool > < "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery > < "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT > < "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 > < "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer > < "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 > < "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com > < "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie > < "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm > < "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform > < "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management > < "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology > < "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker > < "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger > < "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg > < "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN > < "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter > < "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent > < "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 > < "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call > < "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader > < "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works > < "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 > < "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components > < "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting > < "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply > < "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox > < "{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth > < "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update > < "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 > < "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync > < "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera > < "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management > < "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 > < "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight > < "{8DD67C37-BA7A-4CBE-AD3C-308100D61ED7}" = fx-9860G Slim Manager PLUS (30 Day Trial) > < "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 > < "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System > < "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 > < "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR > < "{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3 > < "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper > < "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI > < "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status > < "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations > < "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner > < "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant > < "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail > < "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup > < "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects > < "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget > < "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp > < "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer > < "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide > < "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update > < "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant > < "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater > < "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] > < "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard > < "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver > < "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver > < "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center > < "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials > < "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy > < "{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124 > < "Adobe AIR" = Adobe AIR > < "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX > < "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin > < "AudibleManager" = AudibleManager > < "eMachines Game Console" = eMachines Game Console > < "eMachines Registration" = eMachines Registration > < "eMachines Screensaver" = eMachines ScreenSaver > < "eMachines Welcome Center" = Welcome Center > < "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 > < "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.11.508 > < "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.13 > < "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.14.508 > < "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005 > < "Identity Card" = Identity Card > < "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 > < "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 > < "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader > < "Klett Software Horizons Sicher ins Abitur" = Klett Software Horizons Sicher ins Abitur > < "LManager" = Launch Manager > < "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 > < "Moorhuhn 2 deinstallieren" = Moorhuhn 2 > < "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) > < "NIS" = Norton Internet Security > < "Uninstall_is1" = Uninstall 1.0.0.1 > < "WildTangent emachines Master Uninstall" = eMachines Games > < "WinGimp-2.0_is1" = GIMP 2.6.10 > < "WinLiveSuite_Wave3" = Windows Live Essentials > < "WinPcapInst" = WinPcap 4.1.2 > < "WT078910" = Bejeweled 2 Deluxe > < "WT078919" = Insaniquarium Deluxe > < "WT078930" = Zuma Deluxe > < "WT078958" = Blasterball 3 > < "WT078962" = Bob the Builder Can-Do-Zoo > < "WT079018" = Faerie Solitaire > < "WT079022" = FATE - The Traitor Soul > < "WT079062" = Jewel Quest > < "WT079066" = Jewel Quest Solitaire 3 > < "WT079106" = Penguins! > < "WT079114" = Polar Bowler > < "WT079118" = Polar Golfer > < "WT079122" = Polar Pool > < "WT079175" = Virtual Villagers - A New Home > < "WT079180" = Yahtzee > < "WT079283" = Build-a-lot 2 > < "WT079296" = Chicken Invaders 3 - Revenge of the Yolk > < "WT079316" = Escape Rosecliff Island > < "WT079329" = Mahjongg Artifacts > < "WT079418" = Virtual Families > < > < ========== HKEY_USERS Uninstall List ========== > Invalid Switch: color] < > < [HKEY_USERS\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] > < "Dropbox" = Dropbox > < "Google Chrome" = Google Chrome > < > < ========== Last 20 Event Log Errors ========== > Invalid Switch: color] < > < [ Application Events ] > < Error - 01.06.2012 10:08:08 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 11:16:29 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 12:12:31 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 13:13:26 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 14:13:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 15:12:01 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 16:00:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 01.06.2012 17:08:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 02.06.2012 04:00:53 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < Error - 02.06.2012 04:11:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 > < Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen > < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. > Invalid Switch: authrootstl.cab>. < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum > < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. > < . > < > < [ System Events ] > < Error - 02.03.2013 17:54:48 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 > < Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden > < Fehlers nicht gestartet: %%1053 > < > < Error - 03.03.2013 06:07:13 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 > < Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: > < C:\Windows\system32\athExt.dll Fehlercode: 126 > < > < Error - 03.03.2013 06:08:18 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010 > < Description = > < > < Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 > < Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal > < passiert. > < > < Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 > < Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. > < Dies ist bereits 1 Mal passiert. > < > < Error - 03.03.2013 12:22:51 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 > < Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal > < passiert. > < > < Error - 03.03.2013 12:43:49 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 > < Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: > < C:\Windows\system32\athExt.dll Fehlercode: 126 > < > < Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009 > < Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst > < IPsec-Richtlinien-Agent erreicht. > < > < Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 > < Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers > < nicht gestartet: %%1053 > < > < Error - 03.03.2013 17:50:41 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 > < Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: > < C:\Windows\system32\athExt.dll Fehlercode: 126 > < > < > < < End of report > --- --- --- > < > < End of report >[/CODE] |
|
03.03.2013, 23:55
| #4 |
| | Snap.do und SpyHunter entfernenCode:
ATTFilter OTL Extras logfile created on: 03.03.2013 23:00:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 44,64% Memory free
7,35 Gb Paging File | 5,20 Gb Available in Paging File | 70,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E560B9-ACFD-4DCF-AA7E-31276D3EF7E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A5D2F14-7E93-4190-BDF9-3FA12EE83976}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A7F0C14-7981-4A0B-BE98-B26C2C274636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C169743-2240-4AC8-829D-2EFD9C59E6B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10B51755-8641-4D84-A8F9-8D41259C5B63}" = lport=137 | protocol=17 | dir=in | app=system |
"{16E4FBC3-5B8B-469D-9A66-89020AB69A3A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1DAACFC5-8258-4341-A771-2486BF2A3180}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E8D0DFD-14EA-4AB0-9DA4-1AD8862C75FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{224D50E3-7287-4375-A7DF-1706EE332CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35409B81-A00A-495C-BCEA-45173D608A75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3CBF7BAB-DDB2-4587-B478-F4D3D54E9ADB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49ED43E4-D24D-4121-90D2-7C2D16B75779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{535F4414-D319-432D-B481-CF5B8DA4E0DA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{544640E7-3F39-4B84-89DB-94D13F39B60B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57DE36FC-BFD1-44DC-8BE6-DD0B09A02966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59DC71A5-00E9-4F32-AD60-A2F833AFE938}" = rport=137 | protocol=17 | dir=out | app=system |
"{7396E6B6-43AA-4448-9CE8-C1744AECBEFD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8050A616-C7B8-4FF4-8461-2AAF707CB326}" = rport=139 | protocol=6 | dir=out | app=system |
"{81E98AF7-0376-4E1D-8581-CF8B5F3204C9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{871C2FF2-4CD5-4035-9869-3AD508B92F26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8884BA0A-23CA-4E4A-AC96-0D909BE4B3E3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{897E572A-BCC1-4011-818B-02BDA31C4B42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AB98AF9-AA3D-4A88-A96B-4445AE4A1E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9075456E-DD7D-4AB8-81A0-D018038825D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{90BA20D6-F364-40A3-ACA6-CDED0F919328}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{93BECE9F-F231-40C7-896A-F3AF43F109E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D67AFFF-B5EF-44D3-AC94-26F81DC9BCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3E1D349-6639-42DB-9ED8-4285954B6315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0666CCF-F888-4FB3-9CD7-85D63D8E2598}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B52E3136-A7DA-4491-879E-14D259A06179}" = rport=445 | protocol=6 | dir=out | app=system |
"{B559DA58-4ABB-4789-96FC-05D76DF59AF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5F9EF2F-DE5C-41F6-8F8D-7EA28057A171}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA9B2CE6-2B10-4B27-8483-E3F93EA4C3AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE7156C1-A588-4C85-BF92-8EF07E26420B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CEC0ABF4-2FC5-4BDE-BBB9-13D03F81EF35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D13C722B-F61C-40DC-92D2-DD2394B917EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD25274F-7C9B-469E-982B-0D01790FD898}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E4D46C06-5800-4A59-B164-AE3B633A450A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8BAB55C-3F4A-4FCC-9FAD-A01BB2262A3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE505EB0-BE43-4997-BDDC-3B8F0CB2E8B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EED38836-D1E9-4778-8541-8606AE9DB5F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F79A3CF5-C39A-47D2-8ED5-E4969A135046}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01325272-C373-48F0-B247-442B457FB54D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09DE98A0-EE10-479B-AB38-82F12FE256C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1181B667-752A-4422-B81F-9994F6F4A02E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{11BF11C9-502B-4FAC-A458-948DFF282343}" = dir=in | app=d:\setup\hpznui40.exe |
"{12194258-DEC2-46CC-88E1-67BDF2C2EA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{15609DD8-5353-48B0-B514-12624C79507F}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"{16B816E1-34CA-456A-842D-F9BA5C44CCC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{16BD5F0E-73B9-4E8B-A503-B70196216753}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{197A1EE6-3290-4826-B8E8-3BBA7849AC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C2E0654-6B3F-4D81-BEF9-2644C92D568C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C7E0163-F2E3-46C4-B1F5-AF4704B864EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{20F7A05F-82E0-4EE6-ADAD-64A835186B35}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{215AE1D4-97BE-4581-9799-8D2519F64C92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{251B9962-0F75-47C8-8A59-9221F63ACEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B01595E-1C5D-4F86-BD39-FC4ECE9D9B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{310B740E-947B-4D65-8CB1-A06ADE8B359D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{33B93F3E-F469-4068-A1CC-040962670F54}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{36CD377B-922A-42C9-9740-E4FA3453071B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CAA1EF1-6C47-42C8-8A9C-B8FFEEA85A66}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{43BB6A5D-6052-4BE2-8A5B-D1587996F060}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{468BD279-8304-4D9F-8847-8A01C40A2501}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{538774C7-83DC-42F3-A328-DC9ACA5ACA60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{548AF0BE-61FC-4B94-ABF4-F1F4E121041B}" = protocol=6 | dir=out | app=system |
"{5871EA16-BC7E-40B0-9A75-47B434F16F85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{588DEA38-14E3-41E9-96E7-26116F3D2B13}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{603A3C43-0B6C-4A6E-AABA-CC0C71A693ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{62AB305A-F1E3-45B7-A288-30F0711AA655}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{64BE7C9F-A878-4440-AA06-CD803D40FF1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6F8C0130-52A7-4E66-8406-9AD2E40E1694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{6FDD7378-190F-4285-B739-CFAD1F178C13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{74DD49EB-4119-4446-A203-7A0ED4D48D66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77B7F16C-691C-4B6B-ADBF-6D0DAC1A269D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{79A23AE9-3900-4940-A5E3-827B22BE99EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A449B80-525B-47D8-AF9E-9DD6EAFB0527}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E8845CA-CEEB-48E1-AC27-BE123C6A9FB0}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7F005C8B-D339-4FCF-BFD3-EF5CEBB404A4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{84960B25-606C-4810-8D6E-470045DF7911}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{85515082-65A4-4657-B4BF-8DC27EA0B926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{85BE4258-B0C0-4C0C-841C-737500F075FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90FE6BAD-4A02-4A63-A7FD-1080F193A5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{951DF364-8C16-4CD4-8BD4-23393F3F3515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9940EB60-A657-460A-8708-896F030A6555}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9F2D6276-4CAD-4F9E-B77D-9B904E702A86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9F821BCA-7059-4BE3-B110-53B333022C8F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A3577D87-14C4-44F3-8F20-CE96CFCA174D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A9CE400C-8052-422F-8A01-E3015E34A10B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{ADBAA774-8DA6-4642-840D-27F729BDD22F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B002CBB9-6A6D-4240-A2EC-FAC779813D63}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B1304A00-E7DB-459C-B912-62DADC109F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{B845DA90-A072-47B4-9D00-B7EFC862CBE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{CEFC3EBC-FA88-408F-84DD-847BBA42BF2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2E5ABA4-F66E-4C59-B26C-8A4F9EB56C39}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"{D78697A6-A2D0-46DB-9AB9-E46899666091}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{E1254349-CCF9-4E4A-B448-B2CF07027BA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4377567-E397-4645-B009-D2627696B83C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E52B2D27-F1D0-4812-8BDC-03C12F2262FD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E55AF2D3-55D0-487A-81D3-6008EB1ACEAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{E5F3AE42-E711-40EC-B21C-65FD25AB2556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FCDCF18D-0A15-4BD8-AB6C-6B76084EF83F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{FFCEB4B8-AA9C-49BA-9BA1-7AEC72D5E974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{22B3AE66-7A37-4118-BADB-3680C15CA366}" = SpyHunter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD67C37-BA7A-4CBE-AD3C-308100D61ED7}" = fx-9860G Slim Manager PLUS (30 Day Trial)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleManager" = AudibleManager
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.11.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.13
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.14.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"Klett Software Horizons Sicher ins Abitur" = Klett Software Horizons Sicher ins Abitur
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Moorhuhn 2 deinstallieren" = Moorhuhn 2
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"NIS" = Norton Internet Security
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WT078910" = Bejeweled 2 Deluxe
"WT078919" = Insaniquarium Deluxe
"WT078930" = Zuma Deluxe
"WT078958" = Blasterball 3
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079062" = Jewel Quest
"WT079066" = Jewel Quest Solitaire 3
"WT079106" = Penguins!
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079122" = Polar Pool
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079296" = Chicken Invaders 3 - Revenge of the Yolk
"WT079316" = Escape Rosecliff Island
"WT079329" = Mahjongg Artifacts
"WT079418" = Virtual Families
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2012 10:08:08 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 11:16:29 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 12:12:31 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 13:13:26 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 14:13:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 15:12:01 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 16:00:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.06.2012 17:08:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 04:00:53 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 04:11:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 02.03.2013 17:54:48 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 03.03.2013 06:07:13 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 03.03.2013 06:08:18 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description =
Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 03.03.2013 12:22:51 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal
passiert.
Error - 03.03.2013 12:43:49 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
IPsec-Richtlinien-Agent erreicht.
Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.03.2013 17:50:41 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
|
|
04.03.2013, 17:55
| #5 |
| /// Malware-holic | Snap.do und SpyHunter entfernen Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not
found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not
found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:51
| #6 |
| | Snap.do und SpyHunter entfernen HI Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to DVD Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to DVD Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sarah
->Temp folder emptied: 325152 bytes
->Temporary Internet Files folder emptied: 33207 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6489339 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15972 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_224536
Files\Folders moved on Reboot...
File\Folder C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
05.03.2013, 14:47
| #7 |
| /// Malware-holic | Snap.do und SpyHunter entfernen Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2013, 23:14
| #8 |
| | Snap.do und SpyHunter entfernen HI, ich habe die Logfile, allerdings bekam ich die Nachricht, dass sie zu lang ist um sie zu posten.. LG |
|
06.03.2013, 13:55
| #9 |
| /// Malware-holic | Snap.do und SpyHunter entfernen dann packen und anhängen oder teilen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 18:28
| #10 |
| | Snap.do und SpyHunter entfernenCode:
ATTFilter LOGFILE 5.3.2013
22:52:24.0954 2604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:25.0218 2604 ============================================================
22:52:25.0218 2604 Current date / time: 2013/03/05 22:52:25.0218
22:52:25.0218 2604 SystemInfo:
22:52:25.0218 2604
22:52:25.0218 2604 OS Version: 6.1.7600 ServicePack: 0.0
22:52:25.0218 2604 Product type: Workstation
22:52:25.0219 2604 ComputerName: SARAH-PC
22:52:25.0219 2604 UserName: Sarah
22:52:25.0219 2604 Windows directory: C:\Windows
22:52:25.0219 2604 System windows directory: C:\Windows
22:52:25.0219 2604 Running under WOW64
22:52:25.0219 2604 Processor architecture: Intel x64
22:52:25.0219 2604 Number of processors: 4
22:52:25.0219 2604 Page size: 0x1000
22:52:25.0219 2604 Boot type: Normal boot
22:52:25.0219 2604 ============================================================
22:52:29.0342 2604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:52:29.0350 2604 ============================================================
22:52:29.0350 2604 \Device\Harddisk0\DR0:
22:52:29.0350 2604 MBR partitions:
22:52:29.0350 2604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
22:52:29.0350 2604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
22:52:29.0350 2604 ============================================================
22:52:29.0425 2604 C: <-> \Device\Harddisk0\DR0\Partition2
22:52:29.0426 2604 ============================================================
22:52:29.0426 2604 Initialize success
22:52:29.0426 2604 ============================================================
22:53:16.0617 5364 ============================================================
22:53:16.0617 5364 Scan started
22:53:16.0617 5364 Mode: Manual; SigCheck; TDLFS;
22:53:16.0617 5364 ============================================================
22:53:17.0990 5364 ================ Scan system memory ========================
22:53:17.0990 5364 System memory - ok
22:53:17.0990 5364 ================ Scan services =============================
22:53:18.0520 5364 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:53:18.0786 5364 1394ohci - ok
22:53:18.0848 5364 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:53:18.0988 5364 ACPI - ok
22:53:19.0051 5364 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:53:19.0456 5364 AcpiPmi - ok
22:53:19.0519 5364 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:53:19.0831 5364 adp94xx - ok
22:53:19.0893 5364 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:53:20.0143 5364 adpahci - ok
22:53:20.0190 5364 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:53:20.0470 5364 adpu320 - ok
22:53:20.0486 5364 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:53:20.0923 5364 AeLookupSvc - ok
22:53:20.0985 5364 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:53:21.0266 5364 AFD - ok
22:53:21.0328 5364 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:53:21.0547 5364 agp440 - ok
22:53:21.0609 5364 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:53:21.0890 5364 ALG - ok
22:53:21.0937 5364 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:53:22.0093 5364 aliide - ok
22:53:22.0140 5364 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:53:22.0296 5364 amdide - ok
22:53:22.0327 5364 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:53:22.0483 5364 AmdK8 - ok
22:53:22.0545 5364 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:53:22.0717 5364 AmdPPM - ok
22:53:22.0764 5364 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:53:22.0935 5364 amdsata - ok
22:53:22.0998 5364 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:53:23.0138 5364 amdsbs - ok
22:53:23.0169 5364 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:53:23.0263 5364 amdxata - ok
22:53:23.0310 5364 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
22:53:23.0450 5364 AmUStor - ok
22:53:23.0512 5364 [ FAB590E0FC28CB474B965F8267458E14 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:53:23.0590 5364 ApfiltrService - ok
22:53:23.0653 5364 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:53:23.0840 5364 AppID - ok
22:53:23.0887 5364 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:53:24.0027 5364 AppIDSvc - ok
22:53:24.0074 5364 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:53:24.0199 5364 Appinfo - ok
22:53:24.0230 5364 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:53:24.0261 5364 arc - ok
22:53:24.0292 5364 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:53:24.0324 5364 arcsas - ok
22:53:24.0355 5364 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:53:24.0480 5364 AsyncMac - ok
22:53:24.0542 5364 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:53:24.0589 5364 atapi - ok
22:53:24.0729 5364 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:53:24.0963 5364 athr - ok
22:53:25.0026 5364 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:53:25.0104 5364 AudioEndpointBuilder - ok
22:53:25.0119 5364 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:53:25.0229 5364 AudioSrv - ok
22:53:25.0275 5364 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:53:25.0385 5364 AxInstSV - ok
22:53:25.0541 5364 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:53:25.0681 5364 b06bdrv - ok
22:53:25.0712 5364 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:53:25.0806 5364 b57nd60a - ok
22:53:25.0884 5364 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:53:25.0977 5364 BCM43XX - ok
22:53:26.0087 5364 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:53:26.0149 5364 BDESVC - ok
22:53:26.0180 5364 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:53:26.0243 5364 Beep - ok
22:53:26.0305 5364 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:53:26.0383 5364 BFE - ok
22:53:27.0584 5364 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
22:53:27.0631 5364 BHDrvx64 - ok
22:53:27.0678 5364 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
22:53:27.0771 5364 BITS - ok
22:53:27.0803 5364 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:53:27.0849 5364 blbdrive - ok
22:53:27.0896 5364 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:53:27.0974 5364 bowser - ok
22:53:28.0021 5364 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:53:28.0052 5364 BrFiltLo - ok
22:53:28.0083 5364 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:53:28.0099 5364 BrFiltUp - ok
22:53:28.0146 5364 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:53:28.0224 5364 Browser - ok
22:53:28.0239 5364 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:53:28.0333 5364 Brserid - ok
22:53:28.0364 5364 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:53:28.0411 5364 BrSerWdm - ok
22:53:28.0458 5364 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:53:28.0505 5364 BrUsbMdm - ok
22:53:28.0551 5364 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:53:28.0583 5364 BrUsbSer - ok
22:53:28.0614 5364 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:53:28.0661 5364 BTHMODEM - ok
22:53:28.0707 5364 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:53:28.0785 5364 bthserv - ok
22:53:28.0926 5364 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
22:53:28.0957 5364 ccHP - ok
22:53:29.0019 5364 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:53:29.0097 5364 cdfs - ok
22:53:29.0160 5364 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:53:29.0207 5364 cdrom - ok
22:53:29.0269 5364 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:53:29.0331 5364 CertPropSvc - ok
22:53:29.0425 5364 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:53:29.0456 5364 circlass - ok
22:53:29.0534 5364 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:53:29.0565 5364 CLFS - ok
22:53:29.0877 5364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:53:29.0909 5364 clr_optimization_v2.0.50727_32 - ok
22:53:29.0955 5364 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:53:29.0971 5364 clr_optimization_v2.0.50727_64 - ok
22:53:30.0049 5364 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:53:30.0096 5364 CmBatt - ok
22:53:30.0127 5364 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:53:30.0158 5364 cmdide - ok
22:53:30.0221 5364 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:53:30.0252 5364 CNG - ok
22:53:30.0314 5364 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:53:30.0330 5364 Compbatt - ok
22:53:30.0377 5364 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:53:30.0423 5364 CompositeBus - ok
22:53:30.0455 5364 COMSysApp - ok
22:53:30.0486 5364 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:53:30.0501 5364 crcdisk - ok
22:53:30.0548 5364 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:53:30.0626 5364 CryptSvc - ok
22:53:30.0673 5364 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:53:30.0751 5364 DcomLaunch - ok
22:53:30.0782 5364 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:53:30.0860 5364 defragsvc - ok
22:53:30.0907 5364 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:53:30.0985 5364 DfsC - ok
22:53:31.0079 5364 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:53:31.0235 5364 Dhcp - ok
22:53:31.0281 5364 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:53:31.0359 5364 discache - ok
22:53:31.0422 5364 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:53:31.0453 5364 Disk - ok
22:53:31.0500 5364 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:53:31.0578 5364 Dnscache - ok
22:53:31.0671 5364 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:53:31.0734 5364 dot3svc - ok
22:53:31.0765 5364 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:53:31.0843 5364 DPS - ok
22:53:31.0890 5364 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:53:31.0921 5364 drmkaud - ok
22:53:32.0155 5364 [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:53:32.0186 5364 DsiWMIService - ok
22:53:32.0264 5364 [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:53:32.0311 5364 DXGKrnl - ok
22:53:32.0342 5364 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:53:32.0420 5364 EapHost - ok
22:53:33.0013 5364 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:53:33.0153 5364 ebdrv - ok
22:53:33.0434 5364 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:53:33.0465 5364 eeCtrl - ok
22:53:33.0512 5364 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:53:33.0575 5364 EFS - ok
22:53:33.0824 5364 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:53:33.0918 5364 ehRecvr - ok
22:53:33.0965 5364 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:53:34.0011 5364 ehSched - ok
22:53:34.0121 5364 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:53:34.0152 5364 elxstor - ok
22:53:34.0401 5364 [ 49EEF52BFB986A2B5D70F4EC12637D7B ] ePowerSvc C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
22:53:34.0433 5364 ePowerSvc - ok
22:53:34.0479 5364 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:53:34.0495 5364 EraserUtilRebootDrv - ok
22:53:34.0542 5364 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:53:34.0635 5364 ErrDev - ok
22:53:34.0682 5364 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:53:34.0745 5364 EventSystem - ok
22:53:34.0807 5364 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:53:34.0885 5364 exfat - ok
22:53:34.0932 5364 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:53:35.0025 5364 fastfat - ok
22:53:35.0088 5364 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:53:35.0166 5364 Fax - ok
22:53:35.0213 5364 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:53:35.0228 5364 fdc - ok
22:53:35.0259 5364 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:53:35.0306 5364 fdPHost - ok
22:53:35.0337 5364 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:53:35.0400 5364 FDResPub - ok
22:53:35.0431 5364 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:53:35.0447 5364 FileInfo - ok
22:53:35.0478 5364 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:53:35.0525 5364 Filetrace - ok
22:53:35.0540 5364 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:53:35.0571 5364 flpydisk - ok
22:53:35.0603 5364 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:53:35.0618 5364 FltMgr - ok
22:53:35.0805 5364 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:53:35.0883 5364 FontCache - ok
22:53:36.0024 5364 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:53:36.0039 5364 FontCache3.0.0.0 - ok
22:53:36.0071 5364 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:53:36.0086 5364 FsDepends - ok
22:53:36.0133 5364 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:53:36.0164 5364 Fs_Rec - ok
22:53:36.0227 5364 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:53:36.0258 5364 fvevol - ok
22:53:36.0289 5364 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:53:36.0320 5364 gagp30kx - ok
22:53:36.0461 5364 [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
22:53:36.0492 5364 GameConsoleService - ok
22:53:36.0554 5364 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:53:36.0632 5364 gpsvc - ok
22:53:36.0757 5364 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
22:53:36.0819 5364 Greg_Service - ok
22:53:37.0007 5364 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:37.0038 5364 gupdate - ok
22:53:37.0100 5364 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:37.0131 5364 gupdatem - ok
22:53:37.0194 5364 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:53:37.0225 5364 gusvc - ok
22:53:37.0272 5364 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:53:37.0334 5364 hcw85cir - ok
22:53:37.0365 5364 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:53:37.0443 5364 HdAudAddService - ok
22:53:37.0475 5364 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:53:37.0521 5364 HDAudBus - ok
22:53:37.0568 5364 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:53:37.0599 5364 HECIx64 - ok
22:53:37.0631 5364 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:53:37.0662 5364 HidBatt - ok
22:53:37.0693 5364 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:53:37.0740 5364 HidBth - ok
22:53:37.0771 5364 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:53:37.0818 5364 HidIr - ok
22:53:37.0880 5364 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:53:37.0974 5364 hidserv - ok
22:53:38.0005 5364 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:53:38.0052 5364 HidUsb - ok
22:53:38.0114 5364 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:53:38.0192 5364 hkmsvc - ok
22:53:38.0255 5364 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:53:38.0317 5364 HomeGroupListener - ok
22:53:38.0379 5364 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:53:38.0442 5364 HomeGroupProvider - ok
22:53:39.0019 5364 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:53:39.0066 5364 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:53:39.0066 5364 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:53:39.0097 5364 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:53:39.0144 5364 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:53:39.0144 5364 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:53:39.0206 5364 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:53:39.0222 5364 HpSAMD - ok
22:53:39.0409 5364 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:53:39.0425 5364 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:53:39.0425 5364 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:53:39.0471 5364 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:53:39.0534 5364 HTTP - ok
22:53:39.0549 5364 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:53:39.0565 5364 hwpolicy - ok
22:53:39.0612 5364 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:53:39.0643 5364 i8042prt - ok
22:53:39.0737 5364 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:53:39.0752 5364 iaStor - ok
22:53:39.0861 5364 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:53:39.0877 5364 IAStorDataMgrSvc - ok
22:53:39.0939 5364 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:53:39.0971 5364 iaStorV - ok
22:53:40.0095 5364 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:53:40.0127 5364 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:53:40.0127 5364 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:53:40.0361 5364 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:53:40.0407 5364 idsvc - ok
22:53:40.0751 5364 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSvia64.sys
22:53:40.0782 5364 IDSVia64 - ok
22:53:41.0702 5364 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:53:42.0030 5364 igfx - ok
22:53:42.0092 5364 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:53:42.0123 5364 iirsp - ok
22:53:42.0201 5364 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:53:42.0311 5364 IKEEXT - ok
22:53:42.0373 5364 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:53:42.0420 5364 Impcd - ok
22:53:42.0623 5364 [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:53:42.0669 5364 IntcAzAudAddService - ok
22:53:42.0810 5364 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:53:42.0872 5364 IntcDAud - ok
22:53:42.0903 5364 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:53:42.0935 5364 intelide - ok
22:53:42.0997 5364 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:53:43.0028 5364 intelppm - ok
22:53:43.0091 5364 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:53:43.0169 5364 IPBusEnum - ok
22:53:43.0200 5364 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:53:43.0293 5364 IpFilterDriver - ok
22:53:43.0309 5364 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:53:43.0387 5364 iphlpsvc - ok
22:53:43.0434 5364 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:53:43.0496 5364 IPMIDRV - ok
22:53:43.0559 5364 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:53:43.0652 5364 IPNAT - ok
22:53:43.0699 5364 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:53:43.0715 5364 IRENUM - ok
22:53:43.0761 5364 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:53:43.0777 5364 isapnp - ok
22:53:43.0824 5364 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:53:43.0855 5364 iScsiPrt - ok
22:53:43.0902 5364 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:53:43.0933 5364 k57nd60a - ok
22:53:43.0980 5364 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:53:43.0995 5364 kbdclass - ok
22:53:44.0042 5364 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:53:44.0073 5364 kbdhid - ok
22:53:44.0120 5364 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:53:44.0136 5364 KeyIso - ok
22:53:44.0151 5364 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:53:44.0183 5364 KSecDD - ok
22:53:44.0198 5364 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:53:44.0214 5364 KSecPkg - ok
22:53:44.0261 5364 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:53:44.0323 5364 ksthunk - ok
22:53:44.0370 5364 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:53:44.0432 5364 KtmRm - ok
22:53:44.0510 5364 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:53:44.0541 5364 L1E - ok
22:53:44.0588 5364 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:53:44.0666 5364 LanmanServer - ok
22:53:44.0697 5364 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:53:44.0760 5364 LanmanWorkstation - ok
22:53:44.0807 5364 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:53:44.0869 5364 lltdio - ok
22:53:44.0994 5364 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:53:45.0087 5364 lltdsvc - ok
22:53:45.0119 5364 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:53:45.0165 5364 lmhosts - ok
22:53:45.0275 5364 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:53:45.0306 5364 LMS - ok
22:53:45.0368 5364 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:53:45.0399 5364 LSI_FC - ok
22:53:45.0399 5364 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:53:45.0415 5364 LSI_SAS - ok
22:53:45.0431 5364 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:53:45.0462 5364 LSI_SAS2 - ok
22:53:45.0477 5364 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:53:45.0509 5364 LSI_SCSI - ok
22:53:45.0524 5364 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:53:45.0571 5364 luafv - ok
22:53:45.0618 5364 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:53:45.0633 5364 MBAMProtector - ok
22:53:45.0727 5364 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:53:45.0758 5364 MBAMScheduler - ok
22:53:45.0821 5364 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:53:45.0883 5364 MBAMService - ok
22:53:45.0914 5364 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:53:45.0961 5364 Mcx2Svc - ok
22:53:46.0055 5364 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:53:46.0086 5364 MDM - ok
22:53:46.0148 5364 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:53:46.0164 5364 megasas - ok
22:53:46.0195 5364 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:53:46.0226 5364 MegaSR - ok
22:53:46.0273 5364 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:53:46.0351 5364 MMCSS - ok
22:53:46.0367 5364 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:53:46.0445 5364 Modem - ok
22:53:46.0476 5364 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:53:46.0523 5364 monitor - ok
22:53:46.0569 5364 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:53:46.0601 5364 mouclass - ok
22:53:46.0632 5364 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:53:46.0679 5364 mouhid - ok
22:53:46.0710 5364 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:53:46.0741 5364 mountmgr - ok
22:53:46.0788 5364 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:53:46.0803 5364 mpio - ok
22:53:46.0835 5364 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:53:46.0897 5364 mpsdrv - ok
22:53:46.0944 5364 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:53:47.0053 5364 MpsSvc - ok
22:53:47.0084 5364 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:53:47.0131 5364 MRxDAV - ok
22:53:47.0178 5364 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:53:47.0225 5364 mrxsmb - ok
22:53:47.0303 5364 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:53:47.0381 5364 mrxsmb10 - ok
22:53:47.0396 5364 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:53:47.0443 5364 mrxsmb20 - ok
22:53:47.0490 5364 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:53:47.0505 5364 msahci - ok
22:53:47.0552 5364 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:53:47.0568 5364 msdsm - ok
22:53:47.0583 5364 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:53:47.0615 5364 MSDTC - ok
22:53:47.0646 5364 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:53:47.0693 5364 Msfs - ok
22:53:47.0739 5364 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:53:47.0802 5364 mshidkmdf - ok
22:53:47.0817 5364 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:53:47.0849 5364 msisadrv - ok
22:53:47.0927 5364 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:53:48.0005 5364 MSiSCSI - ok
22:53:48.0005 5364 msiserver - ok
22:53:48.0051 5364 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:53:48.0098 5364 MSKSSRV - ok
22:53:48.0129 5364 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:53:48.0192 5364 MSPCLOCK - ok
22:53:48.0223 5364 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:53:48.0285 5364 MSPQM - ok
22:53:48.0457 5364 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:53:48.0488 5364 MsRPC - ok
22:53:48.0519 5364 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:53:48.0535 5364 mssmbios - ok
22:53:48.0738 5364 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:53:48.0800 5364 MSTEE - ok
22:53:48.0831 5364 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:53:48.0863 5364 MTConfig - ok
22:53:48.0894 5364 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:53:48.0925 5364 Mup - ok
22:53:49.0097 5364 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:53:49.0175 5364 napagent - ok
22:53:49.0284 5364 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:53:49.0331 5364 NativeWifiP - ok
22:53:49.0580 5364 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\ENG64.SYS
22:53:49.0596 5364 NAVENG - ok
22:53:50.0048 5364 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\EX64.SYS
22:53:50.0095 5364 NAVEX15 - ok
22:53:50.0142 5364 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:53:50.0220 5364 NDIS - ok
22:53:50.0267 5364 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:53:50.0329 5364 NdisCap - ok
22:53:50.0360 5364 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:53:50.0438 5364 NdisTapi - ok
22:53:50.0485 5364 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:53:50.0547 5364 Ndisuio - ok
22:53:50.0579 5364 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:53:50.0625 5364 NdisWan - ok
22:53:50.0641 5364 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:53:50.0735 5364 NDProxy - ok
22:53:50.0781 5364 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:53:50.0828 5364 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:53:50.0828 5364 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:53:50.0859 5364 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:53:50.0937 5364 NetBIOS - ok
22:53:50.0969 5364 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:53:51.0015 5364 NetBT - ok
22:53:51.0047 5364 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:53:51.0078 5364 Netlogon - ok
22:53:51.0140 5364 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:53:51.0234 5364 Netman - ok
22:53:51.0234 5364 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:53:51.0327 5364 netprofm - ok
22:53:51.0374 5364 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:53:51.0405 5364 NetTcpPortSharing - ok
22:53:51.0468 5364 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:53:51.0483 5364 nfrd960 - ok
22:53:51.0624 5364 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
22:53:51.0655 5364 NIS - ok
22:53:51.0733 5364 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:53:51.0811 5364 NlaSvc - ok
22:53:51.0983 5364 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
22:53:51.0998 5364 npf - ok
22:53:52.0029 5364 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:53:52.0107 5364 Npfs - ok
22:53:52.0154 5364 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:53:52.0232 5364 nsi - ok
22:53:52.0279 5364 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:53:52.0326 5364 nsiproxy - ok
22:53:52.0653 5364 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:53:52.0716 5364 Ntfs - ok
22:53:52.0841 5364 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:53:52.0872 5364 NTIBackupSvc - ok
22:53:52.0934 5364 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
22:53:52.0950 5364 NTIDrvr - ok
22:53:53.0012 5364 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:53:53.0121 5364 NTISchedulerSvc - ok
22:53:53.0168 5364 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:53:53.0246 5364 Null - ok
22:53:53.0293 5364 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:53:53.0324 5364 nvraid - ok
22:53:53.0355 5364 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:53:53.0387 5364 nvstor - ok
22:53:53.0433 5364 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:53:53.0449 5364 nv_agp - ok
22:53:53.0465 5364 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:53:53.0496 5364 ohci1394 - ok
22:53:53.0558 5364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:53:53.0621 5364 ose - ok
22:53:53.0683 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:53:53.0761 5364 p2pimsvc - ok
22:53:53.0917 5364 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:53:53.0948 5364 p2psvc - ok
22:53:53.0979 5364 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:53:53.0995 5364 Parport - ok
22:53:54.0026 5364 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:53:54.0042 5364 partmgr - ok
22:53:54.0073 5364 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:53:54.0120 5364 PcaSvc - ok
22:53:54.0198 5364 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:53:54.0213 5364 pci - ok
22:53:54.0229 5364 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:53:54.0245 5364 pciide - ok
22:53:54.0276 5364 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:53:54.0307 5364 pcmcia - ok
22:53:54.0323 5364 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:53:54.0338 5364 pcw - ok
22:53:54.0541 5364 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:53:54.0993 5364 PEAUTH - ok
22:53:55.0259 5364 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:53:55.0305 5364 PerfHost - ok
22:53:55.0508 5364 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:53:55.0633 5364 pla - ok
22:53:55.0711 5364 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:53:55.0805 5364 PlugPlay - ok
22:53:55.0883 5364 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:53:55.0898 5364 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:53:55.0898 5364 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:53:55.0914 5364 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:53:55.0961 5364 PNRPAutoReg - ok
22:53:56.0070 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:53:56.0101 5364 PNRPsvc - ok
22:53:56.0132 5364 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:53:56.0226 5364 PolicyAgent - ok
22:53:56.0351 5364 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:53:56.0444 5364 Power - ok
22:53:56.0522 5364 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:53:56.0600 5364 PptpMiniport - ok
22:53:56.0616 5364 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:53:56.0663 5364 Processor - ok
22:53:56.0694 5364 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:53:56.0772 5364 ProfSvc - ok
22:53:56.0787 5364 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:53:56.0803 5364 ProtectedStorage - ok
22:53:56.0834 5364 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:53:56.0881 5364 Psched - ok
22:53:56.0943 5364 [ CCE65976AAEB1DB4C3B98243B8AC448E ] PVUSB C:\Windows\system32\DRIVERS\CESG64.sys
22:53:56.0959 5364 PVUSB - ok
22:53:57.0021 5364 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:53:57.0099 5364 ql2300 - ok
22:53:57.0146 5364 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:53:57.0162 5364 ql40xx - ok
22:53:57.0224 5364 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:53:57.0255 5364 QWAVE - ok
22:53:57.0271 5364 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:53:57.0318 5364 QWAVEdrv - ok
22:53:57.0333 5364 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:53:57.0411 5364 RasAcd - ok
22:53:57.0458 5364 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:53:57.0505 5364 RasAgileVpn - ok
22:53:57.0567 5364 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:53:57.0630 5364 RasAuto - ok
22:53:57.0661 5364 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:53:57.0739 5364 Rasl2tp - ok
22:53:57.0801 5364 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:53:57.0879 5364 RasMan - ok
22:53:57.0911 5364 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:53:57.0973 5364 RasPppoe - ok
22:53:58.0004 5364 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:53:58.0082 5364 RasSstp - ok
22:53:58.0098 5364 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:53:58.0160 5364 rdbss - ok
22:53:58.0191 5364 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:53:58.0238 5364 rdpbus - ok
22:53:58.0285 5364 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:53:58.0332 5364 RDPCDD - ok
22:53:58.0332 5364 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:53:58.0425 5364 RDPENCDD - ok
22:53:58.0457 5364 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:53:58.0503 5364 RDPREFMP - ok
22:53:58.0535 5364 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:53:58.0597 5364 RDPWD - ok
22:53:58.0644 5364 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:53:58.0675 5364 rdyboost - ok
22:53:58.0706 5364 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:53:58.0784 5364 RemoteAccess - ok
22:53:58.0847 5364 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:53:58.0940 5364 RemoteRegistry - ok
22:53:58.0971 5364 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:53:59.0049 5364 RpcEptMapper - ok
22:53:59.0081 5364 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:53:59.0096 5364 RpcLocator - ok
22:53:59.0127 5364 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:53:59.0205 5364 RpcSs - ok
22:53:59.0252 5364 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:53:59.0330 5364 rspndr - ok
22:53:59.0346 5364 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:53:59.0377 5364 SamSs - ok
22:53:59.0393 5364 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:53:59.0424 5364 sbp2port - ok
22:53:59.0439 5364 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:53:59.0502 5364 SCardSvr - ok
22:53:59.0517 5364 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:53:59.0580 5364 scfilter - ok
22:53:59.0705 5364 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:53:59.0798 5364 Schedule - ok
22:53:59.0814 5364 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:53:59.0876 5364 SCPolicySvc - ok
22:53:59.0923 5364 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:53:59.0985 5364 SDRSVC - ok
22:54:00.0032 5364 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:54:00.0110 5364 secdrv - ok
22:54:00.0157 5364 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:54:00.0251 5364 seclogon - ok
22:54:00.0329 5364 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:54:00.0407 5364 SENS - ok
22:54:00.0422 5364 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:54:00.0578 5364 SensrSvc - ok
22:54:00.0625 5364 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:54:00.0641 5364 Serenum - ok
22:54:00.0672 5364 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:54:00.0719 5364 Serial - ok
22:54:00.0828 5364 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:54:00.0843 5364 sermouse - ok
22:54:00.0921 5364 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:54:00.0984 5364 SessionEnv - ok
22:54:00.0999 5364 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:54:01.0046 5364 sffdisk - ok
22:54:01.0093 5364 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:54:01.0124 5364 sffp_mmc - ok
22:54:01.0155 5364 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:54:01.0187 5364 sffp_sd - ok
22:54:01.0218 5364 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:01.0265 5364 sfloppy - ok
22:54:01.0327 5364 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:54:01.0389 5364 SharedAccess - ok
22:54:01.0436 5364 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:54:01.0499 5364 ShellHWDetection - ok
22:54:01.0545 5364 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:54:01.0577 5364 SiSRaid2 - ok
22:54:01.0608 5364 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:54:01.0639 5364 SiSRaid4 - ok
22:54:01.0670 5364 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:54:01.0733 5364 Smb - ok
22:54:01.0779 5364 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:54:01.0826 5364 SNMPTRAP - ok
22:54:01.0857 5364 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:54:01.0889 5364 spldr - ok
22:54:01.0982 5364 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:54:02.0029 5364 Spooler - ok
22:54:02.0138 5364 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:54:02.0325 5364 sppsvc - ok
22:54:02.0357 5364 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:54:02.0403 5364 sppuinotify - ok
22:54:02.0606 5364 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
22:54:02.0637 5364 SRTSP - ok
22:54:02.0669 5364 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
22:54:02.0700 5364 SRTSPX - ok
22:54:02.0809 5364 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:54:02.0856 5364 srv - ok
22:54:02.0871 5364 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:54:02.0934 5364 srv2 - ok
22:54:02.0981 5364 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:54:03.0027 5364 srvnet - ok
22:54:03.0074 5364 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:54:03.0152 5364 SSDPSRV - ok
22:54:03.0168 5364 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:54:03.0230 5364 SstpSvc - ok
22:54:03.0277 5364 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:54:03.0293 5364 stexstor - ok
22:54:03.0339 5364 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:54:03.0386 5364 StillCam - ok
22:54:03.0464 5364 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:54:03.0511 5364 stisvc - ok
22:54:03.0542 5364 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:54:03.0573 5364 swenum - ok
22:54:03.0636 5364 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:54:03.0698 5364 swprv - ok
22:54:03.0745 5364 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
22:54:03.0776 5364 SymDS - ok
22:54:03.0839 5364 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
22:54:03.0870 5364 SymEFA - ok
22:54:03.0917 5364 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:54:03.0932 5364 SymEvent - ok
22:54:03.0995 5364 [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
22:54:04.0026 5364 SymIM - ok
22:54:04.0041 5364 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
22:54:04.0073 5364 SymIRON - ok
22:54:04.0135 5364 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
22:54:04.0166 5364 SYMTDIv - ok
22:54:04.0400 5364 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:54:04.0494 5364 SysMain - ok
22:54:04.0525 5364 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:54:04.0587 5364 TabletInputService - ok
22:54:04.0619 5364 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:54:04.0697 5364 TapiSrv - ok
22:54:04.0728 5364 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:54:04.0775 5364 TBS - ok
22:54:05.0352 5364 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:54:05.0414 5364 Tcpip - ok
22:54:05.0461 5364 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:54:05.0523 5364 TCPIP6 - ok
22:54:05.0570 5364 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:54:05.0633 5364 tcpipreg - ok
22:54:05.0648 5364 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:54:05.0726 5364 TDPIPE - ok
22:54:05.0757 5364 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:54:05.0835 5364 TDTCP - ok
22:54:05.0851 5364 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:54:05.0929 5364 tdx - ok
22:54:05.0976 5364 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:54:06.0007 5364 TermDD - ok
22:54:06.0038 5364 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:54:06.0132 5364 TermService - ok
22:54:06.0163 5364 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:54:06.0210 5364 Themes - ok
22:54:06.0257 5364 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:54:06.0319 5364 THREADORDER - ok
22:54:06.0319 5364 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:54:06.0397 5364 TrkWks - ok
22:54:06.0475 5364 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:54:06.0522 5364 TrustedInstaller - ok
22:54:06.0553 5364 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:06.0615 5364 tssecsrv - ok
22:54:06.0678 5364 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:54:06.0740 5364 tunnel - ok
22:54:06.0756 5364 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:54:06.0787 5364 uagp35 - ok
22:54:06.0818 5364 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
22:54:06.0834 5364 UBHelper - ok
22:54:06.0959 5364 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:54:07.0037 5364 udfs - ok
22:54:07.0099 5364 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:54:07.0115 5364 UI0Detect - ok
22:54:07.0146 5364 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:54:07.0161 5364 uliagpkx - ok
22:54:07.0224 5364 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:54:07.0271 5364 umbus - ok
22:54:07.0302 5364 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:54:07.0349 5364 UmPass - ok
22:54:07.0676 5364 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:54:07.0754 5364 UNS - ok
22:54:07.0926 5364 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
22:54:07.0988 5364 Updater Service - ok
22:54:08.0035 5364 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:54:08.0113 5364 upnphost - ok
22:54:08.0175 5364 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:54:08.0238 5364 usbccgp - ok
22:54:08.0285 5364 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:54:08.0331 5364 usbcir - ok
22:54:08.0363 5364 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:54:08.0394 5364 usbehci - ok
22:54:08.0456 5364 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:54:08.0487 5364 usbhub - ok
22:54:08.0534 5364 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:54:08.0597 5364 usbohci - ok
22:54:08.0643 5364 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:54:08.0690 5364 usbprint - ok
22:54:08.0737 5364 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:08.0815 5364 USBSTOR - ok
22:54:08.0862 5364 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:54:08.0877 5364 usbuhci - ok
22:54:08.0955 5364 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:54:09.0002 5364 usbvideo - ok
22:54:09.0049 5364 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:54:09.0096 5364 UxSms - ok
22:54:09.0127 5364 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:54:09.0143 5364 VaultSvc - ok
22:54:09.0189 5364 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:54:09.0221 5364 vdrvroot - ok
22:54:09.0392 5364 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:54:09.0423 5364 vds - ok
22:54:09.0470 5364 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:09.0501 5364 vga - ok
22:54:09.0517 5364 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:54:09.0595 5364 VgaSave - ok
22:54:09.0657 5364 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:54:09.0673 5364 vhdmp - ok
22:54:09.0704 5364 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:54:09.0720 5364 viaide - ok
22:54:09.0735 5364 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:54:09.0751 5364 volmgr - ok
22:54:09.0782 5364 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:54:09.0813 5364 volmgrx - ok
22:54:09.0829 5364 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:54:09.0860 5364 volsnap - ok
22:54:09.0876 5364 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:54:09.0907 5364 vsmraid - ok
22:54:09.0954 5364 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:54:10.0032 5364 VSS - ok
22:54:10.0094 5364 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:54:10.0125 5364 vwifibus - ok
22:54:10.0141 5364 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:54:10.0188 5364 vwififlt - ok
22:54:10.0219 5364 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:54:10.0250 5364 vwifimp - ok
22:54:10.0281 5364 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:54:10.0359 5364 W32Time - ok
22:54:10.0422 5364 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:54:10.0469 5364 WacomPen - ok
22:54:10.0515 5364 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:54:10.0562 5364 WANARP - ok
22:54:10.0578 5364 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:54:10.0625 5364 Wanarpv6 - ok
22:54:10.0937 5364 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:54:11.0077 5364 wbengine - ok
22:54:11.0093 5364 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:54:11.0124 5364 WbioSrvc - ok
22:54:11.0155 5364 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:54:11.0249 5364 wcncsvc - ok
22:54:11.0280 5364 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:54:11.0327 5364 WcsPlugInService - ok
22:54:11.0373 5364 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:54:11.0389 5364 Wd - ok
22:54:11.0498 5364 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:54:11.0545 5364 Wdf01000 - ok
22:54:11.0576 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:54:11.0639 5364 WdiServiceHost - ok
22:54:11.0639 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:54:11.0670 5364 WdiSystemHost - ok
22:54:11.0701 5364 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:54:11.0779 5364 WebClient - ok
22:54:11.0810 5364 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:54:11.0873 5364 Wecsvc - ok
22:54:11.0888 5364 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:54:11.0935 5364 wercplsupport - ok
22:54:11.0982 5364 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:54:12.0060 5364 WerSvc - ok
22:54:12.0107 5364 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:54:12.0153 5364 WfpLwf - ok
22:54:12.0169 5364 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:54:12.0185 5364 WIMMount - ok
22:54:12.0247 5364 WinDefend - ok
22:54:12.0247 5364 WinHttpAutoProxySvc - ok
22:54:12.0356 5364 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:54:12.0434 5364 Winmgmt - ok
22:54:12.0887 5364 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:54:12.0980 5364 WinRM - ok
22:54:13.0043 5364 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:54:13.0089 5364 Wlansvc - ok
22:54:13.0121 5364 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:54:13.0136 5364 WmiAcpi - ok
22:54:13.0214 5364 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:54:13.0261 5364 wmiApSrv - ok
22:54:13.0323 5364 WMPNetworkSvc - ok
22:54:13.0355 5364 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:54:13.0401 5364 WPCSvc - ok
22:54:13.0433 5364 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:54:13.0448 5364 WPDBusEnum - ok
22:54:13.0511 5364 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:54:13.0589 5364 ws2ifsl - ok
22:54:13.0620 5364 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
22:54:13.0682 5364 wscsvc - ok
22:54:13.0682 5364 WSearch - ok
22:54:13.0916 5364 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:54:14.0010 5364 wuauserv - ok
22:54:14.0041 5364 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:54:14.0088 5364 WudfPf - ok
22:54:14.0135 5364 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:14.0166 5364 WUDFRd - ok
22:54:14.0197 5364 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:54:14.0213 5364 wudfsvc - ok
22:54:14.0244 5364 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:54:14.0306 5364 WwanSvc - ok
22:54:14.0353 5364 ================ Scan global ===============================
22:54:14.0369 5364 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:54:14.0400 5364 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:54:14.0415 5364 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:54:14.0431 5364 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:54:14.0478 5364 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:54:14.0478 5364 [Global] - ok
22:54:14.0478 5364 ================ Scan MBR ==================================
22:54:14.0493 5364 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:54:15.0897 5364 \Device\Harddisk0\DR0 - ok
22:54:15.0897 5364 ================ Scan VBR ==================================
22:54:15.0960 5364 [ 57F5A1A999CD0DE83BD23E429B6980D0 ] \Device\Harddisk0\DR0\Partition1
22:54:15.0960 5364 \Device\Harddisk0\DR0\Partition1 - ok
22:54:15.0975 5364 [ CDBDF3D60BC3BBD793440B5B8B961A7C ] \Device\Harddisk0\DR0\Partition2
22:54:15.0991 5364 \Device\Harddisk0\DR0\Partition2 - ok
22:54:15.0991 5364 ============================================================
22:54:15.0991 5364 Scan finished
22:54:15.0991 5364 ============================================================
22:54:15.0991 5356 Detected object count: 6
22:54:15.0991 5356 Actual detected object count: 6
22:54:34.0524 5356 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:34.0524 5356 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:34.0524 5356 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:34.0524 5356 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:34.0524 5356 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:34.0524 5356 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:03.0930 5176 ============================================================
22:55:03.0930 5176 Scan started
22:55:03.0930 5176 Mode: Manual; SigCheck; TDLFS;
22:55:03.0930 5176 ============================================================
22:55:04.0117 5176 ================ Scan system memory ========================
22:55:04.0117 5176 System memory - ok
22:55:04.0117 5176 ================ Scan services =============================
22:55:04.0928 5176 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:55:04.0959 5176 1394ohci - ok
22:55:05.0084 5176 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:55:05.0115 5176 ACPI - ok
22:55:05.0131 5176 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:55:05.0162 5176 AcpiPmi - ok
22:55:05.0271 5176 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:55:05.0287 5176 adp94xx - ok
22:55:05.0505 5176 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:55:05.0537 5176 adpahci - ok
22:55:05.0583 5176 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:55:05.0615 5176 adpu320 - ok
22:55:05.0677 5176 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:55:05.0739 5176 AeLookupSvc - ok
22:55:05.0802 5176 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:55:05.0833 5176 AFD - ok
22:55:05.0895 5176 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:55:05.0927 5176 agp440 - ok
22:55:05.0973 5176 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:55:05.0989 5176 ALG - ok
22:55:06.0036 5176 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:55:06.0051 5176 aliide - ok
22:55:06.0114 5176 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:55:06.0129 5176 amdide - ok
22:55:06.0145 5176 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:55:06.0176 5176 AmdK8 - ok
22:55:06.0239 5176 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:55:06.0254 5176 AmdPPM - ok
22:55:06.0301 5176 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:55:06.0332 5176 amdsata - ok
22:55:06.0457 5176 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:55:06.0488 5176 amdsbs - ok
22:55:06.0535 5176 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:55:06.0566 5176 amdxata - ok
22:55:06.0613 5176 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
22:55:06.0629 5176 AmUStor - ok
22:55:06.0707 5176 [ FAB590E0FC28CB474B965F8267458E14 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:55:06.0722 5176 ApfiltrService - ok
22:55:06.0800 5176 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:55:06.0831 5176 AppID - ok
22:55:06.0878 5176 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:55:06.0925 5176 AppIDSvc - ok
22:55:06.0956 5176 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:55:06.0972 5176 Appinfo - ok
22:55:07.0034 5176 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:55:07.0065 5176 arc - ok
22:55:07.0175 5176 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:55:07.0190 5176 arcsas - ok
22:55:07.0268 5176 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:55:07.0315 5176 AsyncMac - ok
22:55:07.0346 5176 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:55:07.0377 5176 atapi - ok
22:55:07.0487 5176 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:55:07.0549 5176 athr - ok
22:55:07.0674 5176 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:55:07.0752 5176 AudioEndpointBuilder - ok
22:55:07.0892 5176 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
|
|
06.03.2013, 18:30
| #11 |
| | Snap.do und SpyHunter entfernenCode:
ATTFilter 22:55:07.0970 5176 AudioSrv - ok
22:55:08.0048 5176 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:55:08.0079 5176 AxInstSV - ok
22:55:08.0142 5176 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:55:08.0157 5176 b06bdrv - ok
22:55:08.0251 5176 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:55:08.0282 5176 b57nd60a - ok
22:55:08.0485 5176 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:55:08.0532 5176 BCM43XX - ok
22:55:08.0610 5176 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:55:08.0625 5176 BDESVC - ok
22:55:08.0657 5176 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:55:08.0703 5176 Beep - ok
22:55:08.0828 5176 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:55:08.0875 5176 BFE - ok
22:55:10.0014 5176 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
22:55:10.0045 5176 BHDrvx64 - ok
22:55:10.0154 5176 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
22:55:10.0232 5176 BITS - ok
22:55:10.0263 5176 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:55:10.0295 5176 blbdrive - ok
22:55:10.0373 5176 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:55:10.0404 5176 bowser - ok
22:55:10.0451 5176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:55:10.0466 5176 BrFiltLo - ok
22:55:10.0497 5176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:55:10.0513 5176 BrFiltUp - ok
22:55:10.0591 5176 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:55:10.0622 5176 Browser - ok
22:55:10.0716 5176 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:55:10.0731 5176 Brserid - ok
22:55:10.0747 5176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:55:10.0778 5176 BrSerWdm - ok
22:55:10.0856 5176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:55:10.0872 5176 BrUsbMdm - ok
22:55:10.0934 5176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:55:10.0950 5176 BrUsbSer - ok
22:55:10.0997 5176 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:55:11.0028 5176 BTHMODEM - ok
22:55:11.0106 5176 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:55:11.0153 5176 bthserv - ok
22:55:11.0309 5176 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
22:55:11.0340 5176 ccHP - ok
22:55:11.0418 5176 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:55:11.0480 5176 cdfs - ok
22:55:11.0527 5176 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:55:11.0543 5176 cdrom - ok
22:55:11.0589 5176 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:55:11.0636 5176 CertPropSvc - ok
22:55:11.0683 5176 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:55:11.0699 5176 circlass - ok
22:55:11.0808 5176 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:55:11.0839 5176 CLFS - ok
22:55:11.0979 5176 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:55:12.0011 5176 clr_optimization_v2.0.50727_32 - ok
22:55:12.0151 5176 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:55:12.0167 5176 clr_optimization_v2.0.50727_64 - ok
22:55:12.0198 5176 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:55:12.0213 5176 CmBatt - ok
22:55:12.0245 5176 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:55:12.0260 5176 cmdide - ok
22:55:12.0401 5176 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:55:12.0432 5176 CNG - ok
22:55:12.0572 5176 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:55:12.0603 5176 Compbatt - ok
22:55:12.0650 5176 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:55:12.0666 5176 CompositeBus - ok
22:55:12.0681 5176 COMSysApp - ok
22:55:12.0728 5176 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:55:12.0744 5176 crcdisk - ok
22:55:12.0791 5176 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:55:12.0806 5176 CryptSvc - ok
22:55:12.0978 5176 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:55:13.0040 5176 DcomLaunch - ok
22:55:13.0165 5176 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:55:13.0212 5176 defragsvc - ok
22:55:13.0259 5176 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:55:13.0274 5176 DfsC - ok
22:55:13.0415 5176 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:55:13.0446 5176 Dhcp - ok
22:55:13.0493 5176 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:55:13.0539 5176 discache - ok
22:55:13.0555 5176 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:55:13.0586 5176 Disk - ok
22:55:13.0680 5176 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:55:13.0695 5176 Dnscache - ok
22:55:13.0742 5176 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:55:13.0789 5176 dot3svc - ok
22:55:13.0898 5176 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:55:13.0961 5176 DPS - ok
22:55:14.0023 5176 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:55:14.0054 5176 drmkaud - ok
22:55:14.0335 5176 [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:55:14.0382 5176 DsiWMIService - ok
22:55:14.0553 5176 [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:55:14.0600 5176 DXGKrnl - ok
22:55:14.0647 5176 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:55:14.0694 5176 EapHost - ok
22:55:15.0271 5176 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:55:15.0349 5176 ebdrv - ok
22:55:15.0630 5176 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:55:15.0645 5176 eeCtrl - ok
22:55:15.0708 5176 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:55:15.0739 5176 EFS - ok
22:55:16.0051 5176 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:55:16.0098 5176 ehRecvr - ok
22:55:16.0145 5176 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:55:16.0176 5176 ehSched - ok
22:55:16.0347 5176 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:55:16.0379 5176 elxstor - ok
22:55:16.0847 5176 [ 49EEF52BFB986A2B5D70F4EC12637D7B ] ePowerSvc C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
22:55:16.0878 5176 ePowerSvc - ok
22:55:16.0971 5176 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:55:16.0987 5176 EraserUtilRebootDrv - ok
22:55:17.0003 5176 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:55:17.0034 5176 ErrDev - ok
22:55:17.0221 5176 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:55:17.0268 5176 EventSystem - ok
22:55:17.0346 5176 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:55:17.0393 5176 exfat - ok
22:55:17.0486 5176 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:55:17.0533 5176 fastfat - ok
22:55:17.0611 5176 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:55:17.0642 5176 Fax - ok
22:55:17.0720 5176 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:55:17.0736 5176 fdc - ok
22:55:17.0798 5176 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:55:17.0861 5176 fdPHost - ok
22:55:17.0892 5176 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:55:17.0939 5176 FDResPub - ok
22:55:17.0985 5176 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:55:18.0001 5176 FileInfo - ok
22:55:18.0079 5176 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:55:18.0126 5176 Filetrace - ok
22:55:18.0157 5176 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:55:18.0173 5176 flpydisk - ok
22:55:18.0266 5176 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:55:18.0282 5176 FltMgr - ok
22:55:18.0531 5176 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:55:18.0563 5176 FontCache - ok
22:55:18.0672 5176 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:55:18.0687 5176 FontCache3.0.0.0 - ok
22:55:18.0703 5176 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:55:18.0734 5176 FsDepends - ok
22:55:18.0781 5176 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:55:18.0812 5176 Fs_Rec - ok
22:55:18.0875 5176 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:55:18.0906 5176 fvevol - ok
22:55:18.0968 5176 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:55:18.0984 5176 gagp30kx - ok
22:55:19.0312 5176 [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
22:55:19.0343 5176 GameConsoleService - ok
22:55:19.0577 5176 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:55:19.0639 5176 gpsvc - ok
22:55:19.0982 5176 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
22:55:20.0029 5176 Greg_Service - ok
22:55:20.0248 5176 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:55:20.0279 5176 gupdate - ok
22:55:20.0279 5176 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:55:20.0310 5176 gupdatem - ok
22:55:20.0388 5176 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:55:20.0419 5176 gusvc - ok
22:55:20.0450 5176 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:55:20.0497 5176 hcw85cir - ok
22:55:20.0638 5176 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:55:20.0669 5176 HdAudAddService - ok
22:55:20.0716 5176 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:55:20.0762 5176 HDAudBus - ok
22:55:20.0794 5176 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:55:20.0809 5176 HECIx64 - ok
22:55:20.0872 5176 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:55:20.0887 5176 HidBatt - ok
22:55:20.0903 5176 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:55:20.0934 5176 HidBth - ok
22:55:20.0996 5176 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:55:21.0028 5176 HidIr - ok
22:55:21.0074 5176 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:55:21.0121 5176 hidserv - ok
22:55:21.0184 5176 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:55:21.0215 5176 HidUsb - ok
22:55:21.0277 5176 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:55:21.0340 5176 hkmsvc - ok
22:55:21.0418 5176 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:55:21.0433 5176 HomeGroupListener - ok
22:55:21.0542 5176 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:55:21.0558 5176 HomeGroupProvider - ok
22:55:22.0057 5176 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:55:22.0088 5176 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:55:22.0088 5176 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:55:22.0135 5176 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:55:22.0151 5176 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:55:22.0151 5176 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:55:22.0198 5176 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:55:22.0213 5176 HpSAMD - ok
22:55:22.0541 5176 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:55:22.0572 5176 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:55:22.0572 5176 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:55:22.0588 5176 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:55:22.0666 5176 HTTP - ok
22:55:22.0712 5176 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:55:22.0728 5176 hwpolicy - ok
22:55:22.0806 5176 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:55:22.0822 5176 i8042prt - ok
22:55:22.0884 5176 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:55:22.0915 5176 iaStor - ok
22:55:23.0024 5176 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:55:23.0056 5176 IAStorDataMgrSvc - ok
22:55:23.0196 5176 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:55:23.0227 5176 iaStorV - ok
22:55:23.0383 5176 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:55:23.0399 5176 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:55:23.0399 5176 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:55:23.0726 5176 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:55:23.0758 5176 idsvc - ok
22:55:23.0945 5176 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSvia64.sys
22:55:23.0960 5176 IDSVia64 - ok
22:55:24.0928 5176 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:55:25.0068 5176 igfx - ok
22:55:25.0115 5176 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:55:25.0146 5176 iirsp - ok
22:55:25.0411 5176 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:55:25.0474 5176 IKEEXT - ok
22:55:25.0583 5176 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:55:25.0598 5176 Impcd - ok
22:55:25.0910 5176 [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:55:25.0957 5176 IntcAzAudAddService - ok
22:55:26.0035 5176 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:55:26.0066 5176 IntcDAud - ok
22:55:26.0113 5176 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:55:26.0129 5176 intelide - ok
22:55:26.0191 5176 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:55:26.0207 5176 intelppm - ok
22:55:26.0254 5176 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:55:26.0316 5176 IPBusEnum - ok
22:55:26.0363 5176 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:55:26.0410 5176 IpFilterDriver - ok
22:55:26.0612 5176 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:55:26.0659 5176 iphlpsvc - ok
22:55:26.0690 5176 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:55:26.0706 5176 IPMIDRV - ok
22:55:26.0753 5176 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:55:26.0800 5176 IPNAT - ok
22:55:26.0831 5176 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:55:26.0862 5176 IRENUM - ok
22:55:26.0924 5176 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:55:26.0956 5176 isapnp - ok
22:55:27.0112 5176 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:55:27.0127 5176 iScsiPrt - ok
22:55:27.0268 5176 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:55:27.0283 5176 k57nd60a - ok
22:55:27.0314 5176 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:55:27.0330 5176 kbdclass - ok
22:55:27.0408 5176 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:55:27.0424 5176 kbdhid - ok
22:55:27.0470 5176 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:55:27.0502 5176 KeyIso - ok
22:55:27.0548 5176 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:55:27.0564 5176 KSecDD - ok
22:55:27.0611 5176 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:55:27.0626 5176 KSecPkg - ok
22:55:27.0673 5176 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:55:27.0720 5176 ksthunk - ok
22:55:27.0860 5176 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:55:27.0907 5176 KtmRm - ok
22:55:27.0970 5176 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:55:27.0985 5176 L1E - ok
22:55:28.0110 5176 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:55:28.0126 5176 LanmanServer - ok
22:55:28.0188 5176 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:55:28.0235 5176 LanmanWorkstation - ok
22:55:28.0250 5176 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:55:28.0313 5176 lltdio - ok
22:55:28.0422 5176 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:55:28.0484 5176 lltdsvc - ok
22:55:28.0516 5176 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:55:28.0578 5176 lmhosts - ok
22:55:28.0734 5176 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:55:28.0765 5176 LMS - ok
22:55:28.0890 5176 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:55:28.0906 5176 LSI_FC - ok
22:55:28.0921 5176 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:55:28.0952 5176 LSI_SAS - ok
22:55:28.0984 5176 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:55:28.0999 5176 LSI_SAS2 - ok
22:55:29.0030 5176 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:55:29.0046 5176 LSI_SCSI - ok
22:55:29.0093 5176 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:55:29.0140 5176 luafv - ok
22:55:29.0186 5176 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:55:29.0202 5176 MBAMProtector - ok
22:55:29.0452 5176 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:55:29.0483 5176 MBAMScheduler - ok
22:55:29.0608 5176 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:55:29.0654 5176 MBAMService - ok
22:55:29.0686 5176 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:55:29.0717 5176 Mcx2Svc - ok
22:55:30.0060 5176 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:55:30.0091 5176 MDM - ok
22:55:30.0122 5176 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:55:30.0138 5176 megasas - ok
22:55:30.0232 5176 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:55:30.0247 5176 MegaSR - ok
22:55:30.0325 5176 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:55:30.0388 5176 MMCSS - ok
22:55:30.0419 5176 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:55:30.0466 5176 Modem - ok
22:55:30.0481 5176 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:55:30.0512 5176 monitor - ok
22:55:30.0590 5176 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:55:30.0606 5176 mouclass - ok
22:55:30.0653 5176 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:55:30.0668 5176 mouhid - ok
22:55:30.0746 5176 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:55:30.0778 5176 mountmgr - ok
22:55:30.0840 5176 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:55:30.0871 5176 mpio - ok
22:55:30.0934 5176 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:55:30.0980 5176 mpsdrv - ok
22:55:31.0074 5176 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:55:31.0152 5176 MpsSvc - ok
22:55:31.0230 5176 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:55:31.0261 5176 MRxDAV - ok
22:55:31.0339 5176 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:55:31.0370 5176 mrxsmb - ok
22:55:31.0464 5176 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:55:31.0495 5176 mrxsmb10 - ok
22:55:31.0558 5176 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:55:31.0573 5176 mrxsmb20 - ok
22:55:31.0636 5176 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:55:31.0667 5176 msahci - ok
22:55:31.0714 5176 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:55:31.0729 5176 msdsm - ok
22:55:31.0792 5176 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:55:31.0807 5176 MSDTC - ok
22:55:31.0838 5176 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:55:31.0885 5176 Msfs - ok
22:55:31.0948 5176 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:55:31.0994 5176 mshidkmdf - ok
22:55:32.0041 5176 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:55:32.0057 5176 msisadrv - ok
22:55:32.0150 5176 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:55:32.0197 5176 MSiSCSI - ok
22:55:32.0197 5176 msiserver - ok
22:55:32.0244 5176 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:55:32.0291 5176 MSKSSRV - ok
22:55:32.0384 5176 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:55:32.0431 5176 MSPCLOCK - ok
22:55:32.0478 5176 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:55:32.0525 5176 MSPQM - ok
22:55:32.0572 5176 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:55:32.0587 5176 MsRPC - ok
22:55:32.0634 5176 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:55:32.0650 5176 mssmbios - ok
22:55:32.0696 5176 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:55:32.0743 5176 MSTEE - ok
22:55:32.0774 5176 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:55:32.0790 5176 MTConfig - ok
22:55:32.0868 5176 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:55:32.0899 5176 Mup - ok
22:55:33.0102 5176 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:55:33.0164 5176 napagent - ok
22:55:33.0242 5176 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:55:33.0258 5176 NativeWifiP - ok
22:55:33.0461 5176 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\ENG64.SYS
22:55:33.0476 5176 NAVENG - ok
22:55:34.0709 5176 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\EX64.SYS
22:55:34.0771 5176 NAVEX15 - ok
22:55:34.0818 5176 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:55:34.0880 5176 NDIS - ok
22:55:34.0943 5176 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:55:34.0990 5176 NdisCap - ok
22:55:35.0052 5176 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:55:35.0099 5176 NdisTapi - ok
22:55:35.0161 5176 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:55:35.0208 5176 Ndisuio - ok
22:55:35.0333 5176 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:55:35.0380 5176 NdisWan - ok
22:55:35.0442 5176 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:55:35.0489 5176 NDProxy - ok
22:55:35.0582 5176 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:55:35.0598 5176 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:55:35.0598 5176 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:55:35.0676 5176 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:55:35.0723 5176 NetBIOS - ok
22:55:35.0770 5176 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:55:35.0816 5176 NetBT - ok
22:55:35.0863 5176 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:55:35.0879 5176 Netlogon - ok
22:55:36.0082 5176 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:55:36.0144 5176 Netman - ok
22:55:36.0487 5176 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:55:36.0565 5176 netprofm - ok
22:55:36.0659 5176 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:55:36.0674 5176 NetTcpPortSharing - ok
22:55:36.0784 5176 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:55:36.0799 5176 nfrd960 - ok
22:55:37.0252 5176 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
22:55:37.0298 5176 NIS - ok
22:55:37.0532 5176 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:55:37.0579 5176 NlaSvc - ok
22:55:37.0704 5176 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
22:55:37.0720 5176 npf - ok
22:55:37.0766 5176 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:55:37.0813 5176 Npfs - ok
22:55:37.0891 5176 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:55:37.0938 5176 nsi - ok
22:55:37.0985 5176 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:55:38.0032 5176 nsiproxy - ok
22:55:38.0281 5176 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:55:38.0328 5176 Ntfs - ok
22:55:38.0531 5176 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:55:38.0546 5176 NTIBackupSvc - ok
22:55:38.0593 5176 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
22:55:38.0609 5176 NTIDrvr - ok
22:55:38.0702 5176 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:55:38.0718 5176 NTISchedulerSvc - ok
22:55:38.0796 5176 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:55:38.0843 5176 Null - ok
22:55:38.0921 5176 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:55:38.0952 5176 nvraid - ok
22:55:39.0030 5176 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:55:39.0046 5176 nvstor - ok
22:55:39.0092 5176 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:55:39.0108 5176 nv_agp - ok
22:55:39.0155 5176 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:55:39.0170 5176 ohci1394 - ok
22:55:39.0358 5176 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:55:39.0420 5176 ose - ok
22:55:39.0467 5176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:55:39.0482 5176 p2pimsvc - ok
22:55:39.0576 5176 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:55:39.0607 5176 p2psvc - ok
22:55:39.0654 5176 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:55:39.0685 5176 Parport - ok
22:55:39.0716 5176 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:55:39.0732 5176 partmgr - ok
22:55:39.0748 5176 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:55:39.0779 5176 PcaSvc - ok
22:55:39.0794 5176 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:55:39.0810 5176 pci - ok
22:55:39.0841 5176 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:55:39.0857 5176 pciide - ok
22:55:39.0919 5176 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:55:39.0950 5176 pcmcia - ok
22:55:39.0966 5176 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:55:39.0982 5176 pcw - ok
22:55:40.0013 5176 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:55:40.0075 5176 PEAUTH - ok
22:55:40.0184 5176 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:55:40.0216 5176 PerfHost - ok
22:55:40.0387 5176 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:55:40.0450 5176 pla - ok
22:55:40.0496 5176 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:55:40.0512 5176 PlugPlay - ok
22:55:40.0590 5176 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:55:40.0606 5176 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:55:40.0606 5176 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:55:40.0621 5176 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:55:40.0637 5176 PNRPAutoReg - ok
22:55:40.0746 5176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:55:40.0762 5176 PNRPsvc - ok
22:55:40.0855 5176 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:55:40.0918 5176 PolicyAgent - ok
22:55:40.0964 5176 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:55:41.0027 5176 Power - ok
22:55:41.0074 5176 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:55:41.0120 5176 PptpMiniport - ok
22:55:41.0136 5176 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:55:41.0167 5176 Processor - ok
22:55:41.0198 5176 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:55:41.0214 5176 ProfSvc - ok
22:55:41.0261 5176 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:55:41.0292 5176 ProtectedStorage - ok
22:55:41.0339 5176 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:55:41.0401 5176 Psched - ok
22:55:41.0432 5176 [ CCE65976AAEB1DB4C3B98243B8AC448E ] PVUSB C:\Windows\system32\DRIVERS\CESG64.sys
22:55:41.0448 5176 PVUSB - ok
22:55:41.0542 5176 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:55:41.0588 5176 ql2300 - ok
22:55:41.0635 5176 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:55:41.0666 5176 ql40xx - ok
22:55:41.0760 5176 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:55:41.0776 5176 QWAVE - ok
22:55:41.0807 5176 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:55:41.0838 5176 QWAVEdrv - ok
22:55:41.0869 5176 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:55:41.0916 5176 RasAcd - ok
22:55:41.0978 5176 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:55:42.0025 5176 RasAgileVpn - ok
22:55:42.0072 5176 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:55:42.0119 5176 RasAuto - ok
22:55:42.0134 5176 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:55:42.0197 5176 Rasl2tp - ok
22:55:42.0228 5176 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:55:42.0290 5176 RasMan - ok
22:55:42.0306 5176 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:55:42.0368 5176 RasPppoe - ok
22:55:42.0400 5176 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:55:42.0446 5176 RasSstp - ok
22:55:42.0493 5176 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:55:42.0556 5176 rdbss - ok
22:55:42.0571 5176 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:55:42.0602 5176 rdpbus - ok
22:55:42.0618 5176 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:55:42.0665 5176 RDPCDD - ok
22:55:42.0680 5176 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:55:42.0727 5176 RDPENCDD - ok
22:55:42.0743 5176 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:55:42.0790 5176 RDPREFMP - ok
22:55:42.0899 5176 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:55:42.0914 5176 RDPWD - ok
22:55:43.0008 5176 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:55:43.0024 5176 rdyboost - ok
22:55:43.0070 5176 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:55:43.0117 5176 RemoteAccess - ok
22:55:43.0195 5176 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:55:43.0242 5176 RemoteRegistry - ok
22:55:43.0258 5176 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:55:43.0304 5176 RpcEptMapper - ok
22:55:43.0336 5176 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:55:43.0367 5176 RpcLocator - ok
22:55:43.0445 5176 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:55:43.0492 5176 RpcSs - ok
22:55:43.0523 5176 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:55:43.0570 5176 rspndr - ok
22:55:43.0585 5176 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:55:43.0601 5176 SamSs - ok
22:55:43.0648 5176 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:55:43.0663 5176 sbp2port - ok
22:55:43.0741 5176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:55:43.0788 5176 SCardSvr - ok
22:55:43.0804 5176 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:55:43.0850 5176 scfilter - ok
22:55:43.0975 5176 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:55:44.0038 5176 Schedule - ok
22:55:44.0084 5176 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:55:44.0131 5176 SCPolicySvc - ok
22:55:44.0209 5176 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:55:44.0225 5176 SDRSVC - ok
22:55:44.0287 5176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:55:44.0334 5176 secdrv - ok
22:55:44.0350 5176 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:55:44.0396 5176 seclogon - ok
22:55:44.0428 5176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:55:44.0474 5176 SENS - ok
22:55:44.0506 5176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:55:44.0521 5176 SensrSvc - ok
22:55:44.0568 5176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:55:44.0599 5176 Serenum - ok
22:55:44.0646 5176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:55:44.0662 5176 Serial - ok
22:55:44.0693 5176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:55:44.0708 5176 sermouse - ok
22:55:44.0802 5176 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:55:44.0849 5176 SessionEnv - ok
22:55:44.0896 5176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:55:44.0911 5176 sffdisk - ok
22:55:44.0989 5176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:55:45.0005 5176 sffp_mmc - ok
22:55:45.0052 5176 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:55:45.0067 5176 sffp_sd - ok
22:55:45.0130 5176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:55:45.0145 5176 sfloppy - ok
22:55:45.0239 5176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:55:45.0301 5176 SharedAccess - ok
22:55:45.0379 5176 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:55:45.0410 5176 ShellHWDetection - ok
22:55:45.0442 5176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:55:45.0473 5176 SiSRaid2 - ok
22:55:45.0504 5176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:55:45.0535 5176 SiSRaid4 - ok
22:55:45.0551 5176 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:55:45.0613 5176 Smb - ok
22:55:45.0691 5176 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:55:45.0722 5176 SNMPTRAP - ok
22:55:45.0785 5176 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:55:45.0816 5176 spldr - ok
22:55:45.0988 5176 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:55:46.0034 5176 Spooler - ok
22:55:46.0237 5176 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:55:46.0346 5176 sppsvc - ok
22:55:46.0393 5176 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:55:46.0440 5176 sppuinotify - ok
22:55:46.0658 5176 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
22:55:46.0690 5176 SRTSP - ok
22:55:46.0721 5176 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
22:55:46.0752 5176 SRTSPX - ok
22:55:46.0799 5176 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:55:46.0830 5176 srv - ok
22:55:46.0955 5176 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:55:46.0986 5176 srv2 - ok
22:55:47.0158 5176 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:55:47.0173 5176 srvnet - ok
22:55:47.0220 5176 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:55:47.0282 5176 SSDPSRV - ok
22:55:47.0314 5176 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:55:47.0360 5176 SstpSvc - ok
22:55:47.0407 5176 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:55:47.0423 5176 stexstor - ok
22:55:47.0470 5176 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:55:47.0501 5176 StillCam - ok
22:55:47.0657 5176 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:55:47.0688 5176 stisvc - ok
22:55:47.0719 5176 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:55:47.0750 5176 swenum - ok
22:55:47.0938 5176 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:55:48.0000 5176 swprv - ok
22:55:48.0109 5176 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
22:55:48.0140 5176 SymDS - ok
22:55:48.0203 5176 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
22:55:48.0218 5176 SymEFA - ok
22:55:48.0250 5176 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:55:48.0265 5176 SymEvent - ok
22:55:48.0312 5176 [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
22:55:48.0328 5176 SymIM - ok
22:55:48.0359 5176 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
22:55:48.0390 5176 SymIRON - ok
22:55:48.0452 5176 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
22:55:48.0468 5176 SYMTDIv - ok
22:55:48.0515 5176 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:55:48.0577 5176 SysMain - ok
22:55:48.0624 5176 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:55:48.0655 5176 TabletInputService - ok
22:55:48.0686 5176 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:55:48.0749 5176 TapiSrv - ok
22:55:48.0796 5176 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:55:48.0842 5176 TBS - ok
22:55:49.0201 5176 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:55:49.0248 5176 Tcpip - ok
22:55:49.0732 5176 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:55:49.0794 5176 TCPIP6 - ok
22:55:49.0856 5176 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:55:49.0903 5176 tcpipreg - ok
22:55:49.0919 5176 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:55:49.0950 5176 TDPIPE - ok
22:55:49.0997 5176 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:55:50.0028 5176 TDTCP - ok
22:55:50.0044 5176 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:55:50.0106 5176 tdx - ok
22:55:50.0184 5176 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:55:50.0200 5176 TermDD - ok
22:55:50.0324 5176 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:55:50.0371 5176 TermService - ok
22:55:50.0418 5176 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:55:50.0449 5176 Themes - ok
22:55:50.0480 5176 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:55:50.0543 5176 THREADORDER - ok
22:55:50.0558 5176 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:55:50.0605 5176 TrkWks - ok
22:55:50.0730 5176 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:55:50.0746 5176 TrustedInstaller - ok
22:55:50.0808 5176 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:55:50.0855 5176 tssecsrv - ok
22:55:50.0886 5176 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:55:50.0933 5176 tunnel - ok
22:55:50.0964 5176 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:55:50.0980 5176 uagp35 - ok
22:55:51.0073 5176 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
22:55:51.0089 5176 UBHelper - ok
22:55:51.0182 5176 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:55:51.0245 5176 udfs - ok
22:55:51.0323 5176 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:55:51.0354 5176 UI0Detect - ok
22:55:51.0401 5176 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:55:51.0416 5176 uliagpkx - ok
22:55:51.0463 5176 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:55:51.0494 5176 umbus - ok
22:55:51.0541 5176 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:55:51.0572 5176 UmPass - ok
22:55:52.0056 5176 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:55:52.0134 5176 UNS - ok
22:55:52.0477 5176 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
22:55:52.0540 5176 Updater Service - ok
22:55:52.0742 5176 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:55:52.0789 5176 upnphost - ok
22:55:52.0867 5176 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:55:52.0883 5176 usbccgp - ok
22:55:52.0945 5176 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:55:52.0976 5176 usbcir - ok
22:55:53.0039 5176 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:55:53.0054 5176 usbehci - ok
22:55:53.0148 5176 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:55:53.0164 5176 usbhub - ok
22:55:53.0195 5176 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:55:53.0226 5176 usbohci - ok
22:55:53.0304 5176 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:55:53.0320 5176 usbprint - ok
22:55:53.0398 5176 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:55:53.0413 5176 USBSTOR - ok
22:55:53.0491 5176 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:55:53.0507 5176 usbuhci - ok
22:55:53.0616 5176 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:55:53.0647 5176 usbvideo - ok
22:55:53.0725 5176 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:55:53.0772 5176 UxSms - ok
22:55:53.0819 5176 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:55:53.0834 5176 VaultSvc - ok
22:55:53.0897 5176 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:55:53.0912 5176 vdrvroot - ok
22:55:54.0037 5176 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:55:54.0068 5176 vds - ok
22:55:54.0100 5176 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:55:54.0131 5176 vga - ok
22:55:54.0162 5176 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:55:54.0224 5176 VgaSave - ok
22:55:54.0302 5176 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:55:54.0318 5176 vhdmp - ok
22:55:54.0349 5176 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:55:54.0365 5176 viaide - ok
22:55:54.0380 5176 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:55:54.0396 5176 volmgr - ok
22:55:54.0412 5176 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:55:54.0443 5176 volmgrx - ok
22:55:54.0568 5176 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:55:54.0599 5176 volsnap - ok
22:55:54.0661 5176 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:55:54.0677 5176 vsmraid - ok
22:55:55.0270 5176 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:55:55.0316 5176 VSS - ok
22:55:55.0394 5176 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:55:55.0410 5176 vwifibus - ok
22:55:55.0441 5176 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:55:55.0472 5176 vwififlt - ok
22:55:55.0488 5176 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:55:55.0519 5176 vwifimp - ok
22:55:55.0628 5176 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:55:55.0706 5176 W32Time - ok
22:55:55.0894 5176 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:55:55.0909 5176 WacomPen - ok
22:55:55.0925 5176 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:55:55.0972 5176 WANARP - ok
22:55:55.0987 5176 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:55:56.0034 5176 Wanarpv6 - ok
22:55:56.0471 5176 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:55:56.0502 5176 wbengine - ok
22:55:56.0580 5176 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:55:56.0611 5176 WbioSrvc - ok
22:55:56.0752 5176 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:55:56.0767 5176 wcncsvc - ok
22:55:56.0814 5176 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:55:56.0830 5176 WcsPlugInService - ok
22:55:56.0908 5176 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:55:56.0923 5176 Wd - ok
22:55:57.0095 5176 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:55:57.0142 5176 Wdf01000 - ok
22:55:57.0204 5176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:55:57.0235 5176 WdiServiceHost - ok
22:55:57.0235 5176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:55:57.0266 5176 WdiSystemHost - ok
22:55:57.0376 5176 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:55:57.0407 5176 WebClient - ok
22:55:57.0500 5176 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:55:57.0547 5176 Wecsvc - ok
22:55:57.0594 5176 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:55:57.0641 5176 wercplsupport - ok
22:55:57.0750 5176 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:55:57.0812 5176 WerSvc - ok
22:55:57.0890 5176 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:55:57.0937 5176 WfpLwf - ok
22:55:57.0984 5176 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:55:58.0000 5176 WIMMount - ok
22:55:58.0093 5176 WinDefend - ok
22:55:58.0093 5176 WinHttpAutoProxySvc - ok
22:55:58.0421 5176 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:55:58.0468 5176 Winmgmt - ok
22:55:58.0951 5176 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:55:59.0014 5176 WinRM - ok
22:55:59.0154 5176 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:55:59.0185 5176 Wlansvc - ok
22:55:59.0248 5176 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:55:59.0279 5176 WmiAcpi - ok
22:55:59.0341 5176 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:55:59.0357 5176 wmiApSrv - ok
22:55:59.0435 5176 WMPNetworkSvc - ok
22:55:59.0482 5176 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:55:59.0497 5176 WPCSvc - ok
22:55:59.0560 5176 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:55:59.0591 5176 WPDBusEnum - ok
22:55:59.0669 5176 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:55:59.0716 5176 ws2ifsl - ok
22:55:59.0794 5176 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
22:55:59.0825 5176 wscsvc - ok
22:55:59.0825 5176 WSearch - ok
22:56:00.0059 5176 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:56:00.0121 5176 wuauserv - ok
22:56:00.0402 5176 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:56:00.0418 5176 WudfPf - ok
22:56:00.0511 5176 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:56:00.0527 5176 WUDFRd - ok
22:56:00.0652 5176 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:56:00.0667 5176 wudfsvc - ok
22:56:00.0839 5176 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:56:00.0870 5176 WwanSvc - ok
22:56:00.0886 5176 ================ Scan global ===============================
22:56:00.0932 5176 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:56:01.0088 5176 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:56:01.0104 5176 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:56:01.0166 5176 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:56:01.0463 5176 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:56:01.0463 5176 [Global] - ok
22:56:01.0478 5176 ================ Scan MBR ==================================
22:56:01.0494 5176 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:56:03.0350 5176 \Device\Harddisk0\DR0 - ok
22:56:03.0350 5176 ================ Scan VBR ==================================
22:56:03.0397 5176 [ 57F5A1A999CD0DE83BD23E429B6980D0 ] \Device\Harddisk0\DR0\Partition1
22:56:03.0413 5176 \Device\Harddisk0\DR0\Partition1 - ok
22:56:03.0413 5176 [ CDBDF3D60BC3BBD793440B5B8B961A7C ] \Device\Harddisk0\DR0\Partition2
22:56:03.0413 5176 \Device\Harddisk0\DR0\Partition2 - ok
22:56:03.0428 5176 ============================================================
22:56:03.0428 5176 Scan finished
22:56:03.0428 5176 ============================================================
22:56:03.0428 5168 Detected object count: 6
22:56:03.0428 5168 Actual detected object count: 6
22:56:21.0056 5168 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:21.0056 5168 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:21.0056 5168 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:21.0056 5168 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:21.0056 5168 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:21.0056 5168 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.03.2013, 18:31
| #12 |
| /// Malware-holic | Snap.do und SpyHunter entfernen Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 18:32
| #13 |
| | Snap.do und SpyHunter entfernen HI Ich habe die Logfile jetzt in zwei Teile geteilt, anders habe ich es nicht hinbekommen. |
|
06.03.2013, 18:33
| #14 |
| /// Malware-holic | Snap.do und SpyHunter entfernen und ich hab schon ne neue Anweisung gepostet :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 19:43
| #15 |
| | Snap.do und SpyHunter entfernen Ich habs bemerkt  Code:
ATTFilter ComboFix 13-03-05.01 - Sarah 06.03.2013 19:28:42.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3765.2482 [GMT 1:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-06 bis 2013-03-06 ))))))))))))))))))))))))))))))
.
.
2013-03-06 18:34 . 2013-03-06 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 21:46 . 2013-03-05 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-03 22:25 . 2013-03-03 22:25 -------- d-----w- C:\_OTL
2013-03-03 17:19 . 2013-03-03 17:19 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2013-03-03 17:19 . 2013-03-03 17:19 -------- d-----w- c:\programdata\Malwarebytes
2013-03-03 17:19 . 2013-03-03 17:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-03 17:19 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 17:18 . 2013-03-03 17:18 -------- d-----w- c:\users\Sarah\AppData\Local\Programs
2013-03-03 16:46 . 2013-03-03 16:46 -------- d-----w- c:\programdata\Uniblue
2013-03-03 16:16 . 2013-03-03 16:16 110080 ----a-r- c:\users\Sarah\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconF7A21AF7.exe
2013-03-03 16:16 . 2013-03-03 16:16 110080 ----a-r- c:\users\Sarah\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconD7F16134.exe
2013-03-03 16:16 . 2013-03-03 16:16 110080 ----a-r- c:\users\Sarah\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\Icon1226A4C5.exe
2013-03-03 16:16 . 2013-03-03 16:23 -------- d-----w- C:\sh4ldr
2013-03-03 16:16 . 2013-03-03 16:16 -------- d-----w- c:\program files\Enigma Software Group
2013-03-03 16:14 . 2013-03-03 16:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-03 15:02 . 2013-03-03 15:02 -------- d-----w- c:\users\Sarah\AppData\Roaming\FreemakeVideoDownloader
2013-03-03 14:35 . 2013-03-03 14:35 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-03 14:35 . 2013-03-03 14:35 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-03 14:35 . 2013-03-03 14:35 -------- d-----w- c:\windows\system32\Macromed
2013-03-03 14:28 . 2013-03-03 14:28 -------- d-----w- c:\program files\WinPcap
2013-03-03 14:28 . 2013-03-03 14:28 -------- d-----w- c:\users\Sarah\AppData\Roaming\Uniblue
2013-03-03 14:28 . 2013-03-03 14:28 -------- d-----w- c:\program files (x86)\Uniblue
2013-03-03 14:28 . 2013-03-03 18:17 -------- d-----w- c:\programdata\Freemake
2013-03-03 14:27 . 2013-03-03 18:16 -------- d-----w- c:\program files (x86)\Freemake
2013-02-13 15:41 . 2013-01-04 05:37 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-02-13 15:35 . 2012-12-26 05:57 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:35 . 2012-12-26 04:51 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-04 21:31 . 2013-02-04 21:31 -------- d-----w- c:\program files (x86)\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 18:05 . 2010-12-08 17:20 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 15:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 13:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 13:21 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:21 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 14:43 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 14:43 2745856 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 14:43 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 14:43 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 14:43 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 14:43 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 14:43 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 14:43 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 14:43 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 14:43 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 14:43 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 14:43 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 14:43 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 14:43 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 14:43 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 14:43 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 14:43 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 14:43 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 14:43 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 14:43 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 14:43 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 14:43 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 14:43 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 14:43 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 14:43 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 14:43 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 14:43 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 14:43 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 14:43 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 14:43 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 14:43 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 14:43 15360 ----a-w- c:\windows\SysWow64\djctq.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-25 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [2007-02-19 63808]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-06 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-03-03 11:51]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 17:17]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 17:17]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 18:00]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-05 860192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{1C5C1E74-7170-4962-A318-D2234ADA1AD4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{E4B585D3-4E04-40CE-AABB-A13192FAB352}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mqbuilnh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Moorhuhn 2 deinstallieren - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-06 19:36:31
ComboFix-quarantined-files.txt 2013-03-06 18:36
.
Vor Suchlauf: 19 Verzeichnis(se), 225.294.241.792 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 224.921.473.024 Bytes frei
.
- - End Of File - - 797A35D6C72F3A98DC922F1B913AC528
|
|
| Themen zu Snap.do und SpyHunter entfernen |
| angezeigt, deinstalliere, deinstallieren, downloader, durchgeführt, entferne, entfernen, erstell, folge, folgendes, heute, interne, komplett, laptop, loader, logfiles, problem, scan, seite, spyhunter, spyhunter entfernen, startseite, troja, trojaner-board, video, vollständig, überhaupt |
WARNUNG an die MITLESER: 
Linear-Darstellung
